keyhunter/.planning/phases/13-osint_package_registries_container_iac/13-CONTEXT.md

Phase 13: OSINT Package Registries, Containers & IaC - Context

Gathered: 2026-04-06 Status: Ready for planning Mode: Auto-generated

## Phase Boundary Adds ReconSource implementations for package registry searches (npm, PyPI, Crates.io, RubyGems, Maven, NuGet, Go Proxy), container image inspection (Docker Hub, Docker Compose files), and infrastructure-as-code sources (Kubernetes configs, Terraform Registry) to detect API keys embedded in published packages, images, and IaC definitions. ## Implementation Decisions ### Claude's Discretion All implementation choices are at Claude's discretion. Follow the established Phase 10 pattern: each source implements recon.ReconSource, uses pkg/recon/sources/httpclient.go for HTTP, uses httptest for tests. Each source goes in its own file.

<code_context>

Existing Code Insights

Reusable Assets

• pkg/recon/sources/ — established source implementation pattern from Phase 10
• pkg/recon/sources/httpclient.go — shared retry HTTP client
• pkg/recon/sources/register.go — RegisterAll (extend per phase)
• pkg/recon/source.go — ReconSource interface </code_context>

## Specific Ideas - NpmSource — search npm registry for packages leaking API keys - PyPISource — search PyPI for packages with embedded keys - CratesIOSource — search Crates.io for Rust packages with key leaks - RubyGemsSource — search RubyGems for gems with exposed keys - MavenSource — search Maven Central for Java artifacts with keys - NuGetSource — search NuGet for .NET packages with key exposure - GoProxySource — search Go module proxy for modules with keys - ComposeSource — scan Docker Compose files for hardcoded keys - DockerHubSource — inspect public Docker Hub images for embedded keys - KubernetesConfigSource — scan public Kubernetes configs/manifests for secrets - TerraformRegistrySource — search Terraform Registry modules for leaked keys ## Deferred Ideas None — straightforward source implementations.