keyhunter/.planning/phases/12-osint_iot_cloud_storage/12-CONTEXT.md

Phase 12: OSINT IoT/Device Search & Cloud Storage - Context

Gathered: 2026-04-06 Status: Ready for planning Mode: Auto-generated

## Phase Boundary Adds ReconSource implementations for internet-facing device search engines (Shodan, Censys, ZoomEye, FOFA, Netlas, BinaryEdge) and public cloud storage bucket scanners (AWS S3, GCS, Azure Blob, DigitalOcean Spaces) to find API keys exposed in device banners, configs, and misconfigured storage buckets. ## Implementation Decisions ### Claude's Discretion All implementation choices are at Claude's discretion. Follow the established Phase 10 pattern: each source implements recon.ReconSource, uses pkg/recon/sources/httpclient.go for HTTP, uses httptest for tests. Each source goes in its own file.

<code_context>

Existing Code Insights

Reusable Assets

• pkg/recon/sources/ — established source implementation pattern from Phase 10
• pkg/recon/sources/httpclient.go — shared retry HTTP client
• pkg/recon/sources/register.go — RegisterAll (extend per phase)
• pkg/recon/source.go — ReconSource interface </code_context>

## Specific Ideas - ShodanSource — search Shodan for exposed API keys in banners/configs - CensysSource — search Censys for exposed services leaking keys - ZoomEyeSource — search ZoomEye for device/service key exposure - FOFASource — search FOFA for exposed endpoints with keys - NetlasSource — search Netlas for internet-wide scan results - BinaryEdgeSource — search BinaryEdge for exposed services - S3Scanner — scan publicly accessible AWS S3 buckets for key files - GCSScanner — scan publicly accessible Google Cloud Storage buckets - AzureBlobScanner — scan publicly accessible Azure Blob containers - DigitalOceanSpaces — scan publicly accessible DO Spaces ## Deferred Ideas None — straightforward source implementations.