Skip to content

API Keys

Jump to bottom Edit New page
lanmaster53 edited this page May 11, 2020 · 12 revisions

Many modules require credentials (API keys, OAuth access tokens, etc.) for accessing third party resources. Below is guidance for acquiring some of the credentials required by one or more modules.

Acquiring Credentials

  • Bing API Key (bing_api) - Sign up for the free 90-day trial subscription to the Bing Search API here. Sign in to Microsoft Cognitive Services and go to the "My Account" tab. Click "Subscribe to new free trials" and get a key for "Bing Search - Free". The API key will be available under the "Bing Search" heading on the "My Account" page.

  • BuiltWith API Key (builtwith_api) - Sign up for a free account here. Sign in to the application. The API key will be available in the upper right hand portion of the screen.

  • Censys API Key (censysio_id) - Sign up for free (rate limited) here and then view API information here.

  • Censys API Secret (censysio_secret) - See Censys API Key (above).

  • Flickr API Key (flickr_api) - Create a Flickr account here. Apply for an API key here and select "APPLY FOR A NON-COMMERCIAL KEY". Enter the name of your application. Enter a description of what you are building. Check the "I acknowledge that Flickr members own all rights to their content, and that it’s my responsibility to make sure that my project does not contravene those rights." disclaimer. Read the Flickr API Terms of Use. Check the "I agree to comply with the Flickr API Terms of Use." box. There will be a 32 character "Key" and a 16 character "Secret". Recon-ng uses the "Key" only.

  • FullContact API Key (fullcontact_api) - Create a FullContact account here

  • Google API Key (google_api) - Create an API Project here. The API key will be available in the Credentials section of the API Manager console. Be sure to enable the relevant APIs.

    • YouTube Data API
    • Custom Search API
    • Maps JavaScript API

  • Google Custom Search Engine (CSE) ID (google_cse) - Create a CSE here. The CSE ID will be available in the CSE management console. Read here for guidance on configuring the CSE to search the entire web. Otherwise, the CSE will be restricted to only searching domains specified within the CSE management console. This will drastically effect the results of any module which leverages the CSE.

  • Github API Key (github_api) - "Go here (login if necessary, then click the link). Click "Generate new token" in the top right corner. You don't need to give the token any permissions (and I recommend that you don't), just click "Generate Token". You will be shown the token" (copied from https://github.com/Raikia/Recon-NG-API-Key-Creation/blob/master/README-v4.8.3.md)

  • Hashes.org API Key (hashes_api) - "Register here. Confirm your account via email link. Login with your new account, then click here. Your API key should be listed." - copied from https://github.com/Raikia/Recon-NG-API-Key-Creation/blob/master/README-v4.8.3.md

  • IPInfoDB API Key (ipinfodb_api) - Create a free account here. Log in to the application here. The API key will be available on the "Account" tab.

  • Jigsaw API Key (jigsaw_api) - Create an account and sign up for the $1,500/year plan here. A corporate email address is preferred. Submit a request for an API token here using the same email address that was used to create the paid account. The Jigsaw API team will look up the account to validate that it is a paid membership and issue an API token. NOTE: This is not a confirmed process, so proceed with care. If nothing else, call Salesforce and ask how to get an API key.

  • PwnedList API Key (pwnedlist_api) - Contact PwnedList directly regarding API access.

  • PwnedList Initialization Vector (pwnedlist_iv) - Contact PwnedList directly regarding API access.

  • PwnedList Secret (pwnedlist_secret) - Contact PwnedList directly regarding API access.

  • Name ch_k ($) - Create and Account and sign in here

  • Shodan API Key (shodan_api) - Create an account or sign in to Shodan using one of the many options available here. The API key will be available on the right side of the screen. An upgraded account is required to access advanced search features.

  • Twitter Consumer Key (twitter_api) - Create an application here. The Consumer key will be available on the application management page.

  • Twitter Consumer Secret (twitter_secret) - The Consumer secret will be available on the application management page for the application created above.

  • virustotal_api (If using a branch with it) - Go here. Active the account via email, then login. Click your username in the top right, then click "My API Key". The API key will be shown. A "public" API will be sufficient. - Based on https://github.com/Raikia/Recon-NG-API-Key-Creation/blob/master/README-v4.8.3.md

Add a custom footer
Add a custom sidebar
Clone this wiki locally