Use the directions below to get API Keys that you will use for OSINT and Social Engineering.
- This can also be found:
- The OSINTion Wiki: https://wiki.theosintion.com/en/Practical-Social-Engineering
- The OSINTion GitHub: https://github.com/theosintion/API_Keys/blob/main/Keys.md
- Joe’s GitHub: https://github.com/jocephus/Practical-Social-Engineering/edit/master/APIs/API_Keys.md
The HaveIBeenPwned API key is $3.50 per month. With this key, you can use Recon-ng, Datasploit, or Spiderfoot to pull from HIBP. Alternatively, you can write your own tool.
Sign up for a free account (allows 100 queries per month) here.
(Note: you cannot register with a free email account)
To find your key, click on your name/picture in the top right corner and select API. Copy your key.
Navigate to https://www.shodan.io/ and register for an account. Note: If you wait until Black Friday, Shodan typically offers a lifetime membership and API key for $10-50.
Once you have created your Shodan account, select My Account in the top right corner (or navigate to https://account.shodan.io/) then make note of API Key.
Create a free account here. Once you are logged in, you will need to click on your icon in the top right corner (should be your initials), then select My Account then select API. You will need both your API ID and Secret.
Sign up for an API key here.
Once logged in, select Tools then API Access, and make note of Your API Key.
Google requires 2 API keys, the regular API and the Custom Search Engine (CSE). The API requires a Google account and is accessible here. Once you have an API key, navigate to https://cse.google.com/cse/all for a CSE key.
For Twitter, we want to use the search API. Although I have never used it, there may be value in using the Engagement API.
For Bing, sign up here: https://azure.microsoft.com/en-us/services/cognitive-services/bing-web-search-api/