Commits

Tim Tomes committed b6bffe1

updated the documentation to reflect framework changes and added information about api key acquisition.

Comments (0)

Files changed (1)

 * [[#!usage-guide|Usage Guide]]
 ** [[#!getting-started|Getting Started]]
 ** [[#!usage-notes|Usage Notes]]
+** [[#!acquiring-api-keys|Acquiring API Keys]]
 ** [[#!scripting-the-framework|Scripting the Framework]]
 \\\\
 * [[#!development-guide|Development Guide]]
 ** dnspython - http://www.dnspython.org/
 ** httplib2 - http://code.google.com/p/httplib2/
 ** python-oauth2 - https://github.com/synedra/python-oauth2
+** aes.py - https://code.google.com/p/slowaes/source/browse/trunk/python/aes.py
 
 * There is no guarantee that the included 3rd party libraries will work on all systems and architectures. If load errors are encountered, try downloading, compiling, and replacing the library which is raising exceptions.
 
 
 * Developers have the ability to create new tables in the database dynamically as information is harvested from various resources. Make sure you pay attention to local variables and run the "show schema" command often to check for new data being stored in the database. Any new table that is created will automatically be added to the list of "show" commands for quick access to the information.
 
+=== Acquiring API Keys
+
+* Bing API Key (bing_api) - TBD
+
+* BuiltWith API Key (builtwith_api) - TBD
+
+* Facebook API Key (facebook_api) - TBD
+
+* Facebook Secret (facebook_secret) - TBD
+
+* Google API Key (google_api) - Create an API Project [here](https://code.google.com/apis/console/). The API key will be available in the project management console.
+
+* Google Custom Search Engine (CSE) ID (google_cse) - Create a CSE [here](http://www.google.com/cse/all). The CSE ID will be available in the CSE management console. Read [this](http://support.google.com/customsearch/bin/answer.py?hl=en&answer=2631040) for guidance on configuring the CSE to search the entire web. Otherwise, the CSE will be restricted to only searching domains specified within the CSE management console. This will drastically effect the results of any module which leverages the CSE.
+
+* IPInfoDB API Key (ipinfodb_api) - TBD
+
+* Jigsaw API Key (jigsaw_api) - TBD
+
+* LinkedIn API Key (linkedin_api) - TBD
+
+* LinkedIn Secret (linkedin_secret) - TBD
+
+* PwnedList API Key (pwnedlist_api) - TBD
+
+* PwnedList Initialization Vector (pwnedlist_iv) - TBD
+
+* PwnedList Secret (pwnedlist_secret) - TBD
+
+* Shodan API Key (shodan_api) - TBD
+
 === Scripting the Framework
 
 * The entire framework is scriptable through the use of a resource file. A resource file is a plain text file containing a list of commands for the framework. By referencing the resource file when executing Recon-ng, {{{./recon-ng -r resource.file}}}, the framework will read in the list of commands from the file and feed them to the command interpreter, in sequence. The resource file does not have to end by exiting the framework. The framework will automatically detect the end of the resource file and hand stdin back over to the terminal session for user input. The script is complete when the framework prompt looks looks like this: {{{recon-ng > EOF}}}.
 }}}
 
 === API Key Management Methods
-Some Recon-ng modules may require an API key. To prevent users from having to continually input API keys, Recon-ng provides methods which assist in the key management process. When the user runs a module that requires an API key, the module should use the available methods to achieve a logical flow.
+Some Recon-ng modules require the use of an API key, OAuth Token, etc. To prevent users from having to continually input keys and regenerate tokens, Recon-ng provides methods which assist in storing, managing and accessing these items.
 
-* Check the local key storage database for a matching key and return the key.
-** //key_name// is the unique name for the key when stored in the database.
+* Fetch a key from the local key store.
+** //name// is the unique name for the key. A FrameworkException is raised if no such key exists.
 {{{
 #!python
-self.get_key_from_db(key_name)
+self.get_key(name)
 }}}
 
-* Prompt the user for a key and return the key.
-** //key_text// (optional) is text to be used to describe the key when prompting the user.
+* Store a key in the local key store.
+** //name// is the unique name for the key. If not unique, the existing key will be overwritten.
+** //value// is the key string to store.
 {{{
 #!python
-self.get_key_from_user([key_text='API Key'])
+self.add_key(name, value)
 }}}
 
-* Attempt to store a key in the local key storage database and return True if successful or False if unable to store the key.
-** //key_name// is the unique name for the key when stored in the database.
-** //key_value// is the key string to store in the database.
+* Delete a key from the local key store.
+** //name// is the unique name for the key.
 {{{
 #!python
-self.add_key_to_db(key_name, key_value)
+self.delete_key(name)
 }}}
 
-The following method automates the key handling process by combining the above methods into the proper flow.
-* Automate the key handling process and return the key or False if no key was given or available.
-** //key_name// is the unique name for the key when stored in the database.
-** //key_text// is text to be used to describe the key when prompting the user.
-{{{
-#!python
-self.manage_key(key_name, key_text)
-}}}
-
-While these methods assist in the API key management process, it is up to developer to handle what is returned and make a decision on how to proceed.
-
 === Source Option Handling Method
 Most Recon-ng modules will require input of some sort. In most cases, that input will be in the form of data from the database, a file containing a list of items, or a single instance of the expected input (email address, hostname, etc.). Recon-ng provides developers with an easy way to gather the desired input from these three sources.