API Keys and Registration

import { Aside } from ‘@astrojs/starlight/components’;

Minimum to get started

You only need one API key to get started. VirusTotal is the most recommended because it covers IPs, domains and hashes.

# .env — minimal configuration
VIRUSTOTAL_API_KEY=your_key
LLM_PROVIDER=ollama
OLLAMA_MODEL=qwen3:14b

All services

Service	Environment Variable	Free tier	Registration Link
VirusTotal	VIRUSTOTAL_API_KEY	500 req/day	virustotal.com/gui/join-us
AbuseIPDB	ABUSEIPDB_API_KEY	1,000 req/day	abuseipdb.com/register
AlienVault OTX	ALIENVAULT_OTX_API_KEY	Unlimited	otx.alienvault.com/api
Shodan	SHODAN_API_KEY	100 req/month	account.shodan.io/register
IPInfo	IPINFO_TOKEN	50,000 req/month	ipinfo.io/signup
URLScan.io	URLSCAN_API_KEY	5,000 req/day	urlscan.io/user/signup
FRED	FRED_API_KEY	Free	fred.stlouisfed.org
EIA	EIA_API_KEY	Free	eia.gov/opendata
Cloudflare Radar	CLOUDFLARE_API_TOKEN	Free	dash.cloudflare.com
ACLED	ACLED_ACCESS_TOKEN + ACLED_EMAIL	Free (research)	acleddata.com/register
AISStream	AISSTREAM_API_KEY	Free	aisstream.io

Tools without API key

These work without any key:

Tool	What it does
WHOIS / RDAP	Domain registration information
DNS lookup	DNS records (A, AAAA, MX, NS, TXT, CNAME)
crt.sh	Subdomains via Certificate Transparency
Feodo Tracker	Feed of botnet C2 IPs
URLhaus	Feed of URLs distributing malware
IPsum	List of malicious IPs
GDELT	Global news and event analysis
RSS Monitoring	Security, finance, general news
Country Risk	Country instability index
Anomaly Detection	Local anomaly detection
Threat Classifier	Local classification by keywords

You can start with just the free tools to familiarize yourself with the platform before registering with external services.

Configuration in .env

# Copy the template
cp .env.example .env

# Edit with your editor
nano .env  # or vim, code, etc.

The .env file is in .gitignore — it is never uploaded to the repository.

Recommended priority for keys

If you want maximum coverage with minimal registration:

1. VirusTotal — covers IPs, domains and hashes with a single key
2. AbuseIPDB — complements VirusTotal for IPs with abuse report data
3. AlienVault OTX — unlimited, very useful for threat context
4. IPInfo — accurate geolocation, 50K req/month free
5. Shodan — to see exposed services (100 req/month in free tier)
6. URLScan — necessary if you actively investigate phishing/malware URLs

API keys are stored in `.env` locally. Never share them or commit them to the repository. The system never sends them anywhere except to the corresponding OSINT services.

Rate limits and cache

The system respects the rate limits of each service:

BATCH_DELAY_SECONDS=2    # Pause between IOCs in batch mode (default: 2s)
CACHE_TTL_SECONDS=86400  # 24h cache to avoid redundant calls

With caching active, investigating the same IOC twice in 24 hours only consumes one real API call.