To use the Bing Azure Marketplace API from the command line in Ubuntu I used Python and the following method. No doubt there are many more ways to skin this cat but this got it working for me. With that I was able to integrate the results into my scans on HackerTarget.com.
Background on the Bing Azure API
A couple of months ago Microsoft released an update to the API they use for developer access to Bing Search. To summarise, anyone with a Microsoft account (live, outlook.com etc), can access the Bing search engine via an API. The only restriction for Free users is that it is limited to 5000 queries per month. If you want more than that you have to pay, wait a month or find another method…
Getting Started in Ubuntu
I attempted to find the most simple way to perform this task, the difference with the old API is that previously you put the KEY in the URL as a parameter and you could use whatever client you wanted to such as wget, curl or Firefox. Now you need to perform authentication with your KEY in a different manner.
First step is to get yourself a valid Key. Head to the Microsoft Azure Marketplace Website and get one now.
As I mentioned I used Python and the Requests HTTP library.
Under Ubuntu you will need to install the Requests library, to do that I did:
apt-get install pipi pip install requests
Ok, now for the Python Code, this mini script takes an IP address at the command line and does a Bing IP Address search on it (ip:220.127.116.11). Change the search parameters to whatever you like. Take note that it must be HTML encoded for the API to parse it correctly (ie %27 = ‘):
#!/usr/bin/python import requests import json from sys import argv ip = argv r = requests.get('https://api.datamarket.azure.com/Data.ashx/Bing/Search/v1/Web?Query=%27ip%3A' + ip + '%27&$format=json', auth=("LhzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzoA=", "LhzzzzzzzzzzzzzzzzzzzzzzzzzzXC/HBoA=")).json for i in r['d']['results']: print str(i['DisplayUrl'].encode('ascii', 'ignore')) + '\\' + str(i['Title'].encode('ascii', 'ignore'))
This prints the Displayed URL’s and the Title of each page found, we have then put this in our Server Info information gathering tools.
In case you missed it the keys go in the auth parameter on the requests.get line above.