/DutchGovScope

Dutch Government Bugbounty scope analysis, subdomains and url lists

Primary LanguageSCSS

Dutch Government Bug Bounty Scope Analysis

Welcome to the repository dedicated to the analysis of the Dutch government's bug bounty program which includes an extensive list of domains, subdomains, and URLs, along with in-depth daily analysis. This is NOT official bugbounty scope.

To file a Coordinated Vulnerability Disclosure (CVD) report or to know more, please visit the page https://www.ncsc.nl/contact/kwetsbaarheid-melden.

Overview

This project aims to provide a detailed overview of the digital landscape covered by the Dutch government's bug bounty program. By cataloging and analyzing various aspects of the web infrastructure, it's aim is to contribute to the security and robustness of these digital assets.

What is in scope?

This repository focuses on specific government-related resources. Each resource is selected based on the following criteria:

  1. Meta Information Requirement: The resource must include 'RIJKSOVERHEID.Organisatie' in its meta information.
  2. Government Logo: It's essential that the resource displays the official government logo.
  3. Affiliation Declaration: The page must clearly state its affiliation with the government.

How It Works

Process for updating this repository is thorough and regular. Here's an overview of how it operates:

  1. Daily Review and Addition: New resources are added regularly, either through manual review or automatic processes.
  2. Use of Specialized Tools: shrewdeye.app and its standalone version are used to build pipeline for analysis and discovery.
  3. Workflow Pipeline:
    • Subdomain discovery: - Shrewdeye.App(API), Amass, Subfinder, Assetfinder, and DnsX.
    • DNS Clearout: This step is dedicated to filtering and clarifying DNS data.
    • URL Collection: Httpx is used for further data processing and refinement.
    • SSL Analysis: Lastly, we apply the SSLLabs API to assess SSL configurations and grades.

This structured approach ensures that our repository is always up-to-date and accurately reflects the current digital landscape of the Dutch government. In the /data directory, there's an analysis of security configurations for various resources, including the following information:

  • URL
  • SSL: Grade from https://www.ssllabs.com/ssltest/
  • HTTP Rank: Based on HTTP headers statistics from below
  • Server: Server header from web server. If not set +5 points
  • Cookie: ✅ if HttpOnly (+7), Secure(+7) and Same-Site(+6) flag are set
  • HSTS: ✅ if Strict-Transport-Security header is set(+30)
  • CSP: ✅ if Content-Security-Policy header is set(+10) and unsafe-inline and unsafe-eval not present in configuration (+5)
  • XFO: ✅ if X-Frame-Options header is set (+10)
  • XXP: ✅ if X-Xss-Protection header is set (+10)
  • RP: ✅ if Referrer-Policy header is set (+10)
  • FP: ✅ if Feature-Policy header is set (+10)
  • CORS: ✅ if CORS header is set without issues (+10)

Summary

  • Number of domains: 1404
  • Number of subdomains: 349289
  • Number of urls: 263874
  • Average HTTP Security headers rank: E
  • Average SSL grade: A-
  • Number of security.txt: 39490

Repository Structure

Links and acknowledgements

To file a Coordinated Vulnerability Disclosure (CVD) report or to know more, please visit the page https://www.ncsc.nl/contact/kwetsbaarheid-melden.