robbi5 / german-gov-domains Goto Github PK

The Bundesministerium des Inneren has an overview page which should be possible to scrape:

https://www.bmi.bund.de/DE/Ministerium/BehoerdenEinrichtungen/behoerdeneinrichtungen_node.html

Hi,
just found some domains which are redirected to a new ssl-secured url.
illingen-saar.de -> illingen.de
perl-mosel.de ->perl.saarland
sanktingbert.de ->st-ingbert.de

elster.de
land.nrw
wirtschaft.nrw / mwike.nrw.de
mhkbd.nrw
mkw.nrw
mbei.nrw
schulministerium.nrw
landtag.nrw
it.nrw
polizei.nrw
verbraucherzentrale.nrw
justiz.nrw
geoportal.nrw
open.nrw
bayern.de
einmalzahlung200.de
bmwk.de
sachsen.de

there's probably a way to scrape these. I currently don't have more time to spend on this :/

Hi, some years ago the OKFN and some of you athors created a nice tool to maintain an curated list of german gov domains that seem to be nicely categorized: https://www.behoerden-online-dienste.de

As the government organisations of a city can be pretty complex, it might be worth to look a bit more into detail. For example there are a lot of third party domains which aren't related to the original city domain, but are operated by the city government (see imprint etc. ).

Hi,

you could easily add the Embassy and Education networks. The ip ranges are public of course.
They are perfectly open as well and should be scanned 24/7. Hopefully all of this increases the understanding and awareness.

Careful with all of that, the Russian Intel guys reading all of this as well. They probably already have a more precise map than we have, but this should be considered.

Also, I got the link by a friend to the blog post with the communal vulnerabilities, I pay my honest respect to you. Tbh: Domain Factory is well-known for having shitty security configurations to speak openly here. Like so many hosters in Germany.

Great that the German Community is awakening. Feel free to join VX. I'm really happy to see all of this. Happy Hacking <3

Regards

You can read the list of domain names where SSL certificates are valid.

Using the openssl CLI:

openssl s_client -showcerts -connect bundestag.de:443 < /dev/null | openssl x509 -text | egrep -io 'DNS:[\*a-z\.\-]+' | cut -d : -f 2

Which prints this list:

adler.bundestag.de
adleradmin.bundestag.de
awstats.bundestag.de
bundestag.de
cms.bundestag.de
cms.dev.bundestag.de
cms.prod.bundestag.de
cms.schulung.bundestag.de
cms.staging.bundestag.de
cmslogin.bundestag.de
das-parlament.de
datenaustausch.bundestag.de
editor.bundestag.de
editor.dev.bundestag.de
editor.prod.bundestag.de
editor.schulung.bundestag.de
editor.staging.bundestag.de
forum.bundestag.de
kontakt.bundestag.de
kontakt.dev.bundestag.de
kontakt.prod.bundestag.de
kontakt.schulung.bundestag.de
kontakt.staging.bundestag.de
newsletteradmin.bundestag.de
newsletteradmin.mitmischen.de
opac.bibliothek.bundestag.de
opac.bundestag.de
sdc.bundestag.de
sdc.mitmischen.de
statistik.bundestag.de
statistik.dev.bundestag.de
statistik.schulung.bundestag.de
statistik.staging.bundestag.de
studio.bundestag.de
studio.dev.bundestag.de
studio.prod.bundestag.de
studio.schulung.bundestag.de
studio.staging.bundestag.de
suche.bundestag.de
suche.dev.bundestag.de
suche.prod.bundestag.de
suche.schulung.bundestag.de
suche.staging.bundestag.de
visite.bundestag.de
werkstatt.bundestag.de
www.bundestag.de
www.das-parlament.de
www.dev.bundestag.de
www.dev.das-parlament.de
www.kuppelkucker.de
www.mitmischen.de
www.parlamentsprofi.de
www.prod.bundestag.de
www.schulung.bundestag.de
www.staging.bundestag.de
www.staging.das-parlament.de

Or append | rev | cut -d . -f 1-2 | rev | sort | uniq to get a unique list of second-level domains:

bundestag.de
das-parlament.de
kuppelkucker.de
mitmischen.de
parlamentsprofi.de