Dutch Government Bug Bounty

Welcome to the repository dedicated to the analysis of the Dutch government’s bug bounty program which includes an extensive list of domains, subdomains, and URLs, along with in-depth daily analysis. This is NOT official bugbounty scope.

View list View on GitHub

Overview

This project aims to provide a detailed overview of the digital landscape covered by the Dutch government’s bug bounty program. By cataloging and analyzing various aspects of the web infrastructure, it’s aim is to contribute to the security and robustness of these digital assets.

What is in scope?

This repository focuses on specific government-related resources. Each resource is selected based on the following criteria:

  1. Meta Information Requirement: The resource must include ‘RIJKSOVERHEID.Organisatie’ in its meta information.
  2. Government Logo: It’s essential that the resource displays the official government logo.
  3. Affiliation Declaration: The page must clearly state its affiliation with the government.

    How It Works

    Process for updating this repository is thorough and regular. Here’s an overview of how it operates:

  4. Daily Review and Addition: New resources are added regularly, either through manual review or automatic processes.
  5. Use of Specialized Tools: shrewdeye.app and its standalone version are used to build pipeline for analysis and discovery.
  6. Workflow Pipeline:
    • Subdomain discovery: - Shrewdeye.App(API), Amass, Subfinder, Assetfinder, and DnsX.
    • DNS Clearout: This step is dedicated to filtering and clarifying DNS data.
    • URL Collection: Httpx is used for further data processing and refinement.
    • SSL Analysis: Lastly, we apply the SSLLabs API to assess SSL configurations and grades.

This structured approach ensures that our repository is always up-to-date and accurately reflects the current digital landscape of the Dutch government.