Yesterday, I collected over 1,200 .GOV TLD domains and ran checks against them. Of that, 58 were affected by the OpenSSL bug, aka, Heartbleed. This morning, upon checking again, only 39 remain unpatched of that initial 58 affected.
During my testing I was able to inadvertently obtain login credentials for a particular .GOV website illustrated in the screenshot below.
I collected the .GOV domains from http://www.data.gov/. I cooked a simple bash script loop against this list and passed it to a Proof of Concept “check” tool to determine if the site was unpatched. The tool I used is https://gist.github.com/takeshixx/10107280 (python).
Here is my loop script.
#!/bin/bash echo "Start" while read s; do echo -n $s,`python poc.py $s -p 443 2>/dev/null | grep VULN` echo "" done < dotgov.csv
.gov website list: csv
Affected as of April 8, 2014 6PM EST
www.AMTRAKOIG.GOV www.NATIONALSERVICERESOURCES.GOV www.VISTACAMPUS.GOV www.SYMBOLS.GOV www.BLDRDOC.GOV www.CIVILRIGHTSUSA.GOV www.DNSOPS.GOV www.GLOBALCHANGE.GOV www.NIST.GOV www.OEA.GOV www.BFELOB.GOV www.ARM.GOV www.ENERGYCODES.GOV www.NREL.GOV www.SMARTGRID.GOV www.CHILDCARE.GOV www.CLINICALTRIAL.GOV www.CLINICALTRIALS.GOV www.CLUBDRUGS.GOV www.DRUGABUSE.GOV www.FATHERHOOD.GOV www.NNLM.GOV www.PAPERWORKREDUCTION.GOV www.SMOKEFREE.GOV www.STEROIDABUSE.GOV www.NMSC.GOV www.ANSTASKFORCE.GOV www.BIOECO.GOV www.C3.GOV www.FGDC.GOV www.FRCC.GOV www.FWS.GOV www.GEOMAC.GOV www.JEM.GOV www.KLAMATHRESTORATION.GOV www.LACOAST.GOV www.LCA.GOV www.MRGO.GOV www.NEMI.GOV www.NIFTT.GOV www.NOLAENVIRONMENTAL.GOV www.SCIENCEBASE.GOV www.MDA.GOV www.NTDPROGRAM.GOV www.UNITEDWERIDE.GOV www.SAVE.GOV www.SAVEAWARD.GOV www.HSR.GOV www.ARCTICGAS.GOV www.CONSUMERACTION.GOV www.FEDRAMP.GOV www.FEDROOMS.GOV www.INFO.GOV www.KIDS.GOV www.USGEO.GOV www.NCPC.GOV www.NGA.GOV www.TISSUEENGINEERING.GOV
Affected as of April 9, 2014 10AM EST
www.AMTRAKOIG.GOV www.SYMBOLS.GOV www.BLDRDOC.GOV www.CIVILRIGHTSUSA.GOV www.DNSOPS.GOV www.NIST.GOV www.BFELOB.GOV www.ARM.GOV www.ENERGYCODES.GOV www.NREL.GOV www.CLINICALTRIAL.GOV www.CLINICALTRIALS.GOV www.NNLM.GOV www.PAPERWORKREDUCTION.GOV www.SMOKEFREE.GOV www.NMSC.GOV www.ANSTASKFORCE.GOV www.BIOECO.GOV www.C3.GOV www.FGDC.GOV www.FRCC.GOV www.FWS.GOV www.JEM.GOV www.KLAMATHRESTORATION.GOV www.LACOAST.GOV www.LCA.GOV www.MRGO.GOV www.NEMI.GOV www.NIFTT.GOV www.NOLAENVIRONMENTAL.GOV www.SCIENCEBASE.GOV www.MDA.GOV www.SAVE.GOV www.SAVEAWARD.GOV www.HSR.GOV www.USGEO.GOV www.NCPC.GOV www.NGA.GOV www.TISSUEENGINEERING.GOV
Affected as of April 10, 2014 10:24EST
www.PAPERWORKREDUCTION.GOV www.SMOKEFREE.GOV www.ANSTASKFORCE.GOV www.BIOECO.GOV www.FGDC.GOV www.FRCC.GOV www.GEOMAC.GOV www.JEM.GOV www.LACOAST.GOV www.LCA.GOV www.MRGO.GOV www.NEMI.GOV www.NIFTT.GOV www.NOLAENVIRONMENTAL.GOV www.SCIENCEBASE.GOV www.MDA.GOV www.HSR.GOV www.NCPC.GOV www.NGA.GOV