Audit Government Site for TLS
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

Gov-TLS-Audit (

Site is available here

Project was created to scan all domains (and sub-domains) to check TLS Implementation, TLS Redirection (from http to https), Certificate Status (Valid, Expired, hostname mismatch..etc), and other general details about the site.

Version 2.0 includes Shodan search results (when available), the HTML title of the site, and the names of any form fields available on the root directory of the hostname. scans hostnames from this repo. Consider making a pull request if you know of a domain that isn't being scanned. Latest version of only works with Python3.6 and above.


The /crawlers folder has a list of miscellaneous scripts that query OSINT databases for hostnames, subdomains, etc.


Daily scans results are available in csv, json, jsonl formats here


API documentation is available here


API is made available via Amazon API Gateway. Script for deploying this is in the lambda/ folder. This includes a serverless.yml file that deploys 'most' of the infra, including DynamoDB, Lambda and API Gateway. It doesn't deploy the Cloud Front domain or request the certificate -- yet!


Contact me at keith [at] keithrozario [dot] com for more info.

Help Needed

If you know of any hostnames I missed, consider making a pull request to this REPO adding the hostname to the hostnames.txt file.