# Ministry of Security **Sector:** Internal Security / Police / Gendarmerie **Date:** 2026-03-03 **Source:** THOT Domain Intel + Manual Recon ## Domains | Domain | Status | |--------|--------| | `securite.gov.bf` | UP | | `www.securite.gov.bf` | UP (canonical) | ## Hosting & Infrastructure - **IP:** Unknown (WhatWeb could not resolve) - **Server:** Apache (version hidden) - **PHP:** 7.3.31 (exposed via X-Powered-By) - **Title:** "Ministère de la Sécurité du Burkina Faso" ## Tech Stack ### CMS / Framework - **TYPO3 CMS** (confirmed via meta generator + "Powered by TYPO3") - PHP 7.3.31 ### Frontend / JavaScript - Bootstrap - HTML5, Open Graph Protocol - Content-Language: `ab` (Abkhaz?! — likely misconfigured, should be `fr`) ### Analytics - **Google Analytics:** UA-144182518-30 - **Google Tag Manager:** same account ### Security Headers (Same as Defense) - **HSTS:** max-age=31536000; includeSubDomains; preload - **X-Frame-Options:** SAMEORIGIN - **X-XSS-Protection:** 1; mode=block - **X-Content-Type-Options:** nosniff - **Content-Security-Policy:** `default-src: 'self'` - **X-UA-Compatible:** IE=edge ## DNS Records (4 found) ## Subdomains (1 found — www only) ## Interesting Findings - **Shares infrastructure with defense.gov.bf** — identical tech stack: - Same TYPO3 CMS - Same PHP 7.3.31 version - Same Apache server - Same security header configuration - Same Google Analytics account series (UA-144182518) - Defense = UA-144182518-**5**, Securite = UA-144182518-**30** - **This confirms a shared government web infrastructure** managed by SIG or ANPTIC - **Content-Language set to "ab" (Abkhaz)** — this is clearly wrong, should be "fr" (French) - Indicates copy-paste configuration error or template misconfiguration - **PHP 7.3.31 EOL** — same concern as defense.gov.bf - **Redirect chain:** securite.gov.bf → https → www → /accueil ## Emails Discovered - `infos@securite.gov.bf` (from web scraping) ## Shared Infrastructure Map | Site | GA Account | CMS | PHP | Server | |------|-----------|-----|-----|--------| | defense.gov.bf | UA-144182518-5 | TYPO3 | 7.3.31 | Apache | | securite.gov.bf | UA-144182518-30 | TYPO3 | 7.3.31 | Apache | | sig.gov.bf | — | TYPO3 | — | — | This shared infrastructure means a vulnerability in one likely affects all. ## TODO - [ ] Map ALL gov.bf sites using UA-144182518 GA account - [ ] TYPO3 version fingerprinting - [ ] Check for TYPO3 admin panel (/typo3/) - [ ] DNS full enumeration - [ ] Shodan/Censys passive lookup