Sanket security register · baseline 2026-04-27 · daily passive check 2026-06-13
19 MoPNG entities · Phase 2 active on 19
7 of 19 entities flagged HIGH.
Sanket is a public passive-reconnaissance register on the Indian Ministry of Petroleum and Natural Gas digital estate. Civic-tech transparency, refreshed daily. Click any tile below for the full per-entity assessment.
Today's spear
Rotate TLS certificate before May 5 to avoid outage
MRPL · mrpl.co.in
Security distribution
- HIGH7
- MEDIUM10
- LOW1
- PROVISIONAL1
Daily check
15/19 responded. 5 TLS watches, 18 header gaps, 7 email-auth risks.
Re-scan cadence · daily at 09:00 IST
Directory
19 entities · sorted worst-first
click any tile for full assessment
OISD
oisd.gov.inCert CN mismatch (CN=www, apex unmatched); cert expires 2026-05-17; 0/6 hardening headers
EIL
engineersindia.comIndexed directory listing exposes CPP-Angul-Smelter project files; Apache 2.4.29 EOL; no SPF/DMARC
MRPL
mrpl.co.inCert expires 2026-05-05 (8 days from scan); missing CSP and Referrer-Policy
PPAC
ppac.gov.inDMARC absent + 6/6 hardening headers missing + permissive CSP
RGIPT
rgipt.ac.inWildcard cert expires 2026-05-09 (12 days); DMARC absent
BPCL
bharatpetroleum.inTest/QA environments named in CT (adfstest, qa.convenience, qa.speed)
HPCL
hindustanpetroleum.comAll 6 hardening headers missing; SPF ~all +a +mx (broad spoofing surface)
ONGC
ongcindia.comSPF entirely missing; DMARC absent; weak CSP
Petronet LNG
petronetlng.com0/6 hardening headers despite strong email auth; ADFS exposed in CT
PCRA
pcra.orgMissing SPF and DMARC; Cloudflare-fronted
DGH
dghindia.gov.inCSP permits unsafe-inline + unsafe-eval; missing Referrer-Policy
CPCL
cpcl.co.inWordPress fingerprint exposed via /wp-json/; missing CSP
NRL
nrl.co.in45+ subdomains visible in CT including VPN, AD, document mgmt; no breach detected
PNGRB
pngrb.gov.inedev.* dev environment exposed in CT; IIS ETag fingerprint leak
IOC
iocl.comadmin.iocl.com exposed in CT; Sucuri WAF in front
MoPNG
mopng.gov.inSPF broken (rejects all senders despite live MX); otherwise hardened
GAIL
gailonline.comCSP unsafe-inline + unsafe-eval (XSS surface); otherwise strong
Oil India
oil-india.comCleanest in portfolio: strict SPF -all, p=reject DMARC, strong CSP
BPRL
bharatpetroresources.comCanonical pending verification with BPCL parent; assumed canonical bprlindia.com had no DNS
Portfolio-urgent
All time-bound items, soonest first
- -39dMRPLRotate TLS certificate before May 5 to avoid outage
- -35dRGIPTRotate wildcard *.rgipt.ac.in cert before May 9
- -29dOISDFix SPF: include actual mail infrastructure or set neutral if no mail sent from domain
- -27dOISDRotate TLS certificate before May 17 + correct CN/SAN to cover apex
- -13dMRPLAdd CSP and Referrer-Policy headers
- -13dOISDAdd HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy headers
- -13dRGIPTAdd DMARC record (start with p=none for reporting, then tighten)
- 3dEILDisable directory indexing on /wp-content/uploads/
- 7dEILSubmit Google de-index request for the exposed CPP-Angul-Smelter folder
- 30dBPRLConfirm canonical domain via BPCL parent or MoPNG annual report reference