Last active
June 1, 2023 01:57
-
-
Save jgamblin/2928d45730543fc7ef10cf56e5a980b0 to your computer and use it in GitHub Desktop.
Blocks Shodan IPs From Scanning Your Servers.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import os | |
shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38", "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142", "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107", "98.143.148.135"] | |
for ip in shodan: | |
os.system("iptables -A INPUT -s {} -j DROP".format(ip)) |
I'll have to check my research notes if I have them but I had found a SHODAN server in the 66.240.236.0/24 range. It was all cloud hosting so I blocked them all but there is a SHODAN server in there somewhre.
shodoan uses shodan.io
hostnames, you can check by a ptr scan of the subnet and there is one host in it:
66.240.236.119 census6.shodan.io
Just an FYI, the list of Shodan.io servers represented here is incomplete.
Here is the list I had compiled (yes, some are PTR-only records, and that is not listed here) based on this: https://wiki.ipfire.org/configuration/firewall/blockshodan
IP | Domain |
---|---|
188.138.9.50 | atlantic.census.shodan.io |
209.126.110.38 | atlantic.dns.shodan.io |
93.174.95.106 | battery.census.shodan.io |
104.236.198.48 | blog.shodan.io |
198.20.87.98 | border.census.shodan.io |
66.240.219.146 | burger.census.shodan.io |
198.20.69.74 | census1.shodan.io |
198.20.69.98 | census2.shodan.io |
198.20.70.114 | census3.shodan.io |
198.20.99.130 | census4.shodan.io |
93.120.27.62 | census5.shodan.io |
66.240.236.119 | census6.shodan.io |
71.6.135.131 | census7.shodan.io |
66.240.192.138 | census8.shodan.io |
71.6.167.142 | census9.shodan.io |
82.221.105.6 | census10.shodan.io |
82.221.105.7 | census11.shodan.io |
71.6.165.200 | census12.shodan.io |
94.102.49.193 | cloud.census.shodan.io |
80.82.77.139 | dojo.census.shodan.io |
94.102.49.190 | flower.census.shodan.io |
185.163.109.66 | goldfish.census.shodan.io |
104.131.0.69 | hello.data.shodan.io |
89.248.172.16 | house.census.shodan.io |
71.6.146.186 | inspire.census.shodan.io |
89.248.167.131 | mason.census.shodan.io |
71.6.158.166 | ninja.census.shodan.io |
159.203.176.62 | ny.private.shodan.io |
85.25.103.50 | pacific.census.shodan.io |
71.6.146.185 | pirate.census.shodan.io |
85.25.43.94 | rim.census.shodan.io |
98.143.148.107 | scanner01.project25499.com |
155.94.254.133 | scanner02.project25499.com |
155.94.254.143 | scanner03.project25499.com |
155.94.222.12 | scanner04.project25499.com |
98.143.148.135 | scanner05.project25499.com |
208.180.20.97 | shodan.io |
216.117.2.180 | shodan.io |
104.185.10.217 | sky.census.shodan.io |
80.82.77.33 | sky.census.shodan.io |
185.181.102.18 | turtle.census.shodan.io |
162.159.244.38 | www.shodan.io |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cencys are courteous and provide instructions to opt out, with a list of IP's to block.
https://support.censys.io/hc/en-us/articles/360043177092-Opt-Out-of-Scanning