Skip to content

Instantly share code, notes, and snippets.

@jgamblin

jgamblin/antiautosploit.py

Last active November 24, 2025 14:43
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jgamblin/2928d45730543fc7ef10cf56e5a980b0 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jgamblin/2928d45730543fc7ef10cf56e5a980b0 to your computer and use it in GitHub Desktop.
Download ZIP
Blocks Shodan IPs From Scanning Your Servers.
Raw
antiautosploit.py
#!/usr/bin/python3
import os
shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38", "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142", "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107", "98.143.148.135"]
for ip in shodan:
os.system("iptables -A INPUT -s {} -j DROP".format(ip))
@63kk0
Copy link

63kk0 commented Jul 22, 2022

Just an FYI, the list of Shodan.io servers represented here is incomplete.

Here is the list I had compiled (yes, some are PTR-only records, and that is not listed here) based on this: https://wiki.ipfire.org/configuration/firewall/blockshodan

IP Domain
188.138.9.50 atlantic.census.shodan.io
209.126.110.38 atlantic.dns.shodan.io
93.174.95.106 battery.census.shodan.io
104.236.198.48 blog.shodan.io
198.20.87.98 border.census.shodan.io
66.240.219.146 burger.census.shodan.io
198.20.69.74 census1.shodan.io
198.20.69.98 census2.shodan.io
198.20.70.114 census3.shodan.io
198.20.99.130 census4.shodan.io
93.120.27.62 census5.shodan.io
66.240.236.119 census6.shodan.io
71.6.135.131 census7.shodan.io
66.240.192.138 census8.shodan.io
71.6.167.142 census9.shodan.io
82.221.105.6 census10.shodan.io
82.221.105.7 census11.shodan.io
71.6.165.200 census12.shodan.io
94.102.49.193 cloud.census.shodan.io
80.82.77.139 dojo.census.shodan.io
94.102.49.190 flower.census.shodan.io
185.163.109.66 goldfish.census.shodan.io
104.131.0.69 hello.data.shodan.io
89.248.172.16 house.census.shodan.io
71.6.146.186 inspire.census.shodan.io
89.248.167.131 mason.census.shodan.io
71.6.158.166 ninja.census.shodan.io
159.203.176.62 ny.private.shodan.io
85.25.103.50 pacific.census.shodan.io
71.6.146.185 pirate.census.shodan.io
85.25.43.94 rim.census.shodan.io
98.143.148.107 scanner01.project25499.com
155.94.254.133 scanner02.project25499.com
155.94.254.143 scanner03.project25499.com
155.94.222.12 scanner04.project25499.com
98.143.148.135 scanner05.project25499.com
208.180.20.97 shodan.io
216.117.2.180 shodan.io
104.185.10.217 sky.census.shodan.io
80.82.77.33 sky.census.shodan.io
185.181.102.18 turtle.census.shodan.io
162.159.244.38 www.shodan.io

@thealexparadox
Copy link

thealexparadox commented Jan 1, 2025

185.165.191.27 appears to be another one.

Proof attached.

image

@ArthurLee9
Copy link

ArthurLee9 commented Oct 6, 2025

Thanks for maintaining this!

They should have an OPT OUT on their Shodan.io website.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment