Last active
November 21, 2025 19:19
-
-
Save s0ld13rr/5f43bb609d29aa24a3063d2cb3d6b557 to your computer and use it in GitHub Desktop.
Script for Blocking Censys & Shodan IPs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "[+] Installing scanners block rules with logging..." | |
| LOGTAG="SCANNERS_BLOCK" | |
| ######################################## | |
| # Censys IPv4 ranges | |
| ######################################## | |
| CENSYS_V4=( | |
| "66.132.159.0/24" | |
| "162.142.125.0/24" | |
| "167.94.138.0/24" | |
| "167.94.145.0/24" | |
| "167.94.146.0/24" | |
| "167.248.133.0/24" | |
| "199.45.154.0/24" | |
| "199.45.155.0/24" | |
| "206.168.34.0/24" | |
| "206.168.35.0/24" | |
| "66.132.148.0/24" | |
| "66.132.153.0/24" | |
| "206.168.32.0/24" | |
| "206.168.33.0/24" | |
| ) | |
| ######################################## | |
| # ZoomEye IPv4 ranges | |
| ######################################## | |
| ZOOMEYE_V4=( | |
| "103.224.80.0/20" | |
| ) | |
| ######################################## | |
| # FOFA IPv4 ranges | |
| ######################################## | |
| FOFA_V4=( | |
| "103.224.212.0/22" | |
| ) | |
| ######################################## | |
| # BinaryEdge IPv4 ranges | |
| ######################################## | |
| BINARYEDGE_V4=( | |
| "185.162.235.0/24" | |
| "185.162.236.0/24" | |
| "185.162.237.0/24" | |
| ) | |
| ######################################## | |
| # ShadowServer IPv4 ranges | |
| ######################################## | |
| SHADOWSERVER_V4=( | |
| "64.62.197.254" | |
| "149.20.4.0/24" | |
| "149.20.5.0/24" | |
| "149.20.6.0/24" | |
| ) | |
| ######################################## | |
| # Rapid7 IPv4 ranges | |
| ######################################## | |
| RAPID7_V4=( | |
| "71.6.233.0/24" | |
| "5.63.151.96/27" | |
| "88.202.190.128/27" | |
| "109.123.117.228" | |
| "109.123.117.230" | |
| "109.123.117.232" | |
| ) | |
| ######################################## | |
| # Baidu IPv4 ranges | |
| ######################################## | |
| BAIDU_V4=( | |
| "119.63.192.0/21" | |
| "119.63.192.0/24" | |
| "119.63.193.0/24" | |
| "119.63.194.0/24" | |
| "119.63.195.0/24" | |
| "119.63.196.0/24" | |
| "119.63.197.0/24" | |
| "119.63.198.0/24" | |
| "119.63.199.0/24" | |
| ) | |
| ######################################## | |
| # Tencent Cloud IPv4 ranges | |
| ######################################## | |
| TENCENT_V4=( | |
| "43.159.95.15" | |
| "156.240.62.0/24" | |
| "45.197.79.0/24" | |
| "119.28.0.0/16" | |
| ) | |
| ######################################## | |
| # Alibaba Cloud IPv4 ranges | |
| ######################################## | |
| ALIBABA_V4=( | |
| "47.74.0.0/15" | |
| "47.235.0.0/15" | |
| "47.238.0.0/15" | |
| "47.242.0.0/16" | |
| "47.243.0.0/16" | |
| "47.88.0.0/14" | |
| "47.56.0.0/15" | |
| "139.95.0.0/16" | |
| "147.139.0.0/16" | |
| "155.102.0.0/16" | |
| "163.181.0.0/16" | |
| ) | |
| ######################################## | |
| # Censys IPv6 ranges | |
| ######################################## | |
| CENSYS_V6=( | |
| "2602:80d:1000:b0cc:e::/80" | |
| "2620:96:e000:b0cc:e::/80" | |
| "2602:80d:1003::/112" | |
| "2602:80d:1004::/112" | |
| ) | |
| ######################################## | |
| # Shodan IPv4 | |
| ######################################## | |
| SHODAN_V4=( | |
| "198.20.69.74" | |
| "198.20.69.98" | |
| "198.20.70.114" | |
| "198.20.99.130" | |
| "93.120.27.62" | |
| "66.240.236.119" | |
| "71.6.135.131" | |
| "66.240.192.138" | |
| "71.6.167.142" | |
| "82.221.105.6" | |
| "82.221.105.7" | |
| "71.6.165.200" | |
| "188.138.9.50" | |
| "85.25.103.50" | |
| "85.25.43.94" | |
| "71.6.146.185" | |
| "71.6.158.166" | |
| "198.20.87.98" | |
| "66.240.219.146" | |
| "209.126.110.38" | |
| "104.131.0.69" | |
| "66.240.219.133" | |
| "143.198.225.197" | |
| "137.184.95.216" | |
| "64.227.90.185" | |
| "143.198.238.87" | |
| "137.184.190.205" | |
| "137.184.112.192" | |
| "137.184.190.188" | |
| "167.172.219.157" | |
| "143.110.239.2" | |
| "143.198.68.20" | |
| "137.184.190.194" | |
| "137.184.190.246" | |
| "137.184.9.17" | |
| "137.184.13.100" | |
| "137.184.94.133" | |
| "137.184.112.103" | |
| "137.184.180.190" | |
| "143.198.50.234" | |
| "185.142.236.36" | |
| "185.142.236.40" | |
| "185.142.236.41" | |
| "185.142.236.43" | |
| "185.142.239.16" | |
| "198.20.69.96/29" | |
| "198.20.70.112/29" | |
| "198.20.87.96/29" | |
| "198.20.99.128/29" | |
| "66.240.205.34" | |
| "71.6.146.130" | |
| "71.6.147.198" | |
| "71.6.147.254" | |
| "71.6.150.153" | |
| "71.6.167.125" | |
| "89.248.172.7" | |
| "165.227.62.247" | |
| "165.227.55.4" | |
| "216.117.2.180" | |
| "195.144.21.56" | |
| "185.165.190.17" | |
| "98.143.148.107" | |
| "155.94.254.133" | |
| "155.94.254.143" | |
| "155.94.222.12" | |
| "98.143.148.135" | |
| "207.90.244.0/24" | |
| ) | |
| ######################################## | |
| # Apply IPv4 logs + drops | |
| ######################################## | |
| for ip in \ | |
| "${CENSYS_V4[@]}" \ | |
| "${SHODAN_V4[@]}" \ | |
| "${ZOOMEYE_V4[@]}" \ | |
| "${FOFA_V4[@]}" \ | |
| "${BINARYEDGE_V4[@]}" \ | |
| "${SHADOWSERVER_V4[@]}" \ | |
| "${RAPID7_V4[@]}" \ | |
| "${BAIDU_V4[@]}" \ | |
| "${TENCENT_V4[@]}" \ | |
| "${ALIBABA_V4[@]}"; do | |
| iptables -A INPUT -s "$ip" -j LOG --log-prefix "$LOGTAG " | |
| iptables -A INPUT -s "$ip" -j DROP | |
| echo "Blocked IPv4: $ip" | |
| done | |
| ######################################## | |
| # Apply IPv6 logs + drops | |
| ######################################## | |
| for ip in "${CENSYS_V6[@]}"; do | |
| ip6tables -A INPUT -s "$ip" -j LOG --log-prefix "$LOGTAG " | |
| ip6tables -A INPUT -s "$ip" -j DROP | |
| echo "Blocked IPv6: $ip" | |
| done |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://www.ipfire.org/docs/configuration/firewall/blockshodan
https://docs.censys.com/docs/opt-out-of-data-collection#/
based on this blog posts