Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Blocks Shodan IPs From Scanning Your Servers.
#!/usr/bin/python3
import os
shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38", "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142", "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107", "98.143.148.135"]
for ip in shodan:
os.system("iptables -A INPUT -s {} -j DROP".format(ip))
@tuxxy

This comment has been minimized.

Copy link

@tuxxy tuxxy commented Feb 1, 2018

It'd read better with a for loop and proper string formatting:

for ip in shodan:
    os.system("iptables -A INPUT -s {} -j DROP".format(ip))
@jgamblin

This comment has been minimized.

Copy link
Owner Author

@jgamblin jgamblin commented Feb 1, 2018

@tuxxy,

Thanks.... that is much cleaner... updated. : )

@tuxxy

This comment has been minimized.

Copy link

@tuxxy tuxxy commented Feb 1, 2018

No problem. :)

@toniblyx

This comment has been minimized.

Copy link

@toniblyx toniblyx commented Feb 1, 2018

you may need also to block any traffic from censys.io/scans.io or any server that is using zmap.io, and also mrlooquer.com

@tfxrdz

This comment has been minimized.

Copy link

@tfxrdz tfxrdz commented Feb 2, 2018

@toniblyx thats true, since censys is more powerful than shodan in this matter.

@Ekultek

This comment has been minimized.

Copy link

@Ekultek Ekultek commented Feb 20, 2018

This doesn't work. Just so everyone knows.

@gianpaj

This comment has been minimized.

Copy link

@gianpaj gianpaj commented Mar 29, 2018

os.system("ufw deny from {}".format(ip))

for debian/ubuntu

@magiknono

This comment has been minimized.

Copy link

@magiknono magiknono commented Sep 10, 2018

For ufw on debian/ubuntu:
If you want block an ip for all services, you must do it before all actual rules :

os.system("ufw insert 1 deny from {}".format(ip))

@preterive

This comment has been minimized.

Copy link

@preterive preterive commented Dec 25, 2019

ipv6 support would be a good feature.

@yumusb

This comment has been minimized.

Copy link

@yumusb yumusb commented Nov 12, 2020

And , you can add censys.io's ip range.
192.35.168.0/23, 162.142.125.0/24, 74.120.14.0/24, and 167.248.133.0/24
I want to collect all the IP segments of automated scanning machines. I wonder if you are interested?

@jfqd

This comment has been minimized.

Copy link

@jfqd jfqd commented Nov 14, 2020

66.240.205.34 is missing in the list: malware-hunter.census.shodan.io.

@uiblogit

This comment has been minimized.

Copy link

@uiblogit uiblogit commented May 16, 2021

Another shodan ip to add:
IP: 185.163.109.66 Hostname: goldfish.census.shodan.io

@godgoali

This comment has been minimized.

Copy link

@godgoali godgoali commented Jun 28, 2021

Update 28 June 2021 👍

  • 94.102.49.198
  • 94.102.49.190
  • 94.102.49.193
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment