Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Blocks Shodan IPs From Scanning Your Servers.
#!/usr/bin/python3
import os
shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38", "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142", "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107", "98.143.148.135"]
for ip in shodan:
os.system("iptables -A INPUT -s {} -j DROP".format(ip))
@tfxrdz
Copy link

tfxrdz commented Feb 2, 2018

@toniblyx thats true, since censys is more powerful than shodan in this matter.

@Ekultek
Copy link

Ekultek commented Feb 20, 2018

This doesn't work. Just so everyone knows.

@gianpaj
Copy link

gianpaj commented Mar 29, 2018

os.system("ufw deny from {}".format(ip))

for debian/ubuntu

@magiknono
Copy link

magiknono commented Sep 10, 2018

For ufw on debian/ubuntu:
If you want block an ip for all services, you must do it before all actual rules :

os.system("ufw insert 1 deny from {}".format(ip))

@clemens981
Copy link

clemens981 commented Dec 25, 2019

ipv6 support would be a good feature.

@yumusb
Copy link

yumusb commented Nov 12, 2020

And , you can add censys.io's ip range.
192.35.168.0/23, 162.142.125.0/24, 74.120.14.0/24, and 167.248.133.0/24
I want to collect all the IP segments of automated scanning machines. I wonder if you are interested?

@jfqd
Copy link

jfqd commented Nov 14, 2020

66.240.205.34 is missing in the list: malware-hunter.census.shodan.io.

@uiblogit
Copy link

uiblogit commented May 16, 2021

Another shodan ip to add:
IP: 185.163.109.66 Hostname: goldfish.census.shodan.io

@godgoali
Copy link

godgoali commented Jun 28, 2021

Update 28 June 2021 👍

  • 94.102.49.198
  • 94.102.49.190
  • 94.102.49.193

@urekxmazino
Copy link

urekxmazino commented Oct 12, 2021

won't be bad idea adding them to cloudflare firewall rules

@urekxmazino
Copy link

urekxmazino commented Oct 12, 2021

can you add zoomeye ips as well

@Jolly-Pirate
Copy link

Jolly-Pirate commented Jan 22, 2022

Cencys are courteous and provide instructions to opt out, with a list of IP's to block.
https://support.censys.io/hc/en-us/articles/360043177092-Opt-Out-of-Scanning

@webzcom
Copy link

webzcom commented May 25, 2022

I'll have to check my research notes if I have them but I had found a SHODAN server in the 66.240.236.0/24 range. It was all cloud hosting so I blocked them all but there is a SHODAN server in there somewhre.

@jfqd
Copy link

jfqd commented May 25, 2022

shodoan uses shodan.io hostnames, you can check by a ptr scan of the subnet and there is one host in it:

66.240.236.119 census6.shodan.io

@63kk0
Copy link

63kk0 commented Jul 22, 2022

Just an FYI, the list of Shodan.io servers represented here is incomplete.

Here is the list I had compiled (yes, some are PTR-only records, and that is not listed here) based on this: https://wiki.ipfire.org/configuration/firewall/blockshodan

IP Domain
188.138.9.50 atlantic.census.shodan.io
209.126.110.38 atlantic.dns.shodan.io
93.174.95.106 battery.census.shodan.io
104.236.198.48 blog.shodan.io
198.20.87.98 border.census.shodan.io
66.240.219.146 burger.census.shodan.io
198.20.69.74 census1.shodan.io
198.20.69.98 census2.shodan.io
198.20.70.114 census3.shodan.io
198.20.99.130 census4.shodan.io
93.120.27.62 census5.shodan.io
66.240.236.119 census6.shodan.io
71.6.135.131 census7.shodan.io
66.240.192.138 census8.shodan.io
71.6.167.142 census9.shodan.io
82.221.105.6 census10.shodan.io
82.221.105.7 census11.shodan.io
71.6.165.200 census12.shodan.io
94.102.49.193 cloud.census.shodan.io
80.82.77.139 dojo.census.shodan.io
94.102.49.190 flower.census.shodan.io
185.163.109.66 goldfish.census.shodan.io
104.131.0.69 hello.data.shodan.io
89.248.172.16 house.census.shodan.io
71.6.146.186 inspire.census.shodan.io
89.248.167.131 mason.census.shodan.io
71.6.158.166 ninja.census.shodan.io
159.203.176.62 ny.private.shodan.io
85.25.103.50 pacific.census.shodan.io
71.6.146.185 pirate.census.shodan.io
85.25.43.94 rim.census.shodan.io
98.143.148.107 scanner01.project25499.com
155.94.254.133 scanner02.project25499.com
155.94.254.143 scanner03.project25499.com
155.94.222.12 scanner04.project25499.com
98.143.148.135 scanner05.project25499.com
208.180.20.97 shodan.io
216.117.2.180 shodan.io
104.185.10.217 sky.census.shodan.io
80.82.77.33 sky.census.shodan.io
185.181.102.18 turtle.census.shodan.io
162.159.244.38 www.shodan.io

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment