Skip to content

Instantly share code, notes, and snippets.

@jgamblin
Last active June 1, 2023 01:57
Show Gist options
  • Save jgamblin/2928d45730543fc7ef10cf56e5a980b0 to your computer and use it in GitHub Desktop.
Save jgamblin/2928d45730543fc7ef10cf56e5a980b0 to your computer and use it in GitHub Desktop.
Blocks Shodan IPs From Scanning Your Servers.
#!/usr/bin/python3
import os
shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38", "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142", "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107", "98.143.148.135"]
for ip in shodan:
os.system("iptables -A INPUT -s {} -j DROP".format(ip))
@gianpaj
Copy link

gianpaj commented Mar 29, 2018

os.system("ufw deny from {}".format(ip))

for debian/ubuntu

@magiknono
Copy link

magiknono commented Sep 10, 2018

For ufw on debian/ubuntu:
If you want block an ip for all services, you must do it before all actual rules :

os.system("ufw insert 1 deny from {}".format(ip))

@cknost
Copy link

cknost commented Dec 25, 2019

ipv6 support would be a good feature.

@yumusb
Copy link

yumusb commented Nov 12, 2020

And , you can add censys.io's ip range.
192.35.168.0/23, 162.142.125.0/24, 74.120.14.0/24, and 167.248.133.0/24
I want to collect all the IP segments of automated scanning machines. I wonder if you are interested?

@jfqd
Copy link

jfqd commented Nov 14, 2020

66.240.205.34 is missing in the list: malware-hunter.census.shodan.io.

@uiblogit
Copy link

Another shodan ip to add:
IP: 185.163.109.66 Hostname: goldfish.census.shodan.io

@godgoali
Copy link

Update 28 June 2021 👍

  • 94.102.49.198
  • 94.102.49.190
  • 94.102.49.193

@dragonsxslayer
Copy link

won't be bad idea adding them to cloudflare firewall rules

@dragonsxslayer
Copy link

can you add zoomeye ips as well

@Jolly-Pirate
Copy link

Cencys are courteous and provide instructions to opt out, with a list of IP's to block.
https://support.censys.io/hc/en-us/articles/360043177092-Opt-Out-of-Scanning

@webzcom
Copy link

webzcom commented May 25, 2022

I'll have to check my research notes if I have them but I had found a SHODAN server in the 66.240.236.0/24 range. It was all cloud hosting so I blocked them all but there is a SHODAN server in there somewhre.

@jfqd
Copy link

jfqd commented May 25, 2022

shodoan uses shodan.io hostnames, you can check by a ptr scan of the subnet and there is one host in it:

66.240.236.119 census6.shodan.io

@63kk0
Copy link

63kk0 commented Jul 22, 2022

Just an FYI, the list of Shodan.io servers represented here is incomplete.

Here is the list I had compiled (yes, some are PTR-only records, and that is not listed here) based on this: https://wiki.ipfire.org/configuration/firewall/blockshodan

IP Domain
188.138.9.50 atlantic.census.shodan.io
209.126.110.38 atlantic.dns.shodan.io
93.174.95.106 battery.census.shodan.io
104.236.198.48 blog.shodan.io
198.20.87.98 border.census.shodan.io
66.240.219.146 burger.census.shodan.io
198.20.69.74 census1.shodan.io
198.20.69.98 census2.shodan.io
198.20.70.114 census3.shodan.io
198.20.99.130 census4.shodan.io
93.120.27.62 census5.shodan.io
66.240.236.119 census6.shodan.io
71.6.135.131 census7.shodan.io
66.240.192.138 census8.shodan.io
71.6.167.142 census9.shodan.io
82.221.105.6 census10.shodan.io
82.221.105.7 census11.shodan.io
71.6.165.200 census12.shodan.io
94.102.49.193 cloud.census.shodan.io
80.82.77.139 dojo.census.shodan.io
94.102.49.190 flower.census.shodan.io
185.163.109.66 goldfish.census.shodan.io
104.131.0.69 hello.data.shodan.io
89.248.172.16 house.census.shodan.io
71.6.146.186 inspire.census.shodan.io
89.248.167.131 mason.census.shodan.io
71.6.158.166 ninja.census.shodan.io
159.203.176.62 ny.private.shodan.io
85.25.103.50 pacific.census.shodan.io
71.6.146.185 pirate.census.shodan.io
85.25.43.94 rim.census.shodan.io
98.143.148.107 scanner01.project25499.com
155.94.254.133 scanner02.project25499.com
155.94.254.143 scanner03.project25499.com
155.94.222.12 scanner04.project25499.com
98.143.148.135 scanner05.project25499.com
208.180.20.97 shodan.io
216.117.2.180 shodan.io
104.185.10.217 sky.census.shodan.io
80.82.77.33 sky.census.shodan.io
185.181.102.18 turtle.census.shodan.io
162.159.244.38 www.shodan.io

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment