-
-
Save jgamblin/2928d45730543fc7ef10cf56e5a980b0 to your computer and use it in GitHub Desktop.
| #!/usr/bin/python3 | |
| import os | |
| shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38", "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142", "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107", "98.143.148.135"] | |
| for ip in shodan: | |
| os.system("iptables -A INPUT -s {} -j DROP".format(ip)) |
Another shodan ip to add:
IP: 185.163.109.66 Hostname: goldfish.census.shodan.io
Update 28 June 2021 👍
- 94.102.49.198
- 94.102.49.190
- 94.102.49.193
won't be bad idea adding them to cloudflare firewall rules
can you add zoomeye ips as well
Cencys are courteous and provide instructions to opt out, with a list of IP's to block.
https://support.censys.io/hc/en-us/articles/360043177092-Opt-Out-of-Scanning
I'll have to check my research notes if I have them but I had found a SHODAN server in the 66.240.236.0/24 range. It was all cloud hosting so I blocked them all but there is a SHODAN server in there somewhre.
shodoan uses shodan.io hostnames, you can check by a ptr scan of the subnet and there is one host in it:
66.240.236.119 census6.shodan.io
Just an FYI, the list of Shodan.io servers represented here is incomplete.
Here is the list I had compiled (yes, some are PTR-only records, and that is not listed here) based on this: https://wiki.ipfire.org/configuration/firewall/blockshodan
| IP | Domain |
|---|---|
| 188.138.9.50 | atlantic.census.shodan.io |
| 209.126.110.38 | atlantic.dns.shodan.io |
| 93.174.95.106 | battery.census.shodan.io |
| 104.236.198.48 | blog.shodan.io |
| 198.20.87.98 | border.census.shodan.io |
| 66.240.219.146 | burger.census.shodan.io |
| 198.20.69.74 | census1.shodan.io |
| 198.20.69.98 | census2.shodan.io |
| 198.20.70.114 | census3.shodan.io |
| 198.20.99.130 | census4.shodan.io |
| 93.120.27.62 | census5.shodan.io |
| 66.240.236.119 | census6.shodan.io |
| 71.6.135.131 | census7.shodan.io |
| 66.240.192.138 | census8.shodan.io |
| 71.6.167.142 | census9.shodan.io |
| 82.221.105.6 | census10.shodan.io |
| 82.221.105.7 | census11.shodan.io |
| 71.6.165.200 | census12.shodan.io |
| 94.102.49.193 | cloud.census.shodan.io |
| 80.82.77.139 | dojo.census.shodan.io |
| 94.102.49.190 | flower.census.shodan.io |
| 185.163.109.66 | goldfish.census.shodan.io |
| 104.131.0.69 | hello.data.shodan.io |
| 89.248.172.16 | house.census.shodan.io |
| 71.6.146.186 | inspire.census.shodan.io |
| 89.248.167.131 | mason.census.shodan.io |
| 71.6.158.166 | ninja.census.shodan.io |
| 159.203.176.62 | ny.private.shodan.io |
| 85.25.103.50 | pacific.census.shodan.io |
| 71.6.146.185 | pirate.census.shodan.io |
| 85.25.43.94 | rim.census.shodan.io |
| 98.143.148.107 | scanner01.project25499.com |
| 155.94.254.133 | scanner02.project25499.com |
| 155.94.254.143 | scanner03.project25499.com |
| 155.94.222.12 | scanner04.project25499.com |
| 98.143.148.135 | scanner05.project25499.com |
| 208.180.20.97 | shodan.io |
| 216.117.2.180 | shodan.io |
| 104.185.10.217 | sky.census.shodan.io |
| 80.82.77.33 | sky.census.shodan.io |
| 185.181.102.18 | turtle.census.shodan.io |
| 162.159.244.38 | www.shodan.io |
185.165.191.27 appears to be another one.
Proof attached.
Thanks for maintaining this!
They should have an OPT OUT on their Shodan.io website.
Wrong, they should have an opt in.
Wrong, they should have an opt in.
Exactly, I don't understand how CFAA doesn't apply to this scanning? It is after all accessing of a computer system without consent and by exploting security vulnerabilities.
66.240.205.34 is missing in the list: malware-hunter.census.shodan.io.