summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJordan <me@jordan.im>2024-03-04 12:18:46 -0700
committerJordan <me@jordan.im>2024-03-04 12:18:46 -0700
commitf577691ff164e19584b9da732bb6d738ded673c6 (patch)
tree8f4e419717c6716f8793c1556e2ad1678e9a21e7
parent2eb1a737ab14ee9f21c36c622a781aedb3a90250 (diff)
downloadbin-master.tar.gz
bin-master.zip
block-scanners.pyHEADmaster
Diffstat
-rwxr-xr-xblock-scanners.py145
1 files changed, 145 insertions, 0 deletions
diff --git a/block-scanners.py b/block-scanners.py
new file mode 100755
index 0000000..30d4586
--- /dev/null
+++ b/block-scanners.py
@@ -0,0 +1,145 @@
+#!/usr/bin/env python3
+import subprocess
+
+def block_ip(ip, is_ipv6=False):
+ if is_ipv6:
+ subprocess.run(['ip6tables', '-A', 'INPUT', '-s', ip, '-j', 'DROP'])
+ subprocess.run(['ip6tables', '-A', 'FORWARD', '-s', ip, '-j', 'DROP'])
+ else:
+ subprocess.run(['iptables', '-A', 'INPUT', '-s', ip, '-j', 'DROP'])
+ subprocess.run(['iptables', '-A', 'FORWARD', '-s', ip, '-j', 'DROP'])
+
+def block_subnet(subnet, is_ipv6=False):
+ if is_ipv6:
+ subprocess.run(['ip6tables', '-A', 'INPUT', '-s', subnet, '-j', 'DROP'])
+ subprocess.run(['ip6tables', '-A', 'FORWARD', '-s', subnet, '-j', 'DROP'])
+ else:
+ subprocess.run(['iptables', '-A', 'INPUT', '-s', subnet, '-j', 'DROP'])
+ subprocess.run(['iptables', '-A', 'FORWARD', '-s', subnet, '-j', 'DROP'])
+
+def save_rules(is_ipv6=False):
+ if is_ipv6:
+ subprocess.run(['ip6tables-save'], stdout=open('/etc/iptables/rules.v6', 'w'))
+ else:
+ subprocess.run(['iptables-save'], stdout=open('/etc/iptables/rules.v4', 'w'))
+
+def main():
+ ips = [
+ # Shodan
+ '64.227.90.185',
+ '66.240.192.138',
+ '66.240.205.34',
+ '66.240.219.146',
+ '66.240.219.173',
+ '66.240.236.119',
+ '71.6.135.131',
+ '71.6.146.130',
+ '71.6.146.185',
+ '71.6.147.198',
+ '71.6.147.254',
+ '71.6.158.166',
+ '71.6.165.200',
+ '71.6.167.142',
+ '71.6.199.23',
+ '80.82.77.139',
+ '80.82.77.33',
+ '85.25.103.50',
+ '85.25.43.94',
+ '89.248.167.131',
+ '89.248.172.16',
+ '93.120.27.62',
+ '93.174.95.106',
+ '94.102.49.190',
+ '94.102.49.193',
+ '104.18.12.238',
+ '104.18.13.238',
+ '137.184.13.100',
+ '137.184.180.190',
+ '137.184.9.17',
+ '137.184.94.133',
+ '143.198.50.234',
+ '165.227.55.4',
+ '185.142.236.34',
+ '185.142.236.35',
+ '185.142.236.36',
+ '185.142.236.40',
+ '185.142.236.43',
+ '185.142.239.16',
+ '185.165.190.17',
+ '185.165.190.34',
+ '188.138.9.50',
+ '195.144.21.56',
+ '198.20.69.74',
+ '198.20.69.98',
+ '198.20.70.114',
+ '198.20.99.130',
+ '209.126.110.38',
+ '216.117.2.180'
+ ]
+
+ subnets = [
+ # Censys
+ '74.120.14.0/24',
+ '162.142.125.0/24',
+ '167.94.138.0/24',
+ '167.94.145.0/24',
+ '167.94.146.0/24',
+ '167.248.133.0/24',
+ '199.45.154.0/24',
+ '199.45.155.0/24',
+ '192.35.168.0/23',
+
+ # Shodan
+ '198.20.69.96/29',
+ '198.20.70.112/29',
+ '198.20.87.96/29',
+ '198.20.99.128/29',
+
+ # ShadowServer
+ '64.62.202.96/27',
+ '66.220.23.112/29',
+ '74.82.47.0/26',
+ '184.105.139.64/26',
+ '184.105.143.128/26',
+ '184.105.247.192/26',
+ '216.218.206.64/26',
+ '141.212.0.0/16',
+
+ # PAN Expanse
+ '144.86.173.0/24'
+ ]
+
+ ipv6_ips = [
+ # Shodan
+ '2606:4700::6812:cee',
+ '2606:4700::6812:dee',
+ '2604:a880:800:10::99:7001',
+ '2606:4700::6812:cee',
+ '2606:4700::6812:dee',
+ '2604:a880:4:1d0::50d:8000',
+ '2604:a880:4:1d0::725:0'
+ ]
+
+ ipv6_subnets = [
+ # Censys
+ '2602:80d:1000:b0cc:e::/80',
+ '2620:96:e000:b0cc:e::/80'
+ ]
+
+ for ip in ips:
+ block_ip(ip)
+
+ for subnet in subnets:
+ block_subnet(subnet)
+
+ for ipv6_ip in ipv6_ips:
+ block_ip(ipv6_ip, is_ipv6=True)
+
+ for ipv6_subnet in ipv6_subnets:
+ block_subnet(ipv6_subnet, is_ipv6=True)
+
+ save_rules()
+ save_rules(is_ipv6=True)
+
+if __name__ == "__main__":
+ main()
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion