# Wdes SAS security toolkit

## Security lists

- `https://security.wdes.eu/scanners/stretchoid.txt` (List of all known stretchoid IPs)
- `https://security.wdes.eu/scanners/binaryedge.txt` (List of all known binaryedge IPs)
- `https://security.wdes.eu/scanners/censys.txt` (List of all IPs declared by censys scanner on their FAQ)

## To be migrated

- `internet-measurement.com.txt` (List of all IPs declared by internet-measurement.com on [their website](https://internet-measurement.com/#ips))
- `bad-networks.txt` (List of some hand picked bad networks)
- `bad-ips.txt` (List of some hand picked bad IPs that caused harm/attacks/scans to mail servers)

## Other similar projects

- https://github.com/szepeviktor/debian-server-tools/tree/master/security/myattackers-ipsets/ipset
- https://github.com/wravoc/authlog-threats/blob/main/scanners
- https://github.com/stamparm/maltrail/blob/master/trails/static/mass_scanner.txt

## Bad actors to handle

- scan-*.shadowserver.org example: scan-37-1d.shadowserver.org
- *.scan.bufferover.run example: bogota.scan.bufferover.run
- security.criminalip.com
- zl-ams-nl-gr1-wk102b.internet-census.org
- optout.scanopticon.com