34 lines
1.6 KiB
Markdown
34 lines
1.6 KiB
Markdown
# Wdes SAS security toolkit
|
|
|
|
## Security lists
|
|
|
|
### Scanners
|
|
|
|
- `https://security.wdes.eu/scanners/stretchoid.txt` (List of all known stretchoid IPs)
|
|
- `https://security.wdes.eu/scanners/binaryedge.txt` (List of all known binaryedge IPs)
|
|
- `https://security.wdes.eu/scanners/shadowserver.txt` (List of all known shadowserver IPs)
|
|
- `https://security.wdes.eu/scanners/censys.txt` (List of all IPs declared by censys scanner on their [FAQ](https://docs.censys.com/docs/opt-out-of-data-collection)
|
|
- `https://security.wdes.eu/scanners/internet-measurement.com.txt` (List of all IPs declared by internet-measurement.com on [their website](https://internet-measurement.com/#ips))
|
|
|
|
### Collections (by vendor)
|
|
|
|
- `https://security.wdes.eu/collections/wdes/bad-networks.txt` (List of some hand picked bad networks)
|
|
- `https://security.wdes.eu/collections/wdes/bad-ips.txt` (List of some hand picked bad IPs that caused harm/attacks/scans to mail servers)
|
|
|
|
- `https://security.wdes.eu/collections/microsoft/email-servers.txt` (List of the Microsoft IPs for it's mail servers)
|
|
- `https://security.wdes.eu/collections/amazon/cloudfront-ips.txt` (List of AWS CloudFront IPs)
|
|
|
|
## Other similar projects
|
|
|
|
- https://github.com/szepeviktor/debian-server-tools/tree/master/security/myattackers-ipsets/ipset
|
|
- https://github.com/wravoc/authlog-threats/blob/main/scanners
|
|
- https://github.com/stamparm/maltrail/blob/master/trails/static/mass_scanner.txt
|
|
|
|
## Bad actors to handle
|
|
|
|
- scan-*.shadowserver.org example: scan-37-1d.shadowserver.org
|
|
- *.scan.bufferover.run example: bogota.scan.bufferover.run
|
|
- security.criminalip.com
|
|
- zl-ams-nl-gr1-wk102b.internet-census.org
|
|
- optout.scanopticon.com
|