Wdes SAS security toolkit
Security lists
Scanners
https://security.wdes.eu/scanners/stretchoid.txt(List of all known stretchoid IPs)https://security.wdes.eu/scanners/binaryedge.txt(List of all known binaryedge IPs)https://security.wdes.eu/scanners/censys.txt(List of all IPs declared by censys scanner on their FAQhttps://security.wdes.eu/scanners/internet-measurement.com.txt(List of all IPs declared by internet-measurement.com on their website)
Collections (by vendor)
-
https://security.wdes.eu/collections/wdes/bad-networks.txt(List of some hand picked bad networks) -
https://security.wdes.eu/collections/wdes/bad-ips.txt(List of some hand picked bad IPs that caused harm/attacks/scans to mail servers) -
https://security.wdes.eu/collections/microsoft/email-servers.txt(List of the Microsoft IPs for it's mail servers) -
https://security.wdes.eu/collections/amazon/cloudfront-ips.txt(List of AWS CloudFront IPs)
Other similar projects
- https://github.com/szepeviktor/debian-server-tools/tree/master/security/myattackers-ipsets/ipset
- https://github.com/wravoc/authlog-threats/blob/main/scanners
- https://github.com/stamparm/maltrail/blob/master/trails/static/mass_scanner.txt
Bad actors to handle
- scan-*.shadowserver.org example: scan-37-1d.shadowserver.org
- *.scan.bufferover.run example: bogota.scan.bufferover.run
- security.criminalip.com
- zl-ams-nl-gr1-wk102b.internet-census.org
- optout.scanopticon.com