Search Shodan for Minecraft server IPs to grief

Overview

GriefBuddy

This script searches Shodan for Minecraft server IPs to grief. This will return all servers connected to the public internet which Shodan has indexed, regardless of whether or not they have been advertised anywhere. Some will have a whitelist, but I've found that most don't.

Results are output in the format <IP>:<PORT>. IPs will be output ordered by how recently Shodan indexed them, so results near the top will be "fresher".

Setup

  1. First you need a Shodan API key. Go to https://shodan.io/ and register for a free account. Then go to https://account.shodan.io/, copy your API key, and paste it between the empty quotes after "API_KEY:" in config.json. Don't share your API key or commit it to version control!

  2. Next, install Python 3 and the pip package manager, if you don't have them.

  3. Install the requests library: $ python3 -m pip install requests.

  4. Clone this repository: $ git clone https://github.com/k0rnh0li0/GriefBuddy.git.

  5. Edit config.json according to your preferences. See section "Configuration" for details. At minimum, you must enter your API key.

  6. Run the script: $ python3 griefbuddy.py

NOTE: Griefing Minecraft servers is not illegal. However, be aware that only you, and no one else, are responsible for any illegal activities you may partake in based on these IP lists. Don't be stupid.

Configuration

This section documents the settings in config.json. It's not necessary to edit config.json other than to enter your API key, but you can change the script's behavior by editing this file.

  • API_KEY - This must be set. Get your API key from https://account.shodan.io/.
  • PAGES - How many pages of results to query. Shodan returns 100 results per page. The first page is always free, but querying any pages beyond the first page will charge you 1 API credit. For example, if you set PAGES to 5, you will be charged 4 API credits total when you run the script. The first page is usually good enough anyway, it gets updated often as Shodan indexes new servers.
  • MC_VERSION - Search for a specific Minecraft server version. You can leave this blank, but results may be less reliable and the script may not work correctly. I recommend having a Minecraft version set.
  • ACTIVE_ONLY - If you set this to true, IPs will only be output if Shodan shows that they have a non-zero Online Players count. This would be a good way to find servers that people are currently playing on.
  • OUTPUT_FILE - Leave this blank if you want to display the IP list directly in the terminal. If you set this to a filename, the script will attempt to write the IP results to the file you specified.

Contributing

Contributions are welcome in the form of pull requests, issues, and epic grief screenshots in the Discussions tab.

If you open an issue about a bug, it would be helpful to include the contents of your config.json file WITH YOUR API KEY REDACTED so we can figure out what's going on.

You might also like...
Looks at Python code to search for things which look "dodgy" such as passwords or diffs

dodgy Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions desig

Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.
Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

👑 Recon 👑 The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

SSRF search vulnerabilities exploitation extended.
SSRF search vulnerabilities exploitation extended.

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters).

adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.
adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

adb - An exploitation tool for android devices. A tool that allows you to search for vulnerable android devices across the world and exploit them. Fea

A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks

Log4j dork scanner This is an auto script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks. Installation:

A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec

Magicspoofing - A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name
Magicspoofing - A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name

A python3 script for search possible misconfiguration in a DNS related to security protections of email service from the domain name. This project is for educational use, we are not responsible for its misuse.

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

DOME - A subdomain enumeration tool Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtai

Local server for IDA Lumina feature

About POC of an offline server for IDA Lumina feature.

Comments
  • Page ranges and output improvements

    Page ranges and output improvements

    IPs should be printed on the go in case you run into a 401 error from running out of credits (this happened to me, and I couldn't see the IPs that were already found).

    It needs an option to specify page ranges since Shodan doesn't update often enough, and you don't want to query the same servers again.

    opened by ByteDrummer 0
Owner
I NEED TP FOR MY BUNGHOLIO [email protected]
null
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

MurMurHash This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. What is MurMurHash? Murm

Viral Maniar 87 Dec 31, 2022
A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

Black Hat Ethical Hacking 5 Aug 9, 2022
ShoLister - a tool that collects all available subdomains for specific hostname or organization from Shodan

ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be used from Penetration Tester and Bug Bounty Hunters.

Eslam Akl 45 Dec 28, 2022
A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚

log4check A small Minecraft server to help players detect vulnerability to the Log4Shell exploit ?? Tested to work between Minecraft versions 1.12.2 a

Evan J. Markowitz 4 Dec 23, 2021
Add a Web Server based on Rogue Mysql Server to allow remote user get

介绍 对于需要使用 Rogue Mysql Server 的漏洞来说,若想批量检测这种漏洞的话需要自备一个服务器。并且我常用的Rogue Mysql Server 脚本 不支持动态更改读取文件名、不支持远程用户访问读取结果、不支持批量化检测网站。于是乎萌生了这个小脚本的想法 Rogue-MySql-

null 6 May 17, 2022
Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures

Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.

Stamus Networks 39 Nov 28, 2022
Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4

Minecraft-Server-Scanner Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4 Installation and running i

null 116 Jan 8, 2023
Log4j minecraft with python

log4jminecraft This code DOES NOT promote or encourage any illegal activities! The content in this document is provided solely for educational purpose

David Bombal 154 Dec 24, 2022
Log4j minecraft with python

Apache-Log4j Apache Log4j 远程代码执行 攻击者可直接构造恶意请求,触发远程代码执行漏洞。漏洞利用无需特殊配置,经阿里云安全团队验证,Apache Struts2、Apache Solr、Apache Druid、Apache Flink等均受影响 Steps 【Import

manmade 57 Oct 3, 2022
Acc-Data-Gen - Allows you to generate a password, e-mail & token for your Minecraft Account

Acc-Data-Gen Allows you to generate a password, e-mail & token for your Minecraft Account How to use the generator: Move all the files in a single dir

KarmaBait 2 May 16, 2022