The exclude.sh script is designed to help you exclude specific IP ranges from your Masscan scans.
The exclude.conf file is designed to help you exclude specific IP ranges from your Masscan scans.
masscan 0.0.0.0/0 -p0-65535 --excludefile exclude.conf
Excluded ranges:
- π Private IPs
- π Reserved IPs
- πΈοΈ Bogon IPs
- π Root DNS servers
- ποΈ Government and law enforcement IPs
By filtering out these ranges, you can focus your scans on more relevant targets and avoid unnecessary traffic to sensitive or internal networks.
Before running the script exclude.sh, ensure you have the following installed:
- β
ipsetβ for managing IP sets - β
iptablesβ for configuring firewall rules - β
curlβ for fetching the exclusion list
-
Clone the Repository:
git clone https://github.com/scriptzteam/masscan-exclude.git cd masscan-exclude -
Run the Script:
./exclude.sh
This will:
Download the latest exclude.conf file.
Flush and recreate the masscan-exclude IP set.
Populate the set with IPs to exclude.
Update iptables rules to drop incoming and outgoing traffic to/from these IPs.