openftp4
This is a list of all FTP servers directly connected to port 21 in the IPv4 address space that allow anonymous logins. The login must be completed in less than 15 seconds to qualify for this list.
How and why this list was created is documented in detail in my blog post Mass-analyzing a chunk of the Internet. You can do whatever you want with this data. Consider linking to this repo if you find something interesting or odd.
The last scan contains 796,268 servers that allow anonymous access. This is 4.31486 % of the 18,454,087 services running on port 21 in IPv4.
Usage
- Decompress the file
gzip -d openftp4.txt.gz
- Hack away
Format
The data follows this loose format:
ip|timestamp|banner
ip
is the IPv4 address (^([0-9.]+)\|
).timestamp
is the unix timestamp of the exchange with that server (^+?\|(\d+)\|
).banner
is everything after the second|
and includes the full initial banner, every response code and the full login exchange (\|\d+\|(.+)$
).
Just a hint: If you are going to interact in any way with these servers, consider piping the list through shuf
each time you try something new so you don't hit the same server(s) over and over again. Also, don't sort the list before rescanning, because you will encounter IP slashes that belong to one network. Think about what it looks like from their perspective ;-).
If you want to be extra nice, provide your actual email address (or one you have access to) as the password (blog post for details), so server admins can contact you.
Donate
It costs $2 per week to keep the scan running. If you want to throw some money our way (for cookies and stuff), please do so at 14MzwUsRfZTygggU39LECLvamDwFpa2Vjj
.
Discussion
- News: SoftPedia • D. Pratt (German) • IDG: NETWORKWORLD • mob3
- Discussion elsewehre: HN • r/DataHoarder • r/opendirectories • r/netsec • r/sysadmin
In the Wild
Applications that use this dataset:
- FTPeek tries to find interesting things and sends you a newsletter.
Exclusion
(This doesn't concern FTP servers that are public by design.)
Read the blog post to learn how servers are excluded from this list. This list might be updated in the future. If you want to see your IP excluded from the list should it ever be updated, then consider fixing your stuff.