[
  {
    "path": "LICENSE",
    "content": "MIT License\n\nCopyright (c) 2016 Massive Dynamic\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
  },
  {
    "path": "README.md",
    "content": "# openftp4\n\nThis is a list of all FTP servers directly connected to port 21 in the IPv4 address space that allow anonymous logins. The login must be completed in less than 15 seconds to qualify for this list.  \n\nThe last scan contains **796,268** servers that allow anonymous access. This is **4.31486 %** of the **18,454,087** services running on port 21 in IPv4.\n\n### Usage\n\n1) Decompress the file\n\n```sh\ngzip -d openftp4.txt.gz\n```\n\n2) Hack away\n\n### Format\n\nThe data follows this loose format:\n\n```text\nip|timestamp|banner\n```\n\n- `ip` is the IPv4 address (`^([0-9.]+)\\|`).\n- `timestamp` is the unix timestamp of the exchange with that server (`^+?\\|(\\d+)\\|`).\n- `banner` is **everything** after the second `|` and includes the full initial banner, every response code and the full login exchange (`\\|\\d+\\|(.+)$`).\n\nJust a hint: If you are going to interact in any way with these servers, consider piping the list through `shuf` each time you try something new so you don't hit the same server(s) over and over again. Also, don't sort the list before rescanning, because you will encounter IP blocks that belong to one network.\n\nIf you want to be extra nice, provide your actual email address (or one you have access to) as the password (blog post for details), so server admins can contact you.\n\n## [![](https://news.ycombinator.com/y18.gif) Discussion](https://news.ycombinator.com/item?id=12523455)\n\n- News: [SoftPedia](http://news.softpedia.com/news/nearly-800-000-ftp-servers-accessible-online-without-authentication-508421.shtml) • [D. Pratt (German)](https://dominicpratt.de/unsichere-ftp-server/) • [IDG: NETWORKWORLD](http://www.networkworld.com/article/3121655/security/teenager-claims-to-have-accessed-ftps-downloaded-data-from-every-state-with-us-domain.html#comments) • [mob3](http://mob3.net/forum/threads/user-scans-all-open-ftp-servers-on-ipv4-posts-ip-results.6391/)\n- Discussion elsewehre: [HN](https://news.ycombinator.com/item?id=12527989) • [r/DataHoarder](https://www.reddit.com/r/DataHoarder/comments/53cyhm/list_of_all_anonymous_login_ftp_servers_worldwide/) • [r/opendirectories](https://www.reddit.com/r/opendirectories/comments/53b0ar/a_list_of_all_ftp_servers_in_the_whole_internet/) • [r/netsec](https://www.reddit.com/r/netsec/comments/53bori/massanalyzing_a_chunk_of_the_internet/) • [r/sysadmin](https://www.reddit.com/r/sysadmin/comments/53cor1/someone_just_posted_every_open_ftp_server_on_ipv4/)\n\n### In the Wild\n\nApplications that use this dataset:\n\n- [FTPeek](http://tinyletter.com/theroyals) tries to find interesting things and sends you a newsletter.\n\n### Exclusion\n\n(This doesn't concern FTP servers that are public by design.)\n\nRead the blog post to learn how servers are excluded from this list. This list might be updated in the future. If you want to see your IP excluded from the list should it ever be updated, then consider fixing your access control.\n"
  }
]