Artillery 0.6! released

Artillery is a combination of a honeypot, monitoring tool, and alerting system. It is an open-source Python driven tool for making it difficult for attackers to hit your network. Attackers utilize predefined patterns in most cases for attacking systems and servers. Artillery takes advantage of that by making vulnerabilities and exposures look like they are existent when they are really not there. When the attacker goes after a given port, Artillery sends random data back to the attacker then bans them permanently. In addition to the active banning and honeypot portions of Artillery, there is also file integrity monitoring, server health checks, and hardening checks.

Official Artillery 0.6 change log -
  • fixed a bug in remove_ban that would not remove the ip address
  • added threat intelligence feed – this is an automatic feed that will pull from trustedsec webservers around attacker IP addresses
  • added ability to automatically block based on intelligence feed
  • daily checks added to banlist
  • fixed a bug when uninstall would not properly kill artillery
  • added a check in the uninstall to see if artillery is actually running
  • added some enhancements to the honeypot banning
  • added new flag for intelligence feed in the config file
  • added the ability to change threat feeds to a different server of your choice
  • added threading to reloading the IP tables matrix, was causing a hang on other imports
  • removed 3306 as a standard port, would cause conflicts at times if it was already installed
  • added the ability to specify the threat intelligence feed server
  • added the ability to configure your own threat intelligence feed server
  • added ability to change the public directory for the HTTP server
  • added ability to configure multiple threat feeds, can pull in multiple Artillery servers
Recently, an update Artillery version 0.6 was released! release starts the evolution of Artillery, and the launch of Project Artillery. Project Artillery will be getting some major releases in the next few months, starting with the launch of ATIF, the Artillery Threat Intelligence Feed. ATIF is a collection of Artillery servers customized and deployed around the world. They automatically feed back attacker IP addresses instantly to the main Artillery central repository and pushed out to the main TrustedSec website.

    Artillery version 0.6 which now enables ATIF as well as starting your own ATIF servers. You can now place ATIF servers out on the Internet and point your other Artillery installations to them if you do not want to use the TrustedSec repositories.
Download Artillery -
Artillery 0.6 can be downloaded from the SVN at the following link:


Previous post regarding Artillery -