Skip to Main Content
September 25, 2012

Visualizing Project Artillery and Attackers

Written by David Kennedy
Penetration Testing Security Testing & Analysis
Project Artillery is an open-source blue team tool that combined a combination of threat intelligence, active honeypots, file integrity, and many other features and functionality that give you early stages of an attack and attempt to prevent the attacker from further attacking other systems. One newer feature with Project Artillery is ATIF - Artillery Threat Intelligence Feed. The feed takes multiple Artillery servers and centralizes attacker IP addresses into one central location. With Artillery you have the ability to detect offending IP addresses or block them completely ahead of them attacking you (at least in theory). Most recently, a great blog post from Invisibile Threat shows a daily map of attackers from the Artillery threat feed. This visualization takes all of the offending IP addresses and maps them geographically to an individual country. threat map I've gone ahead and added this to the Artillery main page with the dynamic map here. You can see daily updates (once a day) to the attackers from ATIF and use the data however you like. Thanks to Invisible Threat for all the work on this. Super awesome addition!