Visualising networked attacks using fail2ban, GeoIP and Mapnik. Demo at:
JavaScript Python
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


README for Banditvis
Thomas Steinbrenner <>
v0.3, August 2012
This software is licensed under the GNU Lesser General Public License.

== General


Banditvis is an open source project to visualise the origin of networked attacks.
In detail it uses fail2ban to detect, GeoIP to locate and Mapnik to visualise.

== Requirements

* fail2ban (Debian: fail2ban, )

* Python >= 2.6.6 (Debian: python, )
* Python GeoIP >= 1.2.4 (Debian: python-geoip,
* Python Mapnik >= 0.7.1 (Debian: python-mapnik,
* Python Psycopg2 >= 2.2.1 (Debian: python-psycopg2,
* Python Imaging Library >= 1.1.7 (Debian: python-imaging,

* PostgreSQL >= 8.4.7 (Debian: postgresql,
* PostGIS >= 1.5.1 (Debian: postgresql-8.4-postgis, )

== Installation

see INSTALL file
If you are having trouble, please don't hesitate to contact me!

== Configuration

* Customise config.ini

== Usage

* ip_address [offence]: add an attack to the database.
* draw the visualisation.
* Try to download a new GeoIP database.
* Write the current Databays to a .kml file.

== Disclaimer

This software is licensed under the GNU Lesser General Public License.
This project follows no commercial interests whatsoever and is purely done in the author's spare time.
The author cannot be held responsible for harm or damage done by using this software.
Also like the authors of third party tools used in this project, the author cannot guarantee the accuracy of produced outputs. (So please don't invade countries because of wrong border data e.g. ;) )

== Third-party tools
=== Redistributed

* (data/shapes/*) World Borders Shape file from
* (fonts/LinLibertine_Bd-4.1.5) Linux Libertine Font from

=== Used

* (data/GeoIP/*) Maxmind: This product includes GeoLite data created by MaxMind, available from
* OpenLayers: