~/trending
~$PIMONO24.1%~$OPENCLAW15.6%~$ZVEC55.9%~$CLAUDECO5.1%~$HERETIC15.2%~$ROWBOAT12.7%~$GOGCLI19.8%~$CODEXCLI2.3%~$CONTEXT72.5%~$SUMMARIZ19.5%~$PIMONO24.1%~$OPENCLAW15.6%~$ZVEC55.9%~$CLAUDECO5.1%~$HERETIC15.2%~$ROWBOAT12.7%~$GOGCLI19.8%~$CODEXCLI2.3%~$CONTEXT72.5%~$SUMMARIZ19.5%
live
Navigate:
Fail2Ban
~$FAIL20.5%

Fail2Ban: Daemon to ban hosts from repeated authentication errors

Log-based intrusion prevention via dynamic firewall management.

LIVE RANKINGS • 10:20 AM • STEADY
OVERALL
#156
25
SECURITY
#14
8
30 DAY RANKING TREND
ovr#156
·Secur#14
STARS
17.1K
FORKS
1.5K
7D STARS
+84
7D FORKS
+2
Tags:
Security
See Repo:
Share:

Learn more about Fail2Ban

Fail2Ban is a Python-based intrusion prevention daemon that monitors system log files for patterns indicating malicious behavior and automatically updates firewall rules to block offending hosts. The system employs regular expression pattern matching against log entries to detect repeated authentication failures or other suspicious activity, then invokes backend handlers to modify firewall configurations through iptables, pf, or other packet filtering systems. It operates through a modular architecture of filters, which define the patterns to match in log files, and actions, which specify the defensive responses to take when thresholds are exceeded. The daemon supports both IPv4 and IPv6 address families and can be configured with custom jails that monitor arbitrary log sources and trigger time-limited or permanent bans based on administrator-defined criteria. This event-driven approach provides automated defense against brute-force attacks and distributed scanning attempts without requiring manual intervention or complex real-time traffic analysis.

Fail2Ban
1

Log-Based Detection System

Analyzes existing system logs without requiring application modifications or agent installation. Supports any text-based log format through configurable regex patterns, enabling protection for legacy services and custom applications.

2

Automatic Firewall Management

Directly updates iptables, pf, or other firewall backends to block attackers in real-time. Temporary bans expire automatically after configurable timeouts, preventing permanent blocks from legitimate users with failed credentials.

3

File-Based Configuration Framework

Ships with pre-built filters for common services like SSH, Apache, and Nginx. Custom jails and filters are defined through configuration files without code changes, allowing teams to protect new services by writing pattern definitions.

from fail2ban.client.csocket import CSocket

client = CSocket()
client.send(["status", "sshd"])
response = client.receive()

if response[0] == 0:
    print(f"Banned IPs: {response[1]}")

See how people are using Fail2Ban

Loading tweets...

Top in Security

1

Ghidra

65,041
2

PentestGPT

11,792
3

Gitleaks

25,126
4

FingerprintJS

26,656
5

CAI

7,236
See all →

Trending Repos

1

Pi Mono

17,222#1
2

OpenClaw

233,443#2
3

Zvec

8,089#3
4

Claude Code

70,649#4
5

Heretic

9,761#5
See all →
[ EXPLORE MORE ]

Related Repositories

Discover similar tools and frameworks used by developers

Volatility Framework

Open-source Python framework for extracting digital artifacts from RAM samples for Windows, Linux, and macOS forensics.

7,9721,343

DVWA

PHP/MariaDB training platform for web security exploitation practice.

12,6454,618

CyberChef

Browser-based data transformation tool with chainable operations.

34,1603,855

WhatsMyName

JSON dataset for checking username availability across hundreds of websites for OSINT tools.

2,375374

Subfinder

Passive subdomain discovery via DNS resolution and validation.

13,1441,512