AIL 6.2 released - Smarter Analysis, Search and Enhanced User Experience

We’re excited to release AIL Framework v6.2, a major update with new features and improved performance. This version makes analysis easier and the overall experience faster and more user-friendly.

Among the highlights are a fully revamped search engine powered by MeiliSearch, improved language detection for short text, local AI-driven image descriptions, and a yara-hunting editor tool.

🔗 https://www.ail-project.org/blog/2025/05/28/AIL-v6.2.released/

#darkweb #threatintelligence #threatintel #cti #opensource #osint

A new release of the AIL project is coming soon, featuring a significant improvement in language detection.

A lot of work has been done on LexiLang by @terrtia to clean up dictionaries and improve support for localized languages and slang.

In the example below, you can see a user active in different Telegram channels, using both Russian and Ukrainian.

🔗 https://www.ail-project.org/

If you're interested in the topic, join us at a 2-day hackathon in Luxembourg on April 8–9, 2025, focused on open-source security tools. The developers of the AIL project will be there in person!

🔗 https://hackathon.lu/

#threatintel #threatintelligence #opensource #ail #intelligence

@ail_project
@circl

The famous library called Lacus behind @ail_project to perform web capture in headless mode, has been released as version 1.13.0

The new version has a mode to perform web capture with a headed browser.

Thanks to @rafi0t for the continuous work on the library.

#cybersecurity #threatintel #opensource #threatintelligence

🔗 Release notes https://github.com/ail-project/lacus/releases/tag/v1.13.0
🔗 Project page https://github.com/ail-project/lacus

We imported the data from Black Basta Ransomware group leak into AIL and there are many interesting aspects.

• The federation network of Matrix servers (see the screenshot) used to communicated among the affiliates/group(s).

• Activities in the chat room, especially the daily activity view in AIL. Guessing the location and timezone of groups or affiliates is an endless source of information.

• They rely on many open-source and SaaS tools, including Google Docs or Zoom.

• Many interesting correlations with cryptocurrencies, IP addresses, CVE numbers, and chat username relationships (who talks to whom and when).

If you are using AIL project and want to import the leak dataset, @terrtia did an importer https://github.com/ail-project/ail-feeder-matrix

#BlackBasta #blackbastleaks #threatintel #osint #threatintelligence #opensource #dataset

@ail_project

Maybe some interesting input for @fr0gger for his existing analysis.

I see that this dataset can be used to enhance some of our open-source tools.

https://github.com/ail-project/ail-framework

AIL Project v6.1 released with new features including unsafe filter for Tor crawling, many bugs fixed and Telegram attachment analysis.

https://www.ail-project.org/blog/2025/02/06/AIL-v6.1.released/

#ail #threatintelligence #threatintel #opensource #darkweb

I was wondering why a specific onion address / url is the most queried on our Tor onion lookup service for verification.

It seems that many potential customers of Oxycodone are searching for alternatives on the dark market.

Wondering if an automatic event analysis and the most queried onion address could provide insight into the evolution of geopolitics.

#tor #darkweb #threatintel #threatintelligence #oxycodone #drugs

🔗 Onion lookup services https://onion.ail-project.org/

@ail_project

This 2-day physical Hackathon, held in Luxembourg on April 8th and 9th, 2025, focuses on the development of free and open-source software for cybersecurity. We aim to convene diverse developer groups to collaborate on complex programming challenges within key cybersecurity areas, such as information sharing, threat intelligence, network and system forensics, data mining, network and computer exploitation, and defense techniques.

Don’t hesitate to join us. We are open to any ideas or proposals.

@circl @misp @kunai_project @suricata @vulnerability_lookup @ail_project

https://hackathon.lu/

#hackathon #opensource #cybersecurity #threatintel #luxembourg

AIL Project v6.0.1 released with improved usability in social network monitoring and many bugs fixed.

#opensource #osint #darkweb #threatintelligence #threatintel

🔗 https://ail-project.org/blog/2025/01/23/AIL-v6.0.1.released/

@ail_project

Ever wonder why we build our own open-source tools? It's often to tackle unique challenges other tools can't handle.

In this case, we needed to track and monitor CVEs (Common Vulnerabilities and Exposures), especially proof-of-concept (PoC) discussions emerging on social networks like Telegram. We're automating the monitoring of these channels, but our goal is to empower analysts, not burden them with manual work.

Check out (annotated screenshots below) how we developed and using the AIL Project @ail_project to automatically:

• Link and correlate CVEs with social media posts & references.
• Extract text from images using OCR.

This lets our analysts focus on insights, not tedious data wrangling.

AIL Project ( @ail_project )is an open source project combined an extensive integration with MISP Project @misp and other open source tooling that we developed for the past years.

#opensource #ailproject #darkweb #vulnerability #vulnerabilities #poc #cybersecurity

There is a common issue when analyzing dark web content, particularly Tor onion addresses. As a DFIR investigator or intelligence analyst, you want to avoid specific content, such as child sexual abuse material (CSAM) or other content unrelated to your digital investigation.

The open Onion Lookup online service provides continuous classification to help analysts and investigators pre-classify Tor onion addresses without requiring direct access to such content.

🔗 Onion lookup https://onion.ail-project.org/
🔗 Onion lookup OpenAPI https://onion.ail-project.org/apiman/swagger/
🔗 About AIL project https://www.ail-project.org/
🔗 MISP dark web taxonomy https://www.misp-project.org/taxonomies.html#_dark_web

#csam #threatintelligence #opensource #darkweb #tor #onion #quanticonion

@misp @circl

There is a common issue when analyzing dark web content, particularly Tor onion addresses. As a DFIR investigator or intelligence analyst, you want to avoid specific content, such as child sexual abuse material (CSAM) or other content unrelated to your digital investigation.

The open Onion Lookup online service provides continuous classification to help analysts and investigators pre-classify Tor onion addresses without requiring direct access to such content.

🔗 Onion lookup https://onion.ail-project.org/
🔗 Onion lookup OpenAPI https://onion.ail-project.org/apiman/swagger/
🔗 About AIL project https://www.ail-project.org/
🔗 MISP dark web taxonomy https://www.misp-project.org/taxonomies.html#_dark_web

#csam #threatintelligence #opensource #darkweb #tor #onion #quanticonion

@misp @circl

@winissen But fortunately with @ail_project we can do it ;-)

AIL 6.0 and MISP-LEA: Empowering LEAs with Direct Access to a Data Lake of Dark Web and Cybercriminal Information.

We are thrilled to announce the integration of the latest AIL 6.0 release into the MISP-LEA ecosystem, enabling Law Enforcement Agencies (LEAs) to request and gain direct access to a comprehensive data lake containing dark web crawled information...

🔗 https://www.misp-lea.org/news/2024/12/11/Leveraging-AIL-6.0-with-MISP-LEA-for-Enhanced-Investigations.html

#darkweb #cybersecurity #opensource #lea #osint #misp

@misp @ail_project

We are glad to announce the release of AIL v5.9, packed with numerous updates and fixes that enhance the performance and features of the framework. This release focuses on improvements in qrcode handling, `dom-hash` support...

The fingerprint is calculated by extracting all the tag names (ignoring the content itself as well as attributes of the HTML Page). The tag names are concatenated with a pipe value , hashed using the SHA-256 algorithm, and truncated to the first 32 characters.

Software such as LookyLoo or MISP have implemented the algorithm, the AIL framework now support the dom-hash algorithm to cluster and group similar page structure.

https://www.ail-project.org/blog/2024/10/18/AIL-v5.9.released/

#darkweb #osint #opensource #ail #threatintelligence #misp #pivot #correlation

@misp @circl

@neil This shows the first_seen and last_seen timestamps of the Tor service based on when it was last seen during our crawl. It also includes the titles of the crawled pages to give an idea about their content. If the language can be detected, one or more language tags are added, along with a label if the hidden service has already been categorized. @ail_project

We announce the release of onion-lookup v0.1. This open source tool and service is designed to help you search for Tor hidden services / .onion services quickly and efficiently. With its sleek API and user-friendly online interface, onion-lookup simplifies the process of querying and exploring onion addresses without browsing Tor and gather more information.

🔗 Online version https://onion.ail-project.org/
🔗 Source code https://github.com/ail-project/onion-lookup

#tor #darkweb #osint #opensource #infosec #onion

The information is relying on a @ail_project instance operated by the AIL project.

We announce the release of AIL Framework v5.8, packed with new features, improvements, and bug fixes to facilitate the usage. This release focuses on expanding functionality and improving efficiency in key areas such as **QR code extraction**, domain lookups, image handling, and more.

🔗 https://www.ail-project.org/blog/2024/10/03/AIL-v5.8.released/

#threatintel #osint #intelligence #opensource #ailproject #darkweb

AIL Project version 5.7 released with many improvements with 2FA support, multi-organisation support, improved chat monitoring and more.

https://www.ail-project.org/blog/2024/09/18/AIL-v5.7.released/

#darkweb #threatintelligence #threatintel #telegram #infosec

@terrtia @circl @misp @adulau

Thanks to MISP-LEA training participants for the feedback and ideas for AIL improvements.

You might be surprised by what can be encoded in a QR code. We've added automatic QR code extraction to the @ail_project for hidden services, social media messages, and any collected images. Many QR codes contain information that can be used for correlation, such as Bitcoin addresses, validation codes, invitation codes, and even XML streams.

#osint #ailproject #threatintel #threatintelligence #opensource

Thanks to @terrtia for the tireless testing with the different QR code decoding library.

AIL Project version 5.7 released with many improvements with 2FA support, multi-organisation support, improved chat monitoring and more.

https://www.ail-project.org/blog/2024/09/18/AIL-v5.7.released/

#darkweb #threatintelligence #threatintel #telegram #infosec

@terrtia @circl @misp @adulau

Thanks to MISP-LEA training participants for the feedback and ideas for AIL improvements.