AIL Project

AIL Project is an open source framework to collect, crawl, dig and analyse unstructured data. The framework can be used to find information leaks, intelligence, insights and much more.

2025-05-28

AIL 6.2 released - Smarter Analysis, Search and Enhanced User Experience

We’re excited to release AIL Framework v6.2, a major update with new features and improved performance. This version makes analysis easier and the overall experience faster and more user-friendly.

Among the highlights are a fully revamped search engine powered by MeiliSearch, improved language detection for short text, local AI-driven image descriptions, and a yara-hunting editor tool.

πŸ”— ail-project.org/blog/2025/05/2

#darkweb #threatintelligence #threatintel #cti #opensource #osint

AIL Project extracting social network information and extracting the description of the image.
AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2025-03-29

A new release of the AIL project is coming soon, featuring a significant improvement in language detection.

A lot of work has been done on LexiLang by @terrtia to clean up dictionaries and improve support for localized languages and slang.

In the example below, you can see a user active in different Telegram channels, using both Russian and Ukrainian.

πŸ”— ail-project.org/

If you're interested in the topic, join us at a 2-day hackathon in Luxembourg on April 8–9, 2025, focused on open-source security tools. The developers of the AIL project will be there in person!

πŸ”— hackathon.lu/

#threatintel #threatintelligence #opensource #ail #intelligence

@ail_project
@circl

Language detection in the next release of AIL project. We can see that a user on different telegram channels used different languages.
AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2025-02-22

The famous library called Lacus behind @ail_project to perform web capture in headless mode, has been released as version 1.13.0

The new version has a mode to perform web capture with a headed browser.

Thanks to @rafi0t for the continuous work on the library.

#cybersecurity #threatintel #opensource #threatintelligence

πŸ”— Release notes github.com/ail-project/lacus/r
πŸ”— Project page github.com/ail-project/lacus

Lacus project logo
AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2025-02-22

We imported the data from Black Basta Ransomware group leak into AIL and there are many interesting aspects.

  • The federation network of Matrix servers (see the screenshot) used to communicated among the affiliates/group(s).

  • Activities in the chat room, especially the daily activity view in AIL. Guessing the location and timezone of groups or affiliates is an endless source of information.

  • They rely on many open-source and SaaS tools, including Google Docs or Zoom.

  • Many interesting correlations with cryptocurrencies, IP addresses, CVE numbers, and chat username relationships (who talks to whom and when).

If you are using AIL project and want to import the leak dataset, @terrtia did an importer github.com/ail-project/ail-fee

#BlackBasta #blackbastleaks #threatintel #osint #threatintelligence #opensource #dataset

@ail_project

Maybe some interesting input for @fr0gger for his existing analysis.

I see that this dataset can be used to enhance some of our open-source tools.

github.com/ail-project/ail-fra

Lists of Matrix server references involved in the Black Basta ransomware group leak. The data has been imported to AIL.Activities in the chat room, especially the daily activity view in AIL.Many interesting correlations with cryptocurrencies, IP addresses, CVE numbers, and chat username relationships (who talks to whom and when).
2025-02-06

AIL Project v6.1 released with new features including unsafe filter for Tor crawling, many bugs fixed and Telegram attachment analysis.

ail-project.org/blog/2025/02/0

#ail #threatintelligence #threatintel #opensource #darkweb

Overview of a Tor crawled website in AIL Project Framework.
AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2025-02-06

I was wondering why a specific onion address / url is the most queried on our Tor onion lookup service for verification.

It seems that many potential customers of Oxycodone are searching for alternatives on the dark market.

Wondering if an automatic event analysis and the most queried onion address could provide insight into the evolution of geopolitics.

#tor #darkweb #threatintel #threatintelligence #oxycodone #drugs

πŸ”— Onion lookup services onion.ail-project.org/

@ail_project

Most commonly checked and review website in the past 4 days. View from AIL Project framework. https://www.ail-project.org/
AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2025-01-24

This 2-day physical Hackathon, held in Luxembourg on April 8th and 9th, 2025, focuses on the development of free and open-source software for cybersecurity. We aim to convene diverse developer groups to collaborate on complex programming challenges within key cybersecurity areas, such as information sharing, threat intelligence, network and system forensics, data mining, network and computer exploitation, and defense techniques.

Don’t hesitate to join us. We are open to any ideas or proposals.

@circl @misp @kunai_project @suricata @vulnerability_lookup @ail_project

hackathon.lu/

#hackathon #opensource #cybersecurity #threatintel #luxembourg

logo of hackathon.lu
AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2025-01-24

AIL Project v6.0.1 released with improved usability in social network monitoring and many bugs fixed.

#opensource #osint #darkweb #threatintelligence #threatintel

πŸ”— ail-project.org/blog/2025/01/2

@ail_project

AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2024-12-24

Ever wonder why we build our own open-source tools? It's often to tackle unique challenges other tools can't handle.

In this case, we needed to track and monitor CVEs (Common Vulnerabilities and Exposures), especially proof-of-concept (PoC) discussions emerging on social networks like Telegram. We're automating the monitoring of these channels, but our goal is to empower analysts, not burden them with manual work.

Check out (annotated screenshots below) how we developed and using the AIL Project @ail_project to automatically:

  • Link and correlate CVEs with social media posts & references.
  • Extract text from images using OCR.

This lets our analysts focus on insights, not tedious data wrangling.

AIL Project ( @ail_project )is an open source project combined an extensive integration with MISP Project @misp and other open source tooling that we developed for the past years.

#opensource #ailproject #darkweb #vulnerability #vulnerabilities #poc #cybersecurity

Correlation view of the CVE mention in AIL project.Extraction of Telegram post with AIL project.
AIL Project boosted:
2024-12-24

There is a common issue when analyzing dark web content, particularly Tor onion addresses. As a DFIR investigator or intelligence analyst, you want to avoid specific content, such as child sexual abuse material (CSAM) or other content unrelated to your digital investigation.

The open Onion Lookup online service provides continuous classification to help analysts and investigators pre-classify Tor onion addresses without requiring direct access to such content.

πŸ”— Onion lookup onion.ail-project.org/
πŸ”— Onion lookup OpenAPI onion.ail-project.org/apiman/s
πŸ”— About AIL project ail-project.org/
πŸ”— MISP dark web taxonomy misp-project.org/taxonomies.ht

#csam #threatintelligence #opensource #darkweb #tor #onion #quanticonion

@misp @circl

Onion lookup provides the classification and machine tags associated with the queried Tor onion address.Onion lookup provides the classification and machine tags associated with the queried Tor onion address.
2024-12-20

There is a common issue when analyzing dark web content, particularly Tor onion addresses. As a DFIR investigator or intelligence analyst, you want to avoid specific content, such as child sexual abuse material (CSAM) or other content unrelated to your digital investigation.

The open Onion Lookup online service provides continuous classification to help analysts and investigators pre-classify Tor onion addresses without requiring direct access to such content.

πŸ”— Onion lookup onion.ail-project.org/
πŸ”— Onion lookup OpenAPI onion.ail-project.org/apiman/s
πŸ”— About AIL project ail-project.org/
πŸ”— MISP dark web taxonomy misp-project.org/taxonomies.ht

#csam #threatintelligence #opensource #darkweb #tor #onion #quanticonion

@misp @circl

Onion lookup provides the classification and machine tags associated with the queried Tor onion address.Onion lookup provides the classification and machine tags associated with the queried Tor onion address.
AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2024-12-20

@winissen But fortunately with @ail_project we can do it ;-)

AIL Project boosted:
2024-12-12

AIL 6.0 and MISP-LEA: Empowering LEAs with Direct Access to a Data Lake of Dark Web and Cybercriminal Information.

We are thrilled to announce the integration of the latest AIL 6.0 release into the MISP-LEA ecosystem, enabling Law Enforcement Agencies (LEAs) to request and gain direct access to a comprehensive data lake containing dark web crawled information...

πŸ”— misp-lea.org/news/2024/12/11/L

#darkweb #cybersecurity #opensource #lea #osint #misp

@misp @ail_project

AIL framework correlation.

https://www.ail-project.org/
2024-10-18

We are glad to announce the release of AIL v5.9, packed with numerous updates and fixes that enhance the performance and features of the framework. This release focuses on improvements in qrcode handling, `dom-hash` support...

The fingerprint is calculated by extracting all the tag names (ignoring the content itself as well as attributes of the HTML Page). The tag names are concatenated with a pipe value , hashed using the SHA-256 algorithm, and truncated to the first 32 characters.

Software such as LookyLoo or MISP have implemented the algorithm, the AIL framework now support the dom-hash algorithm to cluster and group similar page structure.

ail-project.org/blog/2024/10/1

#darkweb #osint #opensource #ail #threatintelligence #misp #pivot #correlation

@misp @circl

AIL project overview of correlating value from the dom-hash.
AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2024-10-07

@neil This shows the first_seen and last_seen timestamps of the Tor service based on when it was last seen during our crawl. It also includes the titles of the crawled pages to give an idea about their content. If the language can be detected, one or more language tags are added, along with a label if the hidden service has already been categorized. @ail_project

AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2024-10-07

We announce the release of onion-lookup v0.1. This open source tool and service is designed to help you search for Tor hidden services / .onion services quickly and efficiently. With its sleek API and user-friendly online interface, onion-lookup simplifies the process of querying and exploring onion addresses without browsing Tor and gather more information.

πŸ”— Online version onion.ail-project.org/
πŸ”— Source code github.com/ail-project/onion-l

#tor #darkweb #osint #opensource #infosec #onion

The information is relying on a @ail_project instance operated by the AIL project.

onion-lookup service screenshot available at https://onion.ail-project.org/
2024-10-03

We announce the release of AIL Framework v5.8, packed with new features, improvements, and bug fixes to facilitate the usage. This release focuses on expanding functionality and improving efficiency in key areas such as **QR code extraction**, domain lookups, image handling, and more.

πŸ”— ail-project.org/blog/2024/10/0

#threatintel #osint #intelligence #opensource #ailproject #darkweb

QR code value extracted from AIL framework.Correlation of QR code value in AIL framework.
AIL Project boosted:
2024-10-02

AIL Project version 5.7 released with many improvements with 2FA support, multi-organisation support, improved chat monitoring and more.

ail-project.org/blog/2024/09/1

#darkweb #threatintelligence #threatintel #telegram #infosec

@terrtia @circl @misp @adulau

Thanks to MISP-LEA training participants for the feedback and ideas for AIL improvements.

AIL framework overview - social graph relationshipsAIL framework overview - extracted OCR from screenshot seen in a social network channel
AIL Project boosted:
Alexandre Dulaunoyadulau@infosec.exchange
2024-10-02

You might be surprised by what can be encoded in a QR code. We've added automatic QR code extraction to the @ail_project for hidden services, social media messages, and any collected images. Many QR codes contain information that can be used for correlation, such as Bitcoin addresses, validation codes, invitation codes, and even XML streams.

#osint #ailproject #threatintel #threatintelligence #opensource

Thanks to @terrtia for the tireless testing with the different QR code decoding library.

QR code decoded in AIL projectCorrelation with QR code in AIL Project
2024-09-18

AIL Project version 5.7 released with many improvements with 2FA support, multi-organisation support, improved chat monitoring and more.

ail-project.org/blog/2024/09/1

#darkweb #threatintelligence #threatintel #telegram #infosec

@terrtia @circl @misp @adulau

Thanks to MISP-LEA training participants for the feedback and ideas for AIL improvements.

AIL framework overview - social graph relationshipsAIL framework overview - extracted OCR from screenshot seen in a social network channel

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst