AIL Framework Release: v6.7 - The Improved Search Interface.
#osint #opensource #threatintelligence #darkweb #cybersecurity
π https://www.ail-project.org/blog/2026/03/12/v6.7.released/
| Website | https://www.ail-project.org |
AIL Project
- 144 Followers
- 13 Following
- 36 Posts
AIL Project is an open source framework to collect, crawl, dig and analyse unstructured data. The framework can be used to find information leaks, intelligence, insights and much more.
Alexandre DulaunoyI updated The Art of Pivoting based on reader feedback.
For example, the Analytical Strategies of Pivoting is now a visual overview than a difficult to read table.
Repository updated https://github.com/adulau/the-art-of-pivoting
PDF https://raw.githubusercontent.com/adulau/the-art-of-pivoting/refs/heads/main/output/the-art-of-pivoting.pdf
The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World
This open source book explores how intelligence and cyber-security analysts can uncover hidden links between threat actor infrastructure and ongoing investigations by pivoting on both classic and unconventional indicators β many of which are often overlooked. The material is grounded in empirical, field-tested strategies used in cyber-security, digital forensics, cyber threat intelligence, and intelligence analysis more broadly.
I released the first version of this book following the @firstdotorg CTI Conference 2025 in Berlin, where the initial idea for the project emerged.
π Source of the book in Markdown https://github.com/adulau/the-art-of-pivoting (if you want to contribute ;-)
#cti #threatintelligence #pivoting #pivot #intelligence #intelligencecommunity #cybersecurity #book #openbook #investigation #opensource
AIL v6.6 is a release with a strong focus on PDF ingestion (captured from social networks or other collection sources) and translation, crawler improvements, and operational enhancements across users, queues, and metadata handling.
This version significantly expands AILβs document-processing and data-collection capabilities by introducing a hardened PDF ingestion pipeline where all PDFs are converted to PDF/A and stripped of embedded metadata before ingestion to remove malicious content.
It also allows users to browse content locally with Lacus and send captured pages directly to AIL as crawler data, along with associated browser cookies and local storage imported as a cookiejar for reuse by the crawler, while continuing to improve reliability, scalability, and analyst workflows.
https://www.ail-project.org/blog/2025/12/12/v6.6.released/
#cti #opensource #threatintelligence #ail #darkweb #cybersecurity #intelligence #osint
qjeromeπ From C to Python to Rust: How We Built a Fast URL Parser in 3 Days β‘
When our @ail_project (https://github.com/ail-project) started hitting performance walls with URL processing, we knew we needed a change. We were using Faup (https://github.com/stricaud/faup), a capable C library, but faced two growing pains: π architectural portability issues and cumbersome Python binding installations. Our first attempt was rewriting it in Python - which solved the installation problems but created new performance bottlenecks when processing millions of URLs. π’
That's when we decided to try Rust. Three days later, we had faup-rs (https://github.com/ail-project/faup-rs) - a zero-allocation URL parser with full Python bindings (https://pypi.org/project/pyfaup-rs/). π
What made this possible? Two incredible Rust ecosystem tools:
- Pest (https://github.com/pest-parser/pest) - it might look a bit hostile at first, but this parser generator has consistently saved us weeks of development time across multiple projects. You define the grammar, and Pest handles a lot of the parsing magic. β¨
- PyO3 (https://github.com/PyO3) - which made creating Python bindings almost effortless. π€
The result speaks for itself:
- β‘ Fast URL parsing callable from Python
- π True cross-platform compatibility
- π¦ Simple pip installation
- ποΈ Zero allocations during parsing
This experience reinforced an important lesson: when you hit fundamental performance limits, sometimes the fastest solution is rewriting your bottleneck in Rust. The language's combination of speed, safety, and growing ecosystem makes these kinds of transformations not just possible, but practical even on tight timelines. π‘
You can try it today:
- Rust crate: https://crates.io/crates/faup-rs
- Python package: https://pypi.org/project/pyfaup-rs
As always, it is open-source and you can check it out: https://github.com/ail-project/faup-rs ποΈ
**AIL v6.5** introduces several major improvements to strengthen dark web monitoring and analysis workflows:
- **I2P Crawling Support**
The crawler now supports **I2P**, extending coverage beyond Tor and traditional web sources.
- **Enhanced Search with Description Indexing**
Search capabilities have been improved with **description indexing**, making it easier to discover and correlate relevant content across large datasets.
- **Improved Image Analysis Workflows**
Image analysis has been optimized to provide more efficient processing, categorization, and contextual enrichment of visual material.
#darkweb #cybersecurity #threatintelligence #opensource #ailproject
π https://www.ail-project.org/blog/2025/09/29/v6.5.released/
By the way, weβve never managed to get any hashes or urls from the so-called non-profit organisations that claim to share CSAM material hashes or links for detection. Weβve come to assume weβll never receive any, so supporting actual detection was out of reach for us.
So we decided to build it ourselves. We now provide a public onion lookup service where you can look up Tor onion addresses to check whether theyβre linked to CSAM for filtering and detection.
Lookup example (non CSAM): https://onion.ail-project.org/?lookup=ef42schauidg4vpuvodxxvd5lz7w2romgrym5fwv3bo4okg5lvcx6xyd.onion
If the content is related to CSAM, the following tag is used dark-web:topic="child-sexual-abuse-material"
π€ API https://onion.ail-project.org/apiman/redoc/
This functionality (starting from version 6.1) is also included in @ail_project to limit crawling unsafe content. https://www.ail-project.org/blog/2025/02/06/AIL-v6.1.released/
Weβre excited to release AIL Framework v6.3 which includes Passive SSH integration, enabling correlation of SSH keys across onion services, IPs, and domains. This helps identify shared infrastructure and supports onion deanonymization efforts. Multiple bugs were fixed and many improvements were included.
π https://www.ail-project.org/blog/2025/07/16/v6.3.released/
#opensource #ail #darkweb #cybersecurity #threatintelligence #threatintel #osint
AIL 6.2 released - Smarter Analysis, Search and Enhanced User Experience
Weβre excited to release AIL Framework v6.2, a major update with new features and improved performance. This version makes analysis easier and the overall experience faster and more user-friendly.
Among the highlights are a fully revamped search engine powered by MeiliSearch, improved language detection for short text, local AI-driven image descriptions, and a yara-hunting editor tool.
π https://www.ail-project.org/blog/2025/05/28/AIL-v6.2.released/
#darkweb #threatintelligence #threatintel #cti #opensource #osint
A new release of the AIL project is coming soon, featuring a significant improvement in language detection.
A lot of work has been done on LexiLang by @terrtia to clean up dictionaries and improve support for localized languages and slang.
In the example below, you can see a user active in different Telegram channels, using both Russian and Ukrainian.
π https://www.ail-project.org/
If you're interested in the topic, join us at a 2-day hackathon in Luxembourg on April 8β9, 2025, focused on open-source security tools. The developers of the AIL project will be there in person!
#threatintel #threatintelligence #opensource #ail #intelligence
