AIL framework 5.2 released with new features and various bugs fixed

The latest release, version 5.2 of the AIL project framework, introduces several changes, fixes, and improvements. Some notable changes include the removal of old updates prior to version 5.0, a refactoring of the background updater along with the addition of the v5.2 update, and the introduction of a new etag object. The correlation graph now offers an option to hide objects/nodes and reset functionality using the "H" key. Additionally, an object comment feature has been added to investigations.

Several fixes have been implemented in this release. The environment issues in the updater and background update modules have been resolved. The crawler now includes timeouts for Unknown captures and exception handling for ping_lacus. It also performs an existence check for screenshot sets. The decoding process for downloaded files has been fixed, and the tag functionality for correlation objects has been improved. Fixes have also been made to the updater module, including the removal of old ARDB environment references. Lastly, issues with MISP event JSON export and retro hunt date search and description in the hunter module have been addressed.

In terms of contributors, Thirion Aurélien and fukusuket have made significant contributions to this release, addressing specific issues and providing fixes.

Detailed Change Log

v5.2 (2023-07-12)

Changes

• [update] remove old updates < 5.0. [Terrtia]

• [updater] refactor background updater + add v5.2 update. [Terrtia]

• [crawler har] compress HAR. [Terrtia]

• [correlation] correlation graph, add an option to hide an object/node by pressing H + reset correlation graph. [Terrtia]

• [etag] add new etag object. [Terrtia]

• [investigation] add object comment. [Terrtia]

Fix

• [updater] fix env. [Terrtia]

• [background update] fix logger. [Terrtia]

• [crawler] add timeout to Unknown captures. [Terrtia]

• [crawler] add exception handing for ping_lacus. [fukusuket]

• [crawler] added existence check for screenshot set. [fukusuket]

• [decoded] fix download file. [Terrtia]

• [updater] fix db checker. [Terrtia]

• [correlation tags] fix tag all objects. [Terrtia]

• [correlation card decoded meta] mimetype + size. [Terrtia]

• [correlation card decoded meta] mimetype + size. [Terrtia]

• [updater] remove old ARDB env. [Terrtia]

• [hunter + misp export] fix misp event json export + retro hunt date search and description. [Terrtia]

Other

• Merge pull request #174 from fukusuket/fix-500-erro-when-invalid-lacus-url. [Thirion Aurélien]

  fix: [crawler] add exception handing for ping_lacus

• Merge pull request #176 from fukusuket/fix-500-error-when-crawler-screenshot-setting-off. [Thirion Aurélien]

  fix: [crawler] added existence check for screenshot set

AIL framework 5.1 released with new features and many bugs fixed

Version 5.1 (2023-06-26) includes several changes, fixes, and updates. The changes include fixing gzipped pastes in the pystemon importer, showing a message when the maximum number of nodes is reached in the correlation graph, and adding the ability to auto tag crawled domains. Additionally, new features were added such as pagination for title searches, the ability to search title IDs and contents, and the inclusion of a favicon object.

Several fixes were implemented, including resolving issues with base64 encoding in the pystemon importer, maintaining the same capture UUID for already crawled domains in the crawler, and handling empty queues in the IPAdress module. Other fixes addressed issues with title searches returning empty results, incomplete responses in the crawler, and errors related to user tokens and deletion.

Various improvements were made to different modules and objects, such as the addition of a new cookie-name object along with its correlation, enhancements to importers, improvements to the HOWTO guide, and updates to correlation graphs and statistics. The Phone module was also updated to filter invalid phone numbers and display extracted information in the user interface.

In addition to the changes and fixes, there were updates to the MISP export, domains explorer, daterange object, tracker module, and various other components. The README.md file and CI badge were corrected, the installer was fixed for YARA and pycld3 installations, and tests were updated and replaced.

Lastly, there were some general updates, including merging changes from the old CIRCL/AIL-framework repository (the official repository is ail-project/ail-framework and incorporating a pull request related to email categorization.

Overall, version 5.1 introduced new features, addressed several issues, and included various updates and improvements to different parts of the system.

Detailed Change Log

v5.1 (2023-06-26)

Changes

• [pystemon importer] fix gzipped pastes. [Terrtia]

• [correlation graph] show message if max_nodes reached + fix cookie-name sparkline. [Terrtia]

• [crawler] auto tag crawled domains. [Terrtia]

• [correlation] add an option to remove max number of nodes if max_node == 0. [Terrtia]

• [object cookie-name] add new cookie-name object + correlation. [Terrtia]

• [title search] add pagination. [Terrtia]

• [titles] add title IDs and contents search. [Terrtia]

• [favicon object] add favicon object. [Terrtia]

• [sow item] show item investigations. [Terrtia]

• [kvrocks migration] mv update/v.50. [Terrtia]

• [redis] update minimal version. [Terrtia]

• [doc] add AIL v5.0 + objects + Importers + sync. [Terrtia]

• [correlation] filter blank screenshots. [Terrtia]

• [importers] improve abstract class and logs. [Terrtia]

• [domains explorer] unsafe tag default image. [Terrtia]

• [README.md] update. [Terrtia]

• [HOWTO] improve HOWTO. [Terrtia]

• [correlation graph] update node legend. [Terrtia]

• [correlation graph] select correlation depth. [Terrtia]

• [correlation] correlation graph: filter title objects. [Terrtia]

• [correlation] add direct correlation stats. [Terrtia]

• [new title object] add new title object + correlation on page title. [Terrtia]

• [Phone module] Filter Invalid Phone numbers + UI Show extracted. [Terrtia]

• [importers] add Dir/File Importer. [Terrtia]

Fix

• [pystemon importer] fix base64 encoding. [Terrtia]

• [crawler] same capture uuid if a domain is already crawled. [Terrtia]

• [IPAdress module] empty queue if no IP ranges provided. [Terrtia]

• [retro hunt] fix object tag queue + decoded content. [Terrtia]

• [daterange object] fix objects by date. [Terrtia]

• [title] fix title search empty result. [Terrtia]

• [crawler] fix incomplete response. [Terrtia]

• [user] fix get user token #163. [Terrtia]

• [user] fix user delete #163. [Terrtia]

• [MISP export] fix ail object first/last seen + obj logger. [Terrtia]

• [MISP export] fix empty event. [Terrtia]

• [d4] change enable d4. [Terrtia]

• [kvrocks migration] [Terrtia]

• [objects] fix investigation + ail2ail + screenshot MISP export. [Terrtia]

• [domains explorer] None screeenshot. [Terrtia]

• [show domains] fix down domains. [Terrtia]

• [domains explorer] domain screeenshot. [Terrtia]

• [domains explorer] fix empty screenshots. [Terrtia]

• [correlation] fix tagging nb nodes. [Terrtia]

• [README.md] fix CI badge. [Terrtia]

• [README.md] fix logo. [Terrtia]

• [module.cfg] fix templateModule example. [Terrtia]

• [module extractor] fix tracker extractor. [Terrtia]

• [tracker] fix tracker delete. [Terrtia]

• [tracker] fix webhook. [Terrtia]

• [crawler] fix undefined capture status. [Terrtia]

• [correlation btc info] catch btc txs error. [Terrtia]

• [Phone module] Filter Invalid Phone numbers. [Terrtia]

• [phone] fix phone module. [Terrtia]

• [domain search] fix template domain types filter. [Terrtia]

• [domain search] fix template domain types filter. [Terrtia]

• [MISP auto export] fix module input message. [Terrtia]

• [tests] replace unmaintened nose by nose2. [Terrtia]

• [tests] fix tests. [Terrtia]

• [instaler] fix yara and pycld3 install. [Terrtia]

• [tests] github workflow. [Terrtia]

• [tests] github workflow. [Terrtia]

• [flask] remove old import. [Terrtia]

Other

• Merge github.com:CIRCL/AIL-framework. [Terrtia]

• Merge pull request #592 from shadow2033/patch-2. [Thirion Aurélien]

  Update Categ Mail

• Update Mail. [shadow2033]

  ///English
  added (inbox; zoho)

  ///Russian
  добавлен (inbox; zoho)

AIL framework version 5.0: Major Rewrite, Kvrocks Database, and Lacus Crawler Migration.

AIL v5.0 introduces significant improvements and new features:

• Codebase Rewrite: The codebase has undergone a substantial rewrite resulting in enhanced performance and speed improvements.
• Database Upgrade: The database has been migrated from ARDB to Kvrocks.
• New Correlation Engine: AIL v5.0 introduces a new powerful correlation engine with two new correlation types: CVE and Title.
• Enhanced Logging: The logging system has been improved to provide better troubleshooting capabilities.
• Tagging Support: AIL objects now support tagging, allowing users to categorize and label extracted information for easier analysis and organization.
• Trackers: Improved objects filtering, PGP and decoded tracking added.
• UI Leak Visualization: The user interface has been upgraded to visualize extracted and tracked information.
• New Crawler Lacus: improve crawling capabilities.
• Modular Importers and Exporters: New importers (ZMQ, AIL Feeders) and exporters (MISP, Mail, TheHive) modular design.
  Allow easy creation and customization by extending an abstract class.
• Module Queues: improved the queuing mechanism between detection modules.
• New Object CVE and Title: Extract an correlate CVE IDs and web page titles.

Correlation:

UI Extracted/Tracked content:

AIL Framework version 4.2 released including typo squatting tracker, improved AIL2AIL sync, zerobinz fetcher and many bugs fixes

AIL Framework version 4.2 released including typo squatting tracker, improved AIL2AIL sync, zerobinz fetcher and many bugs fixes v4.2 (2022-06-24)

AIL Framework version 4.2 has been released including:

• A new tracker for tracking potential typo squatted domains. This feature relies on the new ail-typo-squatting library which can be also used outside of AIL framework. This contribution is from @DavidCruciani
• Many improvement and bugs fixed for the AIL2AIL sync. A huge thanks to @aaronkaplan from EU Directorate-General for Informatics (DIGIT) for support and tests during the long debugging sessions.
• A new module for zerobinz to create an immediate crawler request if a zerobinz link appears in an item. The module can be used for other services with ephemeral content. Thanks to @gallypette for the contribution and the improvement ideas.
• A new hosts detection module has been introduced.
• Multiple bugs were fixed.

Detailed Changes

• [Tracker} Tracker_Typo_Squatting. [David Cruciani]

• [v4.2] add v4.2 update. [Terrtia]

• [investigation] fix investigation by user + delete an obj from all investigation. [Terrtia]

• [install vitualenv] remove travis env. [Terrtia]

• [Retro Hunt] add logs. [Terrtia]

• [Retro Hunt] add logs. [Terrtia]

• [Retro Hunt] add logs. [Terrtia]

• [AIL2AIL Sync] update exchange format. [Terrtia]

• [AIL2AIL Sync] update exchange format. [Terrtia]

• [add Hosts module] [Terrtia]

• [sync module] debug. [Terrtia]

• [sync client] debug. [Terrtia]

• [websockets client] bind client ip. [Terrtia]

• [websocket server] add host and port config. [Terrtia]

• [telegram importer] add username correlation. [Terrtia]

• [UI subtype objs] get obj by subtype + name. [Terrtia]

• [misp export] add username. [Terrtia]

Fix

• [typosquatting] remove unused import. [Thirion Aurélien]

• [tracker] clean import. [Thirion Aurélien]

• [tracker term] fix typosquatting key. [Thirion Aurélien]

• [Typo] tracker typo. [David Cruciani]

• [tracker] UI for other than typosquat. [David Cruciani]

• [typo] UI. [David Cruciani]

• [Language] fix cld3 import. [Terrtia]

• [launcher] kill AIL_2_AIL screen. [Terrtia]

• [cld3] enable cld3. [Terrtia]

• [cld3 python3.10] temp disable cld3. [Terrtia]

• [launcher] remove Travis test. [Terrtia]

• [Retro Hunt] item directory. [Terrtia]

• [Retro Hunt] item directory. [Terrtia]

• [Retro Hunt] fix item directory. [Terrtia]

• [AIL exchange mime-type] [Terrtia]

• [Hosts module] module + launcher. [Terrtia]

• [abstract module] exception traceback #145. [Terrtia]

• [ui tag selector] force custom tags. [Terrtia]

• [installer] remove old tor install. [Terrtia]

• [sync module] fix redis tag queue. [Terrtia]

• [sync module] fix tags filter. [Terrtia]

• [sync client] debug. [Terrtia]

• [sync client] debug. [Terrtia]

• [sync module] debug. [Terrtia]

• [websockets client] fix client bind. [Terrtia]

• [websockets] remove size limit. [Terrtia]

• [UI subtype objs] fix form. [Terrtia]

• [misp config] https. [Thirion Aurélien]

Other

• Merge pull request #147 from ail-project/typo. [Thirion Aurélien]

  Integration of the typo-squatting tracker

• Fix; [set tracker] missing function. [Thirion Aurélien]

• Merge branch 'master' into typo. [David Cruciani]

• Add: [tracker] typo-squatting. [David Cruciani]

• Merge branch 'master' of github.com:ail-project/ail-framework. [Terrtia]

• Merge pull request #146 from gallypette/master. [Thirion Aurélien]

  add: [modules] zerobinz

• Add: [modules] zerobinz. [[email protected]]

• Merge branch 'master' of github.com:ail-project/ail-framework. [Terrtia]

AIL Framework version 4.1 released with new investigation/case handling, improved MISP export and many improvements.

AIL Framework version 4.1 released with new investigation/case handling, improved MISP export and many improvements.

Investigation in AIL

The major new functionality is the investigation handling in AIL. An analyst can now easily create investigation where
any objects from AIL can be added. This helps an analyst to build collection or cases to work on. The integration allows
to export it as a standard MISP event.

Support for Jabber/XMPP

AIL has been extended to support Jabber/XMPP addresses. The source feeder just need to submit the keys such as jabber:to, jabber:from, jabber:ts, jabber:id.
An example feeder is available. The new feature can be used to inject existing leak
or stream from XMPP/Jabber server. As an example, the Conti leak can be easily injected into AIL and show automatically all correlations between users.

Many bugs were fixed.

The complete changelog can be seen below.

v4.1 (2022-03-11)

Changes

• [flask] updated. [Alexandre Dulaunoy]
• [flask] requirements for higher version of flask. [Alexandre Dulaunoy]
• [v4.1] add Investigation with MISP Export + v4.1 update. [Terrtia]
• [Telegram module] refactor module + fix str format. [Terrtia]

Fix

• [Investigation] edit misp event + add misp instance url. [Terrtia]

• [Investigation] fix MISP Export + UI sidebar. [Terrtia]

• [UI inestigations] add items link. [Terrtia]

• [UI inestigations] add objects link. [Terrtia]

• [telegram launcher] [Terrtia]

• [items] abstract class. [Terrtia]

• [Investigation] UI sidebar. [Terrtia]

• [v4.1] fix ardb # tracking DB. [Terrtia]

• [username] user icon. [Thirion Aurélien]

• [Term tracker] fix item date. [Terrtia]

• [Telegram module] fix launcher. [Terrtia]

• [pybgpranking] package install. [Terrtia]

• [popper install] rename popper repository. [Terrtia]
  floating-ui/floating-ui#1425

• [UI] remove update note. [Terrtia]

• [trackers] fix get_all_items_sources. [Terrtia]

• [crawler] fix is_splash_manager_connected #133. [Terrtia]

Other

• Merge branch 'master' of github.com:ail-project/ail-framework. [Terrtia]
• Merge pull request #139 from gallypette/jabber-feeder. [Thirion Aurélien]
  add: [username] jabber support
• Add: [username] jabber support. [Jean-Louis Huynen]
• Merge branch 'master' of github.com:ail-project/ail-framework. [Terrtia]
• Create SECURITY.md. [Alexandre Dulaunoy]

AIL Framework version 4.0 released with new synchronisation feature, tracker webhook improvement and many bugs fixed.

AIL Framework version 4.0 has been released including a major new feature to allow synchronisation to other AIL instance(s).

The new synchronisation mechanism allow the sync from one AIL instance to another AIL using a standard WebSocket using AIL JSON protocol. The synchronisation allows to filter and sync specific collected items including crawled items or specific tagged items matching defined rules. This feature can be very useful to limit the scope of analysis in specific fields or resource intensive activity. This sync can be also used to share filtered streams with other partners.

A new functionality has been added to trigger a webhook when a tracker is matched in AIL. This is in addition to email notification. The webhook can be used to trigger additional pipelines in AIL.

Additional API endpoints were added such get_item_sources get_check_item_source and get_default_yara_rule_content.

Thanks to the numerous external contributors such as Olivier Sagit and Tony Jabbour. A special thank for the webhook and API developed by Tony Jabbour from CSIRT POST Cyberforce in Luxembourg.

The first version of the synchronisation protocol has been developed in the scope of the JTAN (Joint Threat Analysis Network), a CEF co-funded project (2020-EU-IA-0260).

Many bugs were fixed in this release and many small improvements were added.

Detailed changelog is available on https://www.ail-project.org/ChangeLog.

Changelog

v4.0 (2021-12-01)

Changes

• [sync UI] disable pull. [Terrtia]

• [sync UI] dashboard, show nb of imported items + launch/kill ail servers when a queue is subscribed/unsubscribed. [Terrtia]

• [ail sync UI] restarr/launch/kill sync connections + show sync mode api/pull/push. [Terrtia]

• [ail sync server] add server controller + list connected clients ail_uuid->sync_modes. [Terrtia]

• [ail sync ui] copy to clipboard ail_uuid, ail server key. [Terrtia]

• [ail sync] edit ail_servers/sync_queues + fix logs. [Terrtia]

• [api] rename endpoints. [Terrtia]

• [ail sync] add sync api (ping, version) + UI/client error handler. [Terrtia]

• [doc] GI Badge. [Steve Clement]

• [v4.0 AIL SYNC / AIL 2 AIL] SYNC Manager + fixs + views. [Terrtia]

• [crawler] add auto crawler functions. [Terrtia]

Fix

• [sync client] don't launch client if ail server not linked with a sync queue. [Terrtia]

• [sync server] remove hardcoded host. [Terrtia]

• [sync server] host. [Terrtia]

• [sync client] fix websockets client connect for python >= 3.8. [Terrtia]

• [ail sync] fix refresh_ail_instance_connection. [Terrtia]

• [ail sync] fix refresh_ail_instance_connection. [Terrtia]

• [ail sync] server + client: resend object in queue on ConnectionClosedError. [Terrtia]

• [crawler] add comment. [Terrtia]

• [UI ail sync] fix nav. [Terrtia]

• [UI ail sync] add missing ail icon. [Terrtia]

• [doc] Remove Travis. [Steve Clement]

• [py] Minor python dependency change. [Steve Clement]

• Inherit AbstractModule to prevent stuck queues. [osagit]

  regex compiled only at start, not in the loop
  no duplicate warning string
  comments

• Error message contains http protocol twice. [osagit]

  Error Can't connect to AIL Splash Manager, http://https://localhost:7001/

Other

• Merge pull request #130 from TonyJabbour/master. [Thirion Aurélien]

  New restAPIs

• Merge branch 'dev' into master. [Thirion Aurélien]

• Merge branch 'master' of github.com:ail-project/ail-framework. [Terrtia]

• Merge branch 'master' of github.com:ail-project/ail-framework. [Alexandre Dulaunoy]

• Merge pull request #569 from SteveClement/master. [Steve Clement]

• Chg_ [AIL 2 AIL] add backend. [Terrtia]

• Merge branch 'master' of github.com:ail-project/ail-framework. [Terrtia]

• Add tracker fixed api function replaced it with internal function. [TonyJabbour]

• Added get_tracker_metadata_api Removed unnecessarily parentheses. [TonyJabbour]

• New API Endpoint: Fixed get_item_content_encoded_text Added get_item_sources Added get_check_item_source Added get_default_yara_rule_content. [TonyJabbour]

• Removed unnecessarily parentheses. [TonyJabbour]

• New API Endpoint: Return Item Content in base64 in non JSON format. [TonyJabbour]

• Merge remote-tracking branch 'origin/master' [TonyJabbour]

• Merge branch 'ail-project:master' into master. [Tony]

• Merge pull request #129 from TonyJabbour/master. [Thirion Aurélien]

  Webhook implementation

• Unnecessarily parenthesis removed. [TonyJabbour]

• Base64 Problem. [TonyJabbour]

• Base64 Problem. [TonyJabbour]

• Type fixed. [TonyJabbour]

• Type fixed. [TonyJabbour]

• Error Fixed. [TonyJabbour]

• Add new API endpoint that return only content encoded in base64. [TonyJabbour]

• Webhook unnecessarily line removed Removed unnecessarily parentheses. [TonyJabbour]

• Type fixed. [TonyJabbour]

• Added a try/catch to handle exceptions Replaced the raise to send message to redis_logger. [TonyJabbour]

• Fixed tracker_metadata. [TonyJabbour]

• Typo Fixed. [TonyJabbour]

• Fixed UI Datatable in showTracker Page Removed "Advanced Search" text from menu misleading button. [TonyJabbour]

• Fixed Webhook integration with Trackers. [TonyJabbour]

• -Fixed "get_tracker_metedata" typo -Typo Fixed. [TonyJabbour]

• -Fixed "description" arg -Typo Fixed. [TonyJabbour]

• -Fixed the 500 error issue when installing new instance of ail when adding new trackers -Fixed missing arguments -Typo Fixed. [TonyJabbour]

• Fix webhook. [TonyJabbour]

• Remove dict from Trackers. [TonyJabbour]

• Add webhook post support in yara and regex trackers. [TonyJabbour]

• Fix get_term_webhook. [TonyJabbour]

• Add some changes for webhook. [TonyJabbour]

• Add initial support for Webhook in Term Trackers. [TonyJabbour]

• Fix spelling issue in Webhook. [TonyJabbour]

• Add more support for Webhook URL. [TonyJabbour]

• Add initial UI support for Webhook in tracker. [TonyJabbour]

• Merge pull request #127 from osagit/patch-3. [Thirion Aurélien]

  fix: inherit AbstractModule to prevent stuck queues

• Merge pull request #126 from osagit/patch-2. [Thirion Aurélien]

  fix: error message contains http protocol twice

AIL Framework version 3.7 released with many bugs fixed, improvement and new feeders.

AIL Framework version 3.7 released with many bugs fixed and improvement. The term tracker has been improved including the first_seen and last_seen. Various bugs were fixed and documentation improved. Thanks to all the contributors and especially Tony Jabbour for the new CentOS installation documentation. Thanks to Relega for the improved documentation about the pystemon integration. And a huge thank to @FBroy for the new feeders: Discord, ActivityPub feeder and RSS/Atom feeder. There is an ongoing feeder to include AIL2AIL synchronisation and a first draft of the message format has been proposed. Feedback is more than welcome.

v3.7 (2021-08-27)

Changes

• [tracker + update] add update v3.7 + add map item_id:tracker_uuid (data retention) + fix tracker first_seen/last_seen. [Terrtia]

• [tracker] typo fixed. [Alexandre Dulaunoy]

• [Credential + tags] add misp-taxonomies submodule + fix typo. [Terrtia]

• [gitchangelog.rc] updated to output Markdown. [Alexandre Dulaunoy]

Fix

• [tracker] global tracker list: fix first/last seen. [Terrtia]

• [v3.7] add missing file. [Terrtia]

• [trackers] items by daterange. [Terrtia]

• [correlation graph] fix legend, remove icon text. [Terrtia]

• [Credential] fix moduleStats. [Terrtia]

• [Credemtial module] fix stats. [Terrtia]

• [Yara + regex trackers] remove tests. [Terrtia]

• [Decoder] log level. [Terrtia]

• [abstract_modules + Global] log message on error + fix Global exception on invalid gzip. [Terrtia]

• [Credential] fix old funct call. [Terrtia]

• [UI Item submit] tags input: avoid browser and password managers autocomplete. [Terrtia]

• [term tracker] typo. [Terrtia]

Other

• Merge branch 'master' of github.com:ail-project/ail-framework. [Terrtia]

• Merge branch 'master' of github.com:ail-project/ail-framework. [Terrtia]

• Merge pull request #123 from TonyJabbour/master. [Alexandre Dulaunoy]

  CentOS 8 installation script Fixed a problem

• CentOS 8 installation script Fixed a problem Added centos installation guide in README.md. [Tony Jabbour]

• Merge branch 'master' of github.com:ail-project/ail-framework. [Terrtia]

• Merge pull request #122 from TonyJabbour/master. [Alexandre Dulaunoy]

  Added CentOS 8 installation script

• Added CentOS 8 installation script. [Tony Jabbour]

• Merge branch 'master' of github.com:ail-project/ail-framework. [Terrtia]

• Merge pull request #119 from Relega/patch-1. [Alexandre Dulaunoy]

  Update HOWTO.md

• Update HOWTO.md. [Relega]

  • replaced pystemon url (from circl repository to the original repository)
  • refined pystemon instructions

AIL Framework version 3.6 released with new features (such as YARA retrohunt) and many bugs fixed

AIL Framework released version 3.6

AIL Framework version 3.6 released with new features (such as YARA retrohunt), significant performance improvements, refactoring of the modules and many bugs were fixed. This version includes a new advanced to perform YARA retrohunt on the whole AIL dataset. YARA retrohunts can be started and stopped live, sources can be defined and also the period where to search retroactively for. Tags can be also applied to reclassify information collected in AIL. The speed of YARA retrohunt depends of the hardware used, SSD devices are strongly recommended. New tool such as export of crypto currencies correlation has been added to allow the use of data from AIL in other tools for analysing cryptocurrency transactions.

Many bugs were also fixed in this release. Don't forget to update.

A huge thanks to all the contributors and especially @osagit for the numerous contributions.

Changelog

v3.6 (2021-07-14)

Changes

• Chg: [README] add Olivier Sagit @osagit to contributors list. [Terrtia]

• [requirements] minimal version + remove old packages. [Terrtia]

• Add Retro Hunt. [Terrtia]

• [UI trackers] add/edit/remove tracker source/target #43 #102. [Terrtia]

• [Trackers regex + yara] filter by item source. [Terrtia]

• [Tracker term] track terms by sources. [Terrtia]

• [test] add new workflow. [Thirion Aurélien]

• [requirements] minimal version + remove old packages. [Terrtia]

• [modules + tests] fix modules + test modules on samples. [Terrtia]

• [update v3.6 + installer] fix faup install + add v3.6 update. [Terrtia]

• [Launcher] update modules directory. [Terrtia]

• [SQLInjectionDetection LibInjection modules] add module class. [Terrtia]

• [Urls (Web) module] fix regex + rename. [Terrtia]

• [Tracker_Regex module] create module class + mv module. [Terrtia]

• [Tracker_Yara module] create module class. [Terrtia]

• [modules] create new modules repository + small fixs. [Terrtia]

• [Keys] add test. [Terrtia]

• [modules] add tests: CreditCard, Global, DomClassifier. [Terrtia]

• [Categ] tests + docs. [Terrtia]

• [ApiKey] refactor module + tests. [Terrtia]

• [launcher + modules] add module tests (Onion module) [Terrtia]

• [AIL items + Onion] create AIL item objects + Onion module refactor. [Terrtia]

• [tools extract_cryptocurrency] filter by correlation objects + errors messages. [Terrtia]

• [tools extract_cryptocurrency] new input: list of addresses to extract. [Terrtia]

• [tools] add 2 new tools: extract cryptocurrency correlation by type + trigger manual update. [Terrtia]

• [modules] set log level to critcal on unexpected errors. [Terrtia]

Fix

• [Term tracker] fix fct args. [Terrtia]

• [crawler] fix new crawled item id. [Terrtia]

• [Retro Humt UI] clarify tags input. [Terrtia]

• URLs www word to match. [osagit]

  There is 4 'w' chars instead of 3

• [crawlers] get_all_splash return type. [Terrtia]

• [Splash_Manager errors] catch invalid response. [Terrtia]

• [Trackers UI] fix sources logo + tracker metadata. [Terrtia]

• Change module name Web to Urls. [lpwm9803]

• [Splash_Manager errors] catch invalid response. [Terrtia]

• [github workflows] fix test. [Terrtia]

• [github workflows] clone depth. [Thirion Aurélien]

• [installer] pyfaup install. [Terrtia]

• [installer] pyfaup install. [Terrtia]

• [UI crawler dashboard] block_languages_search: fix domains_types #110. [Terrtia]

• [UI crawler dashboard] block_domains_name_search: fix domains_types #110. [Terrtia]

• [modules] print + save traceback in logs. [Terrtia]

• [paste_submit] restrict source characters. [Terrtia]

• [submit_paste] restrict source name. [Terrtia]

• [tools extract_cryptocurrency] argparse flags. [Terrtia]

• [tags] invalid tags. [Terrtia]

• Replace redis init with generic ConfigLoader. [osagit]

  StrictRedis() replaced by ConfigLoader.get_redis_conn()

• Debug() string takes 1 positional argument. [osagit]

• FILE_ALLOWED_EXTENSIONS without quotes. [osagit]

• Stuck queues and submit paste. [Olivier SAGIT]

• Name pystemon feeder in feeder monitor dashboard. [Olivier SAGIT]

• [tools extract cryptocurrency] correlation type. [Terrtia]

• [Updater] don't check if modified config files (redis and ardb config) [Terrtia]

• [Web module] resolver, change log level. [Terrtia]

• [WebStats] typo. [Terrtia]

• [Indexer] debug messages. [Terrtia]

• [WebStats] typo. [Terrtia]

• [terms tracker] refresh Tracked terms. [Terrtia]

• [redis cache] remove old paste_name db. [Terrtia]

• [crawler] typo: splash restart. [Terrtia]

Other

• Merge branch 'master' of https://github.com/ail-project/ail-framework into dev. [Terrtia]

• Merge pull request #115 from My-WAF/master. [Thirion Aurélien]

  Remove Block Copy Git Directory

• Update .dockerignore. [VNC Company]

• Merge branch 'dev' of https://github.com/ail-project/ail-framework into dev. [Terrtia]

• Merge pull request #116 from osagit/patch-1. [Thirion Aurélien]

  fix: URLs www word to match

• Merge. [Terrtia]

• Merge branch 'dev' of https://github.com/ail-project/ail-framework into dev. [Terrtia]

• Merge pull request #114 from osagit/dev. [Thirion Aurélien]

  fix: Change module name Web to Urls

• Merge branch 'master' into dev. [Terrtia]

• Merge branch 'master' of https://github.com/CIRCL/AIL-framework. [Terrtia]

• Merge pull request #559 from lesleyxyz/patch-1. [Thirion Aurélien]

  Submit paste contents to TheHive

• Submit file contents to TheHive. [Lesley De Keyser]

• Merge pull request #103 from osagit/scriptsenhance. [Thirion Aurélien]

  fix: stuck queues and submit paste

• Merge branch 'dev' into scriptsenhance. [Thirion Aurélien]

• Merge branch 'master' of https://github.com/ail-project/ail-framework. [Terrtia]

• Perf: use defined compiled regex. [osagit]

  re.compile(regex) definition was not used
  use compile_regex.findAll() directely instead of re.findall(regex)

• Log message split error + perf. [osagit]

  fix: log message split errors
  perf: string affected at start
  doc: comments

• Merge pull request #101 from osagit/namedfeeder. [Alexandre Dulaunoy]

  fix: name pystemon feeder name in feeder monitor dashboard

• Merge pull request #97 from osagit/abstract-module. [Thirion Aurélien]

  feat: module factorization

• Feat: module factorization. [lpwm9803]

AIL Framework version 3.5 released with a new flexible crawler manager, built-in Passive DNS sensor and many fixes

AIL Framework version 3.5 released with a new flexible crawler manager, built-in Passive DNS sensor and many fixes.

Changes

• [passivedns] D4server port. [Terrtia]
• [v3.5] install pyAIL. [Terrtia]
• [passivedns] D4server port. [Terrtia]
• [passiveDns] add dns records. [Terrtia]
• [passiveDns D4 Client] add passiveDns D4 Client. [Terrtia]
• [crawler] add test + relaunch crawlers + major fixs. [Terrtia]
• [update] add v3.5 update. [Terrtia]
• [doc] Splash Manager Configuration. [Terrtia]
• [UI] add update note. [Terrtia]
• [IPAddress] Add Debug + Check if option is empty. [Terrtia]
• [splash manager] update enpoints + use Splash name to restart docker.
  [Terrtia]
• [merge master] [Terrtia]
• [domains search] search domains by name. [Terrtia]
• [screenshot + har directory] add option to change screenshots
  directory. [Terrtia]
• [crawler_manager] UI edit config + fix crawler queues. [Terrtia]
• [config] save config on DB + default values. [Terrtia]
• [crawlers manager] show setings. [Terrtia]
• [crawler] show all crawlers type on dashboard. [Terrtia]
• [crawler] manage crawlers. [Terrtia]
• [crawler] crawler queue + restart docker on error. [Terrtia]
• [core module] disable phone module by default. [Terrtia]
• Merge master -> crawler_manager. [Terrtia]
• [crawler manager] get all splash dockers, proxies and launch all
  crawlers. [Terrtia]

Fixes

• [crawler] crawler test: remove print. [Terrtia]
• [crawler UI] remove unused crawlers configuration. [Terrtia]
• [crawler] user agent + splash restart. [Terrtia]
• [crawler UI] crawler by domain type, remove old dashboard. [Terrtia]
• [MISP Export UI] object type selector. [Terrtia]
• [UI] fix navbar: invalid url. [Terrtia]
• [crawler] typo. [Terrtia]
• [crawler] typo. [Terrtia]
• [crawler] typo. [Terrtia]
• [Crawler] faup. [Terrtia]
• [Launcher] launch core module: Crawler_manager. [Terrtia]
• [cralers] remove debug. [Terrtia]
• [Domain search] fix regex. [Terrtia]
• [API ACL] avoid user_no_api users to access the API. [Terrtia]
• [Module Queue] module without subscriber. [Terrtia]
• [term Tracker] TimeoutException. [Terrtia]
• [API ACL] read_only user role. [Terrtia]
• [OVERVIEW] [Terrtia]
• [gitignore] [Terrtia]
• [showDomain] empty father field. [Terrtia]
• [showDomain] empty father field. [Terrtia]
• [redis cache] remove old Redis_Data_Merging db. [Terrtia]
• [redis cache] remove old paste_name db. [Terrtia]
• [background updater] Don't launch updates on fresh install. [Terrtia]
• [v3.4 update] fix update progress. [Terrtia]
• [background updater] remove completed updates. [Terrtia]
• [install] force virtual environmemt activation. [Terrtia]

Other

• Merge branch 'master' into crawler_manager. [Terrtia]

• Merge pull request #89 from ail-project/crawler_manager. [Alexandre
  Dulaunoy]

  Crawler manager

• Merge branch 'master' into crawler_manager. [Terrtia]

• Merge branch 'master' into crawler_manager. [Terrtia]

• Merge pull request #536 from simonsigre/patch-1. [Alexandre Dulaunoy]

  Typo in placeholder "Optionnal" --> "Optional"

• Typo in placeholder "Optionnal" --> "Optional" [Simon Sigré]

  Updated placeholder value to correct typo;
  "Optionnal" --> "Optional"

• Merge branch 'master' of github.com:CIRCL/AIL-framework. [Alexandre
  Dulaunoy]

• Merge pull request #534 from simonsigre/patch-1. [Alexandre Dulaunoy]

  Added 'wget' as a dependency

• Added 'wget' as a dependency. [Simon Sigré]

  'wget' is a dependency as without this additional components won't download as part of initial install, one such example is;

  wget -O /ail-framework/ardb/src/../deps/jemalloc-5.1.0.tar.bz2 https://github.com/jemalloc/jemalloc/releases/download/5.1.0/jemalloc-5.1.0.tar.bz2 && \
  

• Merge branch 'master' into crawler_manager. [Terrtia]

• Merge branch 'master' into crawler_manager. [Terrtia]

• Merge branch 'master' into crawler_manager. [Terrtia]

AIL Framework version 3.4 released with a new language detection module and many improvements

AIL Framework version 3.4 released with a new language detection module and many small improvements

AIL Framework version 3.4 has been released with a new language detection which can classifies items analysed by
the language detected. The module relies on Compact Language Detector v3 (CLD3).
Older items will be updated (there is a background job doing the update, so it might take some time depending of your dataset).
You can then browse crawled items per language detected.

The trackers can now be edited and various bugs were fixed.

Thanks to all the contributors.

Changes

• [Languages]detect + search domains languages. [Terrtia]
• [Tracker] edit tracker. [Terrtia]
• [web] we process items nowadays not only pastes ;-) [Alexandre
  Dulaunoy]

Fix

• [install] pycld3 dependency. [Jean-Louis Huynen]

  Without this Flask fails starting

• [update v3.4] updater. [Terrtia]

• [Languages] import + update message. [Terrtia]

• [Languages] update. [Terrtia]

• [UI trackers] None trackers values. [Terrtia]

• [Tracker] edit tracker ACL. [Terrtia]

• [Yara Tracker] catch yara timeout. [Terrtia]

• [Terms Trackcers] fix item link. [Terrtia]

Other

• Merge pull request #70 from ail-project/gallypette-patch-1. [Jean-
  Louis Huynen]

  fix: [install] pycld3 dependency

• Merge branch 'master' of https://github.com/ail-project/ail-framework.
  [Terrtia]