AIL v6.3 adds Passive SSH integration, enabling correlation of SSH keys across onion services, IPs, and domains. This helps identify shared infrastructure and supports onion deanonymization efforts.
Key Feature: Passive SSH Integration for Onion Correlation
AIL now integrates with Passive SSH, allowing:
- SSH key correlation across IPs, domains, and onion services.
- A new SSH key object with sidebar display and linking.
- Passive SSH search and lookup within AIL.
- New IP object to correlate IPs and SSH keys.
This enables deanonymization of onion services through infrastructure fingerprinting based on shared SSH keys.
Notable Changes
Onion Module
- Reduced redundant duplicate checks.
- Only print task UUID when a new task is created.
- Fixed exceptions for invalid URLs and
Nonedomains.
QR Code Extraction
- Added support for color-inverted QR codes.
IP & Domain Handling
- New IP object with SSH key correlation.
- Print deanonymized hostnames.
- Replaced and removed FAUP with
psl_faup. - Improved domain parsing (including missing schemes).
Image Engine
- Added domain description functionality.
- Improved progress logging and display.
Language Handling
- Avoid sending unsupported languages to LibreTranslate.
- Added support for
be(Belarusian). - Improved language selection and translation handling in UI.
Tracker & Stats
- Added heatmap: matches by year.
- Option to avoid duplicate notifications.
- New function to get AIL-wide stats.
ZMQImporter
- Content filtering by
feeder_nameand pattern. - Improved debug messages and output.
API
- Added endpoint: get onions grouped by month.
Fixes
- Removed all uses of FAUP and migrated to python
psl_faup. - Fixed:
- Domain extraction and parsing bugs.
- IP-to-SSH key correlation.
- Sidebar rendering for IPs and SSH keys.
- Retro hunt filters and metadata cleanup.
- CE Detector retagging behavior.
- Various UI issues (icons, sparkline removal, template bugs).
- Updater version tagging and leftover debug output.