Date: November 5, 2025
Platform: macOS • Linux • Windows
Languages: Python 3.11, YAML, JSON, JavaScript
Frameworks: FastAPI, Scrapy, PyTorch
License: MIT
Maintainer: gs-ai / ACE-T Team

ACE-T is a next-generation modular Open-Source Intelligence (OSINT) platform for real-time, actionable insights across social, deep, and dark web sources. It combines AI, NLP, and analytics to deliver automated alerting, global visibility, and rich contextual intelligence for investigators and security teams.

• Real-time OSINT Monitoring — social media, paste sites, forums, code repos, dark web, and more
• Modular Architecture — independent modules for each data source
• AI/NLP Analytics — entity extraction, sentiment, and trend velocity
• Rich Metadata — geo-info, source URLs, timestamps, and classification
• Automated Alerting — live GUI with map-based visualization
• Role-Based Access Control — secure FastAPI backend
• Extensible Spiders — 15+ Scrapy crawlers for surface, deep, and dark web
• Analyst Review Workflow — medium/high alerts routed to alerts_for_review/

conda env create -f environment.yml
conda activate ace-t-env

alembic upgrade head

./start_ace_t.sh
# or
make start

GUI auto-opens the live Nodes Map. API available at: http://127.0.0.1:8000/docs

alembic upgrade head
alembic revision --autogenerate -m "Describe change"

pastebin ghostbin rentry reddit chans telegram twitter archive_org github shodan crtsh trends

Located in: web_crawlers/ace_t_scraper/ace_t_scraper/spiders/

Example:

cd web_crawlers/ace_t_scraper
outdir="$(cd ../.. && pwd)/data/alerts/$(date +%Y/%m/%d)"
mkdir -p "$outdir"
scrapy crawl pastebin -O "$outdir/pastebin.jsonl"

{
  "geo_info": {"country": "Germany", "city": "Berlin"},
  "source_url": "https://trends.google.com/trends/explore?q=database+leak&geo=EU",
  "detected_at": "2025-04-18T23:52:07",
  "entities": {"organizations": ["Google"], "keywords": ["leak","database"]},
  "threat_analysis": {"potential_impact": "Data exposure"},
  "trend_velocity": {"increase_percent": 147},
  "sentiment": "negative",
  "tags": ["osint","data-leak","cyber-intel"],
  "classification": "Confidential"
}

Defined in ace_t_osint/triggers/triggers.json

[
  {"pattern": "database leak", "severity": "high", "trigger_id": "db-leak-001"},
  {"pattern": "CVE-2025-", "severity": "medium", "trigger_id": "cve-2025"}
]

output/             → alert logs and exports
alerts_for_review/  → medium/high alerts
data/osint.db       → local SQLite DB
data/alerts/YYYY/MM/DD/alerts.jsonl

python -m ace_t_osint run --sources all --once
python -m ace_t_osint validate
python -m ace_t_osint vacuum
python -m ace_t_osint.migrate

import yaml; c=yaml.safe_load(open('ace_t_osint/config.yml'))
for k,v in c.get('sources',{}).items(): print(k, v.get('urls',[]))

sqlite3 -json data/osint.db "SELECT count(*) AS cnt FROM alerts;"

conda activate ace-t-env
pytest -q
python -m ace_t_osint run --sources all --once

scripts/start_ace_t.sh

./start_ace_t.sh

https://pastebin.com/archive https://rentry.org/ https://old.reddit.com/r/netsec/ https://github.com/trending https://seclists.org/ https://bleepingcomputer.com/forums/ https://www.exploit-db.com/ https://www.cisa.gov/newsroom/alerts

Full documentation: https://github.com/gs-ai/ACE-T/wiki

Publish updates:

python utilities/publish_wiki.py --remote origin

MIT License — see LICENSE file.

ACE-T is engineered for precision OSINT and cyber threat intelligence operations.