GitHub - BigBodyCobain/Shadowbroker: Open-source intelligence for the global theater. Track everything from the corporate/private jets of the wealthy, and spy satellites, to seismic events in one unified interface. Hook an AI agent up to have it parse through data and find previously unseen correlations. The knowledge is available to all but rarely aggregated in the open, until now. Β· GitHub

Source: original

πŸ›°οΈ S H A D O W B R O K E R

Global Threat Intercept β€” Real-Time Geospatial Intelligence Platform SHADOWBROKER_LOG1423.MP4

ShadowBroker is a decentralized intelligence platform that aggregates real-time, multi-domain OSINT telemetry from 60+ live intelligence feeds into a single dark-ops map interface. Aircraft, ships, satellites, conflict zones, CCTV networks, GPS jamming, internet-connected devices, police scanners, mesh radio nodes, and breaking geopolitical events β€” all updating in real time on one screen as well as an obfuscated communications protocol and information exchange infrastructure.

Built with Next.js , MapLibre GL , FastAPI , and Python. 40+ toggleable data layers, including SAR ground-change detection, Telegram OSINT (public channel previews geoparsed onto the map), a server-side recon toolkit (DNS, WHOIS, sanctions, BGP, IP sweep, and more), supply-chain risk overlays, and malware/C2 + CISA KEV cyber threat feeds. Multiple visual modes (DEFAULT / SATELLITE / FLIR / NVG / CRT). Right-click any point on Earth for a country dossier, head-of-state lookup, entity-graph expansion, and the latest Sentinel-2 satellite photo. ShadowBroker has no accounts, product telemetry, or analytics; the dashboard talks to your self-hosted backend. Sensitive recon and Shodan queries never hit third-party APIs from the browser β€” they are proxied through the backend with SSRF guards and local-operator auth. The OpenClaw / agent command channel exposes the same recon backends plus full telemetry search β€” no separate API integration required.

Designed for analysts, researchers, radio operators, and anyone who wants to see what the world looks like when every public signal is on the same map.

Why This Exists

A surprising amount of global telemetry is already public β€” aircraft ADS-B broadcasts, maritime AIS signals, satellite orbital data, earthquake sensors, mesh radio networks, police scanner feeds, environmental monitoring stations, internet infrastructure telemetry, and more. This data is scattered across dozens of tools and APIs. ShadowBroker combines all of it into a single interface.

The project does not introduce new surveillance capabilities β€” it aggregates and visualizes existing public datasets. It is fully open-source so anyone can audit exactly what data is accessed and how. ShadowBroker does not include product telemetry, analytics, or accounts. Operator-supplied keys stay in your local deployment, but live OSINT features necessarily make outbound requests to the public data providers you enable or query.

Shodan & Recon (security-first)

ShadowBroker includes an optional Shodan connector for operator-supplied API access (SHODAN_API_KEY) and a Recon Toolkit panel for keyless OSINT lookups. Both run server-side only : the browser calls your self-hosted /api/osint/* and /api/tools/shodan/* routes; outbound requests are made by the backend after SSRF validation. Recon requires local-operator access (same trust model as layer toggles and admin routes). Shodan results render as a separate map overlay and remain subject to Shodan’s terms of service.

Not included: embedded live-news YouTube grids or a built-in Gemini AI analyst panel β€” use the OpenClaw / agent channel for AI-assisted analysis instead.

Interesting Use Cases

⚑ Quick Start (Docker)

From GitHub (default β€” uses GHCR images)

git clone https://github.com/bigbodycobain/Shadowbroker.git cd Shadowbroker docker compose pull docker compose up -d

From GitLab (uses GitLab Container Registry)

git clone https://gitlab.com/bigbodycobain/Shadowbroker.git cd Shadowbroker docker compose -f docker-compose.yml -f docker-compose.gitlab.yml pull docker compose -f docker-compose.yml -f docker-compose.gitlab.yml up -d

Both paths produce identical containers β€” same source, same CI, same images byte-for-byte. Pick whichever ecosystem you already use.

Open http://localhost:3000 to view the dashboard! (RequiresDocker Desktop or Docker Engine)

Backend port already in use? The browser only needs port 3000, but the backend API is also published on host port 8000 for local diagnostics. If another app already uses 8000, create or edit .env next to docker-compose.yml and set BACKEND_PORT=8001, then run docker compose up -d.

Blank news/UAP/bases/wastewater after several minutes? Check for backend OOM restarts with docker events --since 30m --filter container=shadowbroker-backend --filter event=oom. The default compose file gives the backend 4GB; if your host has less memory, reduce enabled feeds or set BACKEND_MEMORY_LIMIT=3G and expect slower/heavier layers to warm more gradually.

Podman users: Podman works, but podman compose is a wrapper and still needs a Compose provider installed. On Windows/WSL, if you see looking up compose provider failed, install podman-compose and run podman-compose pull followed by podman-compose up -d from inside the cloned Shadowbroker folder. On Linux/macOS/WSL shells you can also use ./compose.sh --engine podman pull and ./compose.sh --engine podman up -d.

πŸ”„ How to Update

ShadowBroker uses pre-built Docker images β€” no local building required. Updating takes seconds:

docker compose pull docker compose up -d

That's it. pull grabs the latest images, up -d restarts the containers.

Coming from an older version? Pull the latest repo code first, then pull images:

git pull origin main
docker compose down
docker compose pull
docker compose up -d

Podman users should run the equivalent provider command, for example podman-compose pull and podman-compose up -d, or use ./compose.sh --engine podman pull and ./compose.sh --engine podman up -d from a bash-compatible shell.

Update Integrity

Docker updates are delivered through signed container registries. The legacy ZIP self-updater verifies release archives through this chain, in order:

Release maintainers should run python backend/scripts/release_helper.py hash <ShadowBroker_vX.Y.Z.zip> before publishing, then publish SHA256SUMS.txt and update backend/data/release_digests.json when shipping a ZIP updater target. The updater keeps the operator override path intact instead of failing closed on missing bundled digests, so existing installs do not get stranded by a release-process mistake.

CSP Hardening

The production frontend ships with a hydration-compatible CSP and a strict nonce-only CSP in Content-Security-Policy-Report-Only. Set SHADOWBROKER_STRICT_CSP=1 only after verifying the exact build hydrates correctly in your deployment. Runtime Google Fonts are not required; the bundled Next font pipeline serves the dashboard font from the app build.

⚠️ Stuck on the old version?Ifgit pull fails or docker compose up keeps building from source instead of pulling images, your clone predates a March 2026 repository migration that rewrote commit history. A normal git pull cannot fix this. Run:

Back up any local config you want to keep (.env, etc.)

cd .. rm -rf Shadowbroker git clone https://github.com/bigbodycobain/Shadowbroker.git cd Shadowbroker docker compose pull docker compose up -d

How to tell if you're affected: If docker compose up shows RUN apt-get, RUN npm ci, or RUN pip install β€” it's building from source instead of pulling pre-built images. You need a fresh clone.

Other troubleshooting:

☸️ Kubernetes / Helm (Advanced)

For high-availability deployments or home-lab clusters, ShadowBroker supports deployment via Helm. This chart is based on the bjw-s-labs template and provides a robust, modular setup for both the backend and frontend.

1. Add the Repository:

helm repo add bjw-s-labs https://bjw-s-labs.github.io/helm-charts/ helm repo update

2. Install the Chart:

Default β€” pulls images from GHCR

helm install shadowbroker ./helm/chart --create-namespace --namespace shadowbroker

GitLab registry variant

helm install shadowbroker ./helm/chart --create-namespace --namespace shadowbroker \ -f helm/chart/values.yaml \ -f helm/chart/values-gitlab.yaml

3. Key Features:

Special thanks to@chr0n1x for contributing the initial Kubernetes architecture.

Experimental Testnet β€” No Privacy Guarantee

ShadowBroker v0.9.7 ships InfoNet (decentralized intelligence mesh + Sovereign Shell governance economy), an agentic AI command channel (supports OpenClaw and any HMAC-signing agent), Time Machine snapshot playback , and SAR satellite ground-change detection. This is an experimental testnet β€” not a private messenger and not a production governance system.

Channel | Privacy Status | Details

Meshtastic / APRS | PUBLIC | RF radio transmissions are public and interceptable by design. InfoNet Gate Chat | OBFUSCATED | Messages are obfuscated with gate personas and canonical payload signing, but NOT end-to-end encrypted. Metadata is not hidden despite being designed through Tor and Reticulum (Work in progress). Dead Drop DMs | STRONGEST CURRENT LANE | Token-based epoch mailbox with SAS word verification. Strongest lane in this build, but not yet confidently private. Sovereign Shell governance | PUBLIC LEDGER | Petitions, votes, upgrade hashes, and dispute stakes are signed events on a public hashchain. Pseudonymous via gate persona, but governance actions are intentionally observable. Privacy primitives (RingCT / stealth / DEX) | NOT YET WIRED | Locked Protocol contracts are in place, but the cryptographic scheme has not been chosen. The privacy-core Rust crate is the integration target for a future sprint.

Do not transmit anything sensitive on any channel. Treat all lanes as open and public for now. E2E encryption and deeper native/Tauri hardening are the next milestones. If you fork this project, keep these labels intact and do not make stronger privacy claims than the implementation supports.

For a full picture of what the mesh actually defends against and what it doesn't, read thethreat model and the claims reconciliation. Every sentence above is mapped there to the code path that enforces it (or doesn't).

✨ Features

πŸ§… InfoNet β€” Decentralized Intelligence Mesh + Sovereign Shell (expanded in v0.9.7)

The first decentralized intelligence communication and governance layer built directly into an OSINT platform. No accounts, no signup, no identity required. v0.9.7 promotes InfoNet from a chat layer into a full governance economy with a clear path to a privacy-preserving decentralized intelligence platform.

Communication layer (since v0.9.6):

Sovereign Shell β€” governance economy (NEW in v0.9.7):

Privacy primitive runway (NEW in v0.9.7):

Experimental Testnet β€” No Privacy Guarantee: InfoNet messages are obfuscated but NOT end-to-end encrypted. The Mesh network (Meshtastic/APRS) is NOT private β€” radio transmissions are inherently public. The privacy primitive contracts are scaffolded but not yet wired. Do not send anything sensitive on any channel. Treat all channels as open and public for now.

πŸ” Recon Toolkit & Shodan (Osiris-derived, security-first)

Adapted from the OSIRIS recon stack (MIT) with ShadowBroker’s proxy model. Attribution: backend/third_party/osiris/NOTICE.md.

Recon Toolkit (left sidebar β€” local operator only):

Entity graph β€” Select any map entity to open the Entity Graph panel (GET /api/entity/expand). Resolves aircraft, vessels, companies, persons, IPs, and countries into a node/link graph (Wikidata SPARQL + OFAC + in-memory flight/ship store).

OpenClaw / agent access β€” The same recon backends are available on the HMAC command channel (no browser local-operator gate): osint_lookup (passive IP/DNS/WHOIS/certs/BGP/sanctions/CVE/MAC/GitHub/leaks/threats), entity_expand (relationship graph), and osint_sweep (active subnet scan β€” full access tier only). Call osint_tools to list supported lookup types. Skill package: openclaw-skills/shadowbroker/ (SKILL.md + sb_query.py).

Shodan overlay (unchanged):

πŸ›©οΈ Aviation Tracking

🚒 Maritime Tracking

πŸš† Rail Tracking (NEW in v0.9.6)

πŸ›°οΈ Space & Satellites

🌍 Geopolitics & Conflict

πŸ›°οΈ Satellite Imagery

πŸ›°οΈ SAR Ground-Change Detection (NEW)

πŸ“» Software-Defined Radio & SIGINT

πŸ“· Surveillance

πŸ”₯ Environmental & Hazard Monitoring

πŸ—οΈ Infrastructure Monitoring

🌐 Additional Layers & Tools

Gaza

πŸ€– Agentic AI Command Channel β€” OpenClaw + Compatible Agents (expanded in v0.9.7)

ShadowBroker exposes a bidirectional agentic AI command channel β€” a signed, tier-gated bridge that gives any compatible AI agent full read/write access to the intelligence platform. OpenClaw is the reference agent , but the channel is an open protocol: any LLM-driven agent that signs requests with HMAC-SHA256 (Claude Code, GPT, LangChain, custom Python/TypeScript clients, or your own integration) can connect as an analyst that sees the same data as the operator and can take actions on the map. ShadowBroker does not bundle an LLM, an agent runtime, or model weights β€” it provides the surface; you bring the agent.

v0.9.7 turns ShadowBroker from a dashboard a human watches into an intelligence surface any agent can act on.

Channel transport (NEW in v0.9.7):

Capabilities:

Connect an agent: Open the AI Intel panel in the left sidebar, click Connect Agent , and copy the HMAC secret. From there, point any compatible agent at the channel β€” for OpenClaw, import ShadowBrokerClient from openclaw-skills/shadowbroker/sb_query.py (see SKILL.md for examples); for any other agent, use the same HMAC contract documented above (timestamp + nonce + body digest, tier-gated). Discovery: GET /api/ai/tools and GET /api/ai/capabilities. The channel is the protocol, not the agent.

⏱️ Time Machine β€” Snapshot Playback (NEW in v0.9.7)

A media-style transport for the entire telemetry feed. Treat the live map as a recording that can be scrubbed, paused, and replayed.

πŸ“¦ API Keys Panel β€” Path-First, Read-Only (NEW in v0.9.7)

Settings β†’ API Keys is now a read-only registry. Key values never reach the browser process β€” not even an obfuscated prefix. The panel surfaces:

OpenSky API credentials are now a critical-warn environment requirement: the startup environment check flags missing OpenSky OAuth2 credentials with a strong warning, and the changelog modal links directly to the free registration page. Without them, the flights layer falls back to ADS-B-only coverage with significant gaps in Africa, Asia, and Latin America.

πŸ—οΈ Architecture

ShadowBroker v0.9.7 is composed of three vertically-stacked planes β€” the Operator UI , the Backend Service Plane , and the Decentralized Layer (InfoNet) β€” plus two cross-cutting bridges (the Time Machine and the Agentic AI Channel , which is the protocol that OpenClaw and any other compatible agent connects through) and a Privacy Core Rust crate that backstops both the legacy mesh and the future shielded coin / DEX work.

╔═════════════════════════════════════════════════════════════════════════════╗ β•‘ OPERATOR UI (Next.js + MapLibre) β•‘ β•‘ β•‘ β•‘ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β•‘ β•‘ β”‚ MapLibre GL β”‚ β”‚ NewsFeed β”‚ β”‚ Sovereign Shellβ”‚ β”‚ Mesh Chat β”‚ β•‘ β•‘ β”‚ WebGL render β”‚ β”‚ SIGINT β”‚ β”‚ Petitions / β”‚ β”‚ + Mesh Term. β”‚ β•‘ β•‘ β”‚ + clusters β”‚ β”‚ GDELT β”‚ β”‚ Upgrades / β”‚ β”‚ (Infonet / β”‚ β•‘ β•‘ β”‚ β”‚ β”‚ Threat β”‚ β”‚ Disputes / β”‚ β”‚ Mesh / β”‚ β•‘ β•‘ β”‚ β”‚ β”‚ β”‚ β”‚ Gates / β”‚ β”‚ Dead Drop) β”‚ β•‘ β•‘ β”‚ β”‚ β”‚ β”‚ β”‚ Bootstrap / β”‚ β”‚ β”‚ β•‘ β•‘ β”‚ β”‚ β”‚ β”‚ β”‚ Function Keys β”‚ β”‚ β”‚ β•‘ β•‘ β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜ β•‘ β•‘ β”‚ β”‚ β”‚ β”‚ β•‘ β•‘ β”Œβ”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β” β•‘ β•‘ β”‚ Time Machine ◀── snapshot playback ── snapshotMode toggle ──▢ Live β”‚ β•‘ β•‘ β”‚ hourly index β”‚ frame interpolation β”‚ profile-aware β”‚ per-tier ETag β”‚ β•‘ β•‘ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β•‘ β•‘ β”‚ REST + /api/[...path] proxy β•‘ ╠═════════════════════════════════════β•ͺ═══════════════════════════════════════╣ β•‘ BACKEND SERVICE PLANE (FastAPI) β•‘ β•‘ β”‚ β•‘ β•‘ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β•‘ β•‘ β”‚ Data Fetcher (APScheduler β€” fast / slow tiers) β”‚ β•‘ β•‘ β”‚ β”‚ β•‘ β•‘ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β•‘ β•‘ β”‚ β”‚ OpenSky β”‚ adsb.lol β”‚ CelesTrak β”‚ USGS β”‚ AIS WS β”‚ β”‚ β•‘ β•‘ β”‚ β”‚ Flights β”‚ Military β”‚ Sats β”‚ Quakes β”‚ Ships β”‚ β”‚ β•‘ β•‘ β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ β•‘ β•‘ β”‚ β”‚ Carrier β”‚ GDELT β”‚ CCTV (12) β”‚ DeepState β”‚ NASA β”‚ β”‚ β•‘ β•‘ β”‚ β”‚ Tracker β”‚ Conflict β”‚ Cameras β”‚ Frontline β”‚ FIRMS β”‚ β”‚ β•‘ β•‘ β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ β•‘ β•‘ β”‚ β”‚ GPS β”‚ KiwiSDR β”‚ Shodan β”‚ Amtrak β”‚ SatNOGS β”‚ β”‚ β•‘ β•‘ β”‚ β”‚ Jamming β”‚ Radios β”‚ Devices β”‚ DigiTraf β”‚ TinyGS β”‚ β”‚ β•‘ β•‘ β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ β•‘ β•‘ β”‚ β”‚ Volcanoes β”‚ Weather β”‚ Fishing β”‚ Mil Bases β”‚ IODA β”‚ β”‚ β•‘ β•‘ β”‚ β”‚ Air Qual β”‚ Alerts β”‚ Activity β”‚ PwrPlants β”‚ Outages β”‚ β”‚ β•‘ β•‘ β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ β•‘ β•‘ β”‚ β”‚ Sentinel β”‚ MODIS β”‚ VIIRS β”‚ Data β”‚ Meshtasticβ”‚ β”‚ β•‘ β•‘ β”‚ β”‚ Hub/STAC β”‚ Terra β”‚ Nightlts β”‚ Centers β”‚ APRS β”‚ β”‚ β•‘ β•‘ β”‚ β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ β”‚ β•‘ β•‘ β”‚ β”‚ SAR (NEW v0.9.7) β”‚ β”‚ β•‘ β•‘ β”‚ β”‚ Mode A: ASF Search catalog (free, no account) β”‚ β”‚ β•‘ β•‘ β”‚ β”‚ Mode B: NASA OPERA / Copernicus EGMS / GFM / EMS / β”‚ β”‚ β•‘ β•‘ β”‚ β”‚ UNOSAT ground-change anomalies (opt-in) β”‚ β”‚ β•‘ β•‘ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β•‘ β•‘ β”‚ * OpenSky: REQUIRED for global flight coverage β”‚ β•‘ β•‘ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β•‘ β•‘ β”‚ β•‘ β•‘ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β•‘ β•‘ β”‚ Snapshot Store (Time Machine source) β”‚ β•‘ β•‘ β”‚ Hourly index β”‚ per-snapshot layer manifest β”‚ profile metadata β”‚ β•‘ β•‘ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β•‘ β•‘ β•‘ β•‘ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β•‘ β•‘ β”‚ Agentic AI Channel (HMAC-SHA256, tier-gated β€” OpenClaw + others) β”‚ β•‘ β•‘ β”‚ β”‚ β•‘ β•‘ β”‚ POST /api/ai/channel/command β†’ one tool call β”‚ β•‘ β•‘ β”‚ POST /api/ai/channel/batch β†’ up to 20 concurrent tool calls β”‚ β•‘ β•‘ β”‚ β”‚ β•‘ β•‘ β”‚ Tier: restricted (read-only) β”‚ full (read + write + inject) β”‚ β•‘ β•‘ β”‚ Auth: X-SB-Timestamp + X-SB-Nonce + X-SB-Signature β”‚ β•‘ β•‘ β”‚ Sig = HMAC-SHA256(secret, METHOD|path|ts|nonce|sha256(body)) β”‚ β•‘ β•‘ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β•‘ ╠═════════════════════════════════════════════════════════════════════════════╣ β•‘ DECENTRALIZED LAYER (InfoNet Testnet β€” signed events) β•‘ β•‘ β•‘ β•‘ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β•‘ β•‘ β”‚ Mesh Hashchain β”‚ β”‚ Sovereign Shell Governance β”‚ β•‘ β•‘ β”‚ β”‚ β”‚ β”‚ β•‘ β•‘ β”‚ Ed25519 signed events β”‚ β”‚ Petitions (DSL: UPDATE_PARAM, β”‚ β•‘ β•‘ β”‚ Public-key binding β”‚ β”‚ ENABLE_FEATURE …) β”‚ β•‘ β•‘ β”‚ Replay / sequence guard β”‚ β”‚ Upgrade-Hash voting (80% / 40% β”‚ β•‘ β•‘ β”‚ Two-tier finality β”‚ β”‚ quorum / 67% Heavy) β”‚ β•‘ β•‘ β”‚ β”œ Tier 1 (CRDT, fast) β”‚ β”‚ Resolution & Dispute markets β”‚ β•‘ β•‘ β”‚ β”” Tier 2 (epoch finality)β”‚ β”‚ Gate suspend / shutdown / appealβ”‚ β•‘ β•‘ β”‚ Identity rotation β”‚ β”‚ Bootstrap eligible-node-1-vote β”‚ β•‘ β•‘ β”‚ Constitutional invariants β”‚ β”‚ (Argon2id PoW, Heavy-Node only)β”‚ β•‘ β•‘ β”‚ (MappingProxyType) β”‚ β”‚ Function Keys (5 of 6 pieces) β”‚ β•‘ β•‘ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β•‘ β•‘ β”‚ β”‚ β•‘ β•‘ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β•‘ β•‘ β”‚ β•‘ β•‘ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β•‘ β•‘ β”‚ Wormhole / InfoNet Relay (transport layer) β”‚ β•‘ β•‘ β”‚ Gate personas β”‚ canonical signing β”‚ Dead Drop epoch mailboxes β”‚ β•‘ β•‘ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β•‘ ╠═════════════════════════════════════════════════════════════════════════════╣ β•‘ PRIVACY CORE (Rust crate β€” locked Protocol contracts) β•‘ β•‘ β•‘ β•‘ privacy-core/ ─► Argon2id β”‚ Ed25519/X25519 β”‚ AESGCM β”‚ HKDF β•‘ β•‘ Ring sigs β”‚ Stealth addrs β”‚ Pedersen β”‚ Bulletproofsβ•‘ β•‘ Blind-sig issuance (RSA / BBS+ / U-Prove / Idemix) β•‘ β•‘ β•‘ β•‘ * = locked Protocol contract; cryptographic primitive lands Sprint 11+ β•‘ β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

Distribution ──────────── GitHub (primary): ghcr.io/bigbodycobain/shadowbroker-{backend,frontend} GitLab (mirror): registry.gitlab.com/bigbodycobain/shadowbroker/{backend,frontend} Multi-arch: linux/amd64 + linux/arm64 (Raspberry Pi 5 supported) Desktop: Tauri shell β†’ packaged backend-runtime + Next.js frontend

πŸ“Š Data Sources & APIs

Source | Data | Update Frequency | API Key Required

OpenSky Network | Commercial & private flights | ~60s | Yes adsb.lol | Military aircraft | ~60s | No aisstream.io | AIS vessel positions | Real-time WebSocket | Yes CelesTrak | Satellite orbital positions (TLE + SGP4) | ~60s | No USGS Earthquake | Global seismic events | ~60s | No GDELT Project | Global conflict events | ~6h | No DeepState Map | Ukraine frontline | ~30min | No Shodan | Internet-connected device search | On-demand | Yes OpenSanctions | OFAC SDN sanctions index (recon + entity graph) | 24h cache | No abuse.ch Feodo + URLhaus | Malware C2 / distribution URLs | ~5min (opt-in layer) | No CISA KEV | Known exploited CVEs | ~5min (opt-in layer) | No ip-api.com | IP geolocation (recon, entity graph) | On-demand | No Google Public DNS | DNS-over-HTTPS lookups (recon) | On-demand | No RDAP.org | Domain registration data (recon) | On-demand | No crt.sh | Certificate transparency (recon) | On-demand | No bgpview.io | BGP/ASN routing (recon) | On-demand | No TeleGeography (static) | Submarine cable routes | Static | No ASFINAG | Austria motorway webcams | ~10min | No Amtrak | US train positions | ~60s | No DigiTraffic | European rail positions | ~60s | No Global Fishing Watch | Fishing vessel activity events | ~1hr | Yes (GFW_API_TOKEN) Telegram public previews | War/OSINT channel posts (telegram_osint) | ~1hr | No (optional TELEGRAM_OSINT_CHANNELS) Transport for London, NYC DOT, TxDOT | CCTV cameras (UK, US) | ~10min | No Caltrans, WSDOT, GDOT, IDOT, MDOT | CCTV cameras (5 US states) | ~10min | No Spain DGT, Madrid City | CCTV cameras (Spain) | ~10min | No Singapore LTA | Singapore traffic cameras | ~10min | Yes Windy Webcams | Global webcams | ~10min | No SatNOGS | Amateur satellite ground stations | ~30min | No TinyGS | LoRa satellite ground stations | ~30min | No Meshtastic MQTT | Mesh radio node positions | Real-time | No APRS-IS | Amateur radio positions | Real-time TCP | No KiwiSDR | Public SDR receiver locations | ~30min | No OpenMHZ | Police/fire scanner feeds | Real-time | No Smithsonian GVP | Holocene volcanoes worldwide | Static (cached) | No OpenAQ | Air quality PM2.5 stations | ~120s | No NOAA / NWS | Severe weather alerts & polygons | ~120s | No WRI Global Power Plant DB | 35,000+ power plants | Static (cached) | No Military base datasets | Global military installations | Static (cached) | No NASA FIRMS | NOAA-20 VIIRS fire/thermal hotspots | ~120s | No NOAA SWPC | Space weather Kp index & solar events | ~120s | No IODA (Georgia Tech) | Regional internet outage alerts | ~120s | No DC Map (GitHub) | Global data center locations | Static (cached 7d) | No NASA GIBS | MODIS Terra daily satellite imagery | Daily (24-48h delay) | No Esri World Imagery | High-res satellite basemap | Static (periodically updated) | No MS Planetary Computer | Sentinel-2 L2A scenes (right-click) | On-demand | No Copernicus CDSE | Sentinel Hub imagery (Process API) | On-demand | Yes (free) VIIRS Nightlights | Night-time light change detection | Static | No RestCountries | Country profile data | On-demand (cached 24h) | No Wikidata SPARQL | Head of state data | On-demand (cached 24h) | No Wikipedia API | Location summaries & aircraft images | On-demand (cached) | No OSM Nominatim | Place name geocoding (LOCATE bar) | On-demand | No CARTO Basemaps | Dark map tiles | Continuous | No

Outbound privacy & audit (#348–#366): Each self-hosted install uses its own backend IP and per-install User-Agent handle. See docs/OUTBOUND_DATA.md for what contacts third parties, opt-in/env controls, and accepted tradeoffs (CCTV Referer, basemap CDN, LiveUAMap, etc.).

πŸš€ Getting Started

🐳 Docker Setup (Recommended for Self-Hosting)

The repo includes a docker-compose.yml that pulls pre-built images from GitHub Container Registry.

git clone https://github.com/BigBodyCobain/Shadowbroker.git cd Shadowbroker

Add your API keys in a repo-root .env file (optional β€” see Environment Variables below)

docker compose pull docker compose up -d

Open http://localhost:3000 to view the dashboard.

Deploying publicly or on a LAN? No configuration needed for most setups. The frontend proxies all API calls through the Next.js server to BACKEND_URL, which defaults to http://backend:8000 (Docker internal networking). Host port 8000 is only published for local API/debug access (127.0.0.1:8000 in docker-compose.yml). If it conflicts with another service, set BACKEND_PORT=8001 in .env; leave BACKEND_URL as http://backend:8000 because that is the Docker-internal port.

Running the backend outside Docker (cd backend && python main.py): the dev server binds loopback only (127.0.0.1:8000) so other machines on your LAN cannot hit admin/local-trust routes with an empty ADMIN_KEY. Set SHADOWBROKER_DEV_BIND_ALL=true in .env only when you deliberately need 0.0.0.0 and use a strong ADMIN_KEY for any non-local callers. The backend memory cap is controlled by BACKEND_MEMORY_LIMIT and defaults to 4G. If Docker reports OOM events, the backend will restart and slow layers can look empty until they repopulate.

If your backend runs on a different host or port , set BACKEND_URL at runtime β€” no rebuild required:

# Linux / macOS
BACKEND_URL=http://myserver.com:9096 docker compose up -d

# Podman (via compose.sh wrapper)
BACKEND_URL=http://192.168.1.50:9096 ./compose.sh up -d

# Windows (PowerShell)
$env:BACKEND_URL="http://myserver.com:9096"; docker compose up -d

# Or add to a .env file next to docker-compose.yml:
# BACKEND_URL=http://myserver.com:9096

Podman users: Do not pass the GitHub URL to podman compose pull; clone the repo first, cd Shadowbroker, then run compose from that folder. podman compose also requires a Compose provider. If Podman reports looking up compose provider failed, install one:

Linux / macOS / WSL

python3 -m pip install --user podman-compose podman-compose pull podman-compose up -d

Windows PowerShell

py -m pip install --user podman-compose podman-compose pull podman-compose up -d

If you are in a bash-compatible shell, the included wrapper can auto-detect Docker or Podman:

./compose.sh --engine podman pull ./compose.sh --engine podman up -d

πŸ‹ Standalone Deploy (Portainer, Uncloud, NAS, etc.)

No need to clone the repo. Use the pre-built images from GitHub Container Registry. GitLab registry images may be used as a mirror if you publish them there.

Create a docker-compose.yml with the following content and deploy it directly β€” paste it into Portainer's stack editor, uncloud deploy, or any Docker host:

Image registry β€” uncomment ONE line per service:

GitHub (primary): ghcr.io/bigbodycobain/shadowbroker-backend:latest

GitLab (mirror): registry.gitlab.com/bigbodycobain/shadowbroker/backend:latest

services: backend: image: ghcr.io/bigbodycobain/shadowbroker-backend:latest

image: registry.gitlab.com/bigbodycobain/shadowbroker/backend:latest

container_name: shadowbroker-backend ports: - "${BACKEND_PORT:-8000}:8000" environment: - AIS_API_KEY=your_aisstream_key # Required β€” get one free at aisstream.io - OPENSKY_CLIENT_ID= # Optional β€” higher flight data rate limits - OPENSKY_CLIENT_SECRET= # Optional β€” paired with Client ID above - LTA_ACCOUNT_KEY= # Optional β€” Singapore CCTV cameras - SHODAN_API_KEY= # Optional β€” Shodan device search overlay - SH_CLIENT_ID= # Optional β€” Sentinel Hub satellite imagery - SH_CLIENT_SECRET= # Optional β€” paired with Sentinel Hub ID - CORS_ORIGINS= # Optional β€” comma-separated allowed origins volumes: - backend_data:/app/data restart: unless-stopped

frontend: image: ghcr.io/bigbodycobain/shadowbroker-frontend:latest

image: registry.gitlab.com/bigbodycobain/shadowbroker/frontend:latest

container_name: shadowbroker-frontend ports: - "3000:3000" environment: - BACKEND_URL=http://backend:8000 # Docker internal networking β€” no rebuild needed depends_on: - backend restart: unless-stopped

volumes: backend_data:

How it works: The frontend container proxies all /api/* requests through the Next.js server to BACKEND_URL using Docker's internal networking. The browser only ever talks to port 3000. The backend's host port is for local API/debug access and can be changed with BACKEND_PORT=8001 without changing BACKEND_URL.

BACKEND_URL is a plain runtime environment variable (not a build-time NEXT_PUBLIC_*), so you can change it in Portainer, Uncloud, or any compose editor without rebuilding the image. Set it to the address where your backend is reachable from inside the Docker network (e.g. http://backend:8000, http://192.168.1.50:8000).

πŸ“¦ Quick Start (No Code Required)

If you just want to run the dashboard without dealing with terminal commands:

  1. Go to the Releases tab on the right side of this repo page.
  2. Download the latest .zip file from the release.
  3. Extract the folder to your computer.
  4. Windows: Double-click start.bat. Mac/Linux: Open terminal, type chmod +x start.sh, dos2unix start.sh, and run ./start.sh.
  5. It will automatically install everything and launch the dashboard!

Local launcher notes:

πŸ’» Developer Setup

If you want to modify the code or run from source:

Prerequisites

Installation

Clone the repository

git clone https://github.com/BigBodyCobain/Shadowbroker.git cd Shadowbroker

Backend setup

cd backend python -m venv venv venv\Scripts\activate # Windows

source venv/bin/activate # macOS/Linux

pip install .

Optional helper scripts (creates venv + installs dev deps)

Windows PowerShell

.\backend\scripts\setup-venv.ps1

macOS/Linux

./backend/scripts/setup-venv.sh

Optional env check (prints warnings for missing keys)

Windows PowerShell

.\backend\scripts\check-env.ps1

macOS/Linux

./backend/scripts/check-env.sh

Create .env with your API keys

echo "AIS_API_KEY=your_aisstream_key" >> .env echo "OPENSKY_CLIENT_ID=your_opensky_client_id" >> .env echo "OPENSKY_CLIENT_SECRET=your_opensky_secret" >> .env

Frontend setup

cd ../frontend npm ci

Running

From the frontend directory β€” starts both frontend & backend concurrently

npm run dev

This starts:

Pre-commit (Optional)

If you use pre-commit, install hooks once from repo root:

pre-commit install

Local AIS Receiver (Optional)

You can feed your own AIS ship data into ShadowBroker using an RTL-SDR dongle and AIS-catcher, an open-source AIS decoder. This gives you real-time coverage of vessels in your local area β€” no API key needed.

  1. Plug in an RTL-SDR dongle
  2. Install AIS-catcher (releases) or use the Docker image:

docker run -d --device /dev/bus/usb \ ghcr.io/jvde-github/ais-catcher -H http://host.docker.internal:4000/api/ais/feed interval 10

  1. Or run natively:

AIS-catcher -H http://localhost:4000/api/ais/feed interval 10

AIS-catcher decodes VHF radio signals on 161.975 MHz and 162.025 MHz and POSTs decoded vessel data to ShadowBroker every 10 seconds. Ships detected by your SDR antenna appear alongside the global AIS stream.

Docker (ARM/Raspberry Pi): See docker-shipfeeder for a production-ready Docker image optimized for ARM.

Note: AIS range depends on your antenna β€” typically 20-40 nautical miles with a basic setup, 60+ nm with a marine VHF antenna at elevation.

πŸŽ›οΈ Data Layers

All 41 layers are independently toggleable from the left panel:

Layer | Default | Description

Commercial Flights | βœ… ON | Airlines, cargo, GA aircraft Private Flights | βœ… ON | Non-commercial private aircraft Private Jets | βœ… ON | High-value bizjets with owner data Military Flights | βœ… ON | Military & government aircraft Tracked Aircraft | βœ… ON | Special interest watch list GPS Jamming | βœ… ON | NAC-P degradation zones Carriers / Mil / Cargo | βœ… ON | Navy carriers, cargo ships, tankers Civilian Vessels | βœ… ON | Yachts, fishing, recreational Cruise / Passenger | βœ… ON | Cruise ships and ferries Tracked Yachts | βœ… ON | Billionaire & oligarch superyachts Fishing Activity | βœ… ON | Global Fishing Watch vessel events Trains | βœ… ON | Amtrak + European rail positions Satellites | βœ… ON | Orbital assets by mission type SatNOGS | βœ… ON | Amateur satellite ground stations TinyGS | βœ… ON | LoRa satellite ground stations Earthquakes (24h) | βœ… ON | USGS seismic events Fire Hotspots (24h) | βœ… ON | NASA FIRMS VIIRS thermal anomalies Volcanoes | βœ… ON | Smithsonian Holocene volcanoes Weather Alerts | βœ… ON | Severe weather polygons Air Quality (PM2.5) | βœ… ON | OpenAQ stations worldwide Ukraine Frontline | βœ… ON | Live warfront positions Ukraine Air Alerts | βœ… ON | Regional air raid alerts Global Incidents | βœ… ON | GDELT conflict events CCTV Mesh | βœ… ON | 11,000+ cameras across 13 sources, 6 countries Internet Outages | βœ… ON | IODA regional connectivity alerts Data Centers | βœ… ON | Global data center locations (2,000+) Military Bases | βœ… ON | Global military installations KiwiSDR Receivers | βœ… ON | Public SDR radio receivers Meshtastic Nodes | βœ… ON | Mesh radio node positions APRS | βœ… ON | Amateur radio positioning Scanners | βœ… ON | Police/fire scanner feeds Day / Night Cycle | βœ… ON | Solar terminator overlay MODIS Terra (Daily) | ❌ OFF | NASA GIBS daily satellite imagery High-Res Satellite | ❌ OFF | Esri sub-meter satellite imagery Sentinel Hub | ❌ OFF | Copernicus CDSE Process API VIIRS Nightlights | ❌ OFF | Night-time light change detection Power Plants | ❌ OFF | 35,000+ global power plants Shodan Overlay | ❌ OFF | Internet device search results Road Freight Trends | ❌ OFF | Sentinel-2 truck-motion trends on major highways (Analyze Here) Submarine Cables | ❌ OFF | Global undersea cable routes (static GeoJSON) Malware C2 | ❌ OFF | abuse.ch Feodo + URLhaus threat points SCM Suppliers | ❌ OFF | Tier 1/2 supply-chain risk markers + panel alerts Cyber Threats | ❌ OFF | Recent CISA KEV entries (stats in slow-tier payload) Telegram OSINT | βœ… ON | Public war/OSINT Telegram channels β€” hourly scrape, geoparsed pins SAR | βœ… ON | Synthetic aperture radar catalog + anomaly alerts

Recon & entity tools (not map layers β€” left sidebar / selection):

Tool | Dashboard access | OpenClaw command | Description

Recon Toolkit | Local operator (/api/osint/*) | osint_lookup, osint_sweep† | IP, DNS, WHOIS, certs, BGP, sanctions, CVE, MAC, GitHub, leaks, threats, subnet sweep Entity Graph | Local operator (/api/entity/expand) | entity_expand | Wikidata + OFAC + live-store relationship graph SCM Risk panel | Local operator (/api/scm-suppliers) | get_layer_slice(["scm_suppliers"]) | Supplier threat rollup + map markers Tool discovery | β€” | osint_tools | Lists recon lookup types and entity-expand schemas

† osint_sweep (active InternetDB scan) requires OPENCLAW_ACCESS_TIER=full.

πŸ”§ Performance

The platform is optimized for handling massive real-time datasets:

πŸ“ Project Structure

Shadowbroker/ β”œβ”€β”€ openclaw-skills/shadowbroker/ # OpenClaw skill β€” SKILL.md, sb_query.py client, alerts/monitor helpers β”œβ”€β”€ backend/ β”‚ β”œβ”€β”€ main.py # FastAPI app, middleware, API routes (~4,000 lines) β”‚ β”œβ”€β”€ cctv.db # SQLite CCTV camera database (auto-generated) β”‚ β”œβ”€β”€ config/ β”‚ β”‚ └── news_feeds.json # User-customizable RSS feed list β”‚ β”œβ”€β”€ services/ β”‚ β”‚ β”œβ”€β”€ data_fetcher.py # Core scheduler β€” orchestrates all data sources β”‚ β”‚ β”œβ”€β”€ ais_stream.py # AIS WebSocket client (25K+ vessels) β”‚ β”‚ β”œβ”€β”€ carrier_tracker.py # OSINT carrier position estimator (GDELT news scraping) β”‚ β”‚ β”œβ”€β”€ cctv_pipeline.py # 14-source CCTV camera ingestion pipeline β”‚ β”‚ β”œβ”€β”€ ssrf_guard.py # SSRF validation for operator recon fetches β”‚ β”‚ β”œβ”€β”€ sanctions/ofac.py # OpenSanctions OFAC SDN index β”‚ β”‚ β”œβ”€β”€ osint/lookups.py # Server-side recon lookups (Osiris port) β”‚ β”‚ β”œβ”€β”€ osint/openclaw_recon.py # OpenClaw dispatch for recon + entity_expand β”‚ β”‚ β”œβ”€β”€ osint_intel/resolve.py # Entity graph resolver (Wikidata + OFAC) β”‚ β”‚ β”œβ”€β”€ scm/suppliers.py # Supply-chain risk overlay β”‚ β”‚ β”œβ”€β”€ intel_feeds/ # Country risk index helpers β”‚ β”‚ β”œβ”€β”€ fetchers/malware.py # abuse.ch Feodo + URLhaus β”‚ β”‚ β”œβ”€β”€ fetchers/cyber_status.py # CISA KEV feed β”‚ β”‚ β”œβ”€β”€ fetchers/telegram_osint.py # Public Telegram channel scrape + geoparse β”‚ β”‚ β”œβ”€β”€ third_party/osiris/ # MIT attribution for Osiris-derived code β”‚ β”‚ β”œβ”€β”€ geopolitics.py # GDELT + Ukraine frontline + air alerts β”‚ β”‚ β”œβ”€β”€ region_dossier.py # Right-click country/city intelligence β”‚ β”‚ β”œβ”€β”€ radio_intercept.py # Police scanner feeds + OpenMHZ β”‚ β”‚ β”œβ”€β”€ kiwisdr_fetcher.py # KiwiSDR receiver scraper β”‚ β”‚ β”œβ”€β”€ sentinel_search.py # Sentinel-2 STAC imagery search β”‚ β”‚ β”œβ”€β”€ shodan_connector.py # Shodan device search connector β”‚ β”‚ β”œβ”€β”€ sigint_bridge.py # APRS-IS TCP bridge β”‚ β”‚ β”œβ”€β”€ network_utils.py # HTTP client with curl fallback β”‚ β”‚ β”œβ”€β”€ api_settings.py # API key management β”‚ β”‚ β”œβ”€β”€ news_feed_config.py # RSS feed config manager β”‚ β”‚ β”œβ”€β”€ fetchers/ β”‚ β”‚ β”‚ β”œβ”€β”€ flights.py # OpenSky, adsb.lol, GPS jamming, holding patterns β”‚ β”‚ β”‚ β”œβ”€β”€ geo.py # AIS vessels, carriers, GDELT, fishing activity β”‚ β”‚ β”‚ β”œβ”€β”€ satellites.py # CelesTrak TLE + SGP4 propagation β”‚ β”‚ β”‚ β”œβ”€β”€ earth_observation.py # Quakes, fires, volcanoes, air quality, weather β”‚ β”‚ β”‚ β”œβ”€β”€ infrastructure.py # Data centers, power plants, military bases β”‚ β”‚ β”‚ β”œβ”€β”€ trains.py # Amtrak + DigiTraffic European rail β”‚ β”‚ β”‚ β”œβ”€β”€ sigint.py # SatNOGS, TinyGS, APRS, Meshtastic β”‚ β”‚ β”‚ β”œβ”€β”€ meshtastic_map.py # Meshtastic MQTT + map node aggregation β”‚ β”‚ β”‚ β”œβ”€β”€ military.py # Military aircraft classification β”‚ β”‚ β”‚ β”œβ”€β”€ news.py # RSS intelligence feed aggregation β”‚ β”‚ β”‚ β”œβ”€β”€ financial.py # Global markets data β”‚ β”‚ β”‚ └── ukraine_alerts.py # Ukraine air raid alerts β”‚ β”‚ └── mesh/ # InfoNet / Wormhole protocol stack β”‚ β”‚ β”œβ”€β”€ mesh_protocol.py # Core mesh protocol + routing β”‚ β”‚ β”œβ”€β”€ mesh_crypto.py # Ed25519, X25519, AESGCM primitives β”‚ β”‚ β”œβ”€β”€ mesh_hashchain.py # Hash chain commitment system (~1,400 lines) β”‚ β”‚ β”œβ”€β”€ mesh_router.py # Multi-transport router (APRS, Meshtastic, WS) β”‚ β”‚ β”œβ”€β”€ mesh_wormhole_persona.py # Gate persona identity management β”‚ β”‚ β”œβ”€β”€ mesh_wormhole_dead_drop.py # Dead Drop token-based DM mailbox β”‚ β”‚ β”œβ”€β”€ mesh_wormhole_ratchet.py # Double-ratchet DM scaffolding β”‚ β”‚ β”œβ”€β”€ mesh_wormhole_gate_keys.py # Gate key management + rotation β”‚ β”‚ β”œβ”€β”€ mesh_wormhole_seal.py # Message sealing + unsealing β”‚ β”‚ β”œβ”€β”€ mesh_merkle.py # Merkle tree proofs for data commitment β”‚ β”‚ β”œβ”€β”€ mesh_reputation.py # Node reputation scoring β”‚ β”‚ β”œβ”€β”€ mesh_oracle.py # Oracle consensus protocol β”‚ β”‚ └── mesh_secure_storage.py # Secure credential storage β”‚ β”œβ”€β”€ routers/ β”‚ β”‚ β”œβ”€β”€ osint.py # /api/osint/* recon routes (local operator) β”‚ β”‚ β”œβ”€β”€ entity_graph.py # /api/entity/expand β”‚ β”‚ β”œβ”€β”€ scm.py # /api/scm-suppliers β”‚ β”‚ └── intel_feeds.py # /api/malware, /api/cyber-threats, /api/telegram-feed, /api/country-risk β”œβ”€β”€ frontend/ β”‚ β”œβ”€β”€ public/data/ β”‚ β”‚ └── submarine-cables.json # Static undersea cable GeoJSON β”‚ β”œβ”€β”€ src/ β”‚ β”‚ β”œβ”€β”€ app/ β”‚ β”‚ β”‚ └── page.tsx # Main dashboard β€” state, polling, layout β”‚ β”‚ └── components/ β”‚ β”‚ β”œβ”€β”€ MaplibreViewer.tsx # Core map β€” all GeoJSON layers β”‚ β”‚ β”œβ”€β”€ MeshChat.tsx # InfoNet / Mesh / Dead Drop chat panel β”‚ β”‚ β”œβ”€β”€ MeshTerminal.tsx # Draggable CLI terminal β”‚ β”‚ β”œβ”€β”€ NewsFeed.tsx # SIGINT feed + entity detail panels β”‚ β”‚ β”œβ”€β”€ WorldviewLeftPanel.tsx # Data layer toggles (40+ layers) β”‚ β”‚ β”œβ”€β”€ ShodanPanel.tsx # Shodan device search overlay β”‚ β”‚ β”œβ”€β”€ ReconPanel.tsx # Server-side OSINT recon toolkit β”‚ β”‚ β”œβ”€β”€ ScmPanel.tsx # Supply-chain risk command panel β”‚ β”‚ β”œβ”€β”€ EntityGraphPanel.tsx # Entity graph on map selection β”‚ β”‚ β”œβ”€β”€ MaplibreViewer/popups/TelegramOsintPopup.tsx # Threat-intercept styled Telegram pin popups β”‚ β”‚ β”œβ”€β”€ WorldviewRightPanel.tsx # Search + filter sidebar β”‚ β”‚ β”œβ”€β”€ AdvancedFilterModal.tsx # Airport/country/owner filtering β”‚ β”‚ β”œβ”€β”€ MapLegend.tsx # Dynamic legend with all icons β”‚ β”‚ β”œβ”€β”€ MarketsPanel.tsx # Global financial markets ticker β”‚ β”‚ β”œβ”€β”€ RadioInterceptPanel.tsx # Scanner-style radio panel β”‚ β”‚ β”œβ”€β”€ FindLocateBar.tsx # Search/locate bar β”‚ β”‚ β”œβ”€β”€ ChangelogModal.tsx # Version changelog popup (auto-shows on upgrade) β”‚ β”‚ β”œβ”€β”€ SettingsPanel.tsx # API Keys + News Feed + Shodan config β”‚ β”‚ β”œβ”€β”€ ScaleBar.tsx # Map scale indicator β”‚ β”‚ └── ErrorBoundary.tsx # Crash recovery wrapper β”‚ └── package.json

πŸ”‘ Environment Variables

Backend (backend/.env)

Required for airplane telemetry (NEW in v0.9.7 β€” startup env check flags these as critical)

Free registration: https://opensky-network.org/index.php?option=com_users&view=registration

OPENSKY_CLIENT_ID=your_opensky_client_id # OAuth2 β€” global flight state vectors OPENSKY_CLIENT_SECRET=your_opensky_secret # OAuth2 β€” paired with Client ID above

Optional (enhances data quality)

AIS_API_KEY=your_aisstream_key # Maritime vessel tracking (aisstream.io) β€” ships layer empty without it LTA_ACCOUNT_KEY=your_lta_key # Singapore CCTV cameras SHODAN_API_KEY=your_shodan_key # Shodan device search overlay SH_CLIENT_ID=your_sentinel_hub_id # Copernicus CDSE Sentinel Hub imagery SH_CLIENT_SECRET=your_sentinel_hub_secret # Paired with Sentinel Hub Client ID MESH_SAR_EARTHDATA_USER= # NASA Earthdata user (SAR Mode B β€” OPERA products) MESH_SAR_EARTHDATA_TOKEN= # NASA Earthdata token (paired with user above) MESH_SAR_COPERNICUS_USER= # Copernicus Data Space user (SAR Mode B β€” EGMS / EMS) MESH_SAR_COPERNICUS_TOKEN= # Copernicus token (paired with user above) OPENCLAW_ACCESS_TIER=restricted # OpenClaw agent tier: "restricted" (read-only) or "full" GFW_API_TOKEN=your_gfw_token # Global Fishing Watch β€” fishing_activity layer (Settings β†’ Maritime) TELEGRAM_OSINT_ENABLED=true # Telegram OSINT layer (default on) TELEGRAM_OSINT_CHANNELS=osintdefender,... # Comma-separated public channel slugs (see .env.example)

Private-lane privacy-core pinning (required when Arti or RNS is enabled)

PRIVACY_CORE_MIN_VERSION=0.1.0 PRIVACY_CORE_ALLOWED_SHA256=your_privacy_core_sha256

Optional override if you load a non-default shared library path

PRIVACY_CORE_LIB=

When MESH_ARTI_ENABLED=true or MESH_RNS_ENABLED=true, backend startup now fails closed unless the loaded privacy-core artifact reports a parseable version at or above PRIVACY_CORE_MIN_VERSION and matches one of the hashes in PRIVACY_CORE_ALLOWED_SHA256.

Generate the hash from the artifact you intend to ship:

Get-FileHash .\privacy-core\target\release\privacy_core.dll -Algorithm SHA256

sha256sum ./privacy-core/target/release/libprivacy_core.so

Then confirm authenticated GET /api/wormhole/status or GET /api/settings/wormhole-status shows the same privacy_core.version, privacy_core.library_path, and privacy_core.library_sha256.

Frontend

Variable | Where to set | Purpose

BACKEND_URL | environment in docker-compose.yml, or shell env | URL the Next.js server uses to proxy API calls to the backend. Defaults to http://backend:8000. Runtime variable β€” no rebuild needed. BACKEND_PORT | repo-root .env or shell env before docker compose up | Host port used to expose the backend API for local diagnostics. Defaults to 8000; set BACKEND_PORT=8001 if port 8000 is already in use. Does not change Docker-internal BACKEND_URL.

How it works: The frontend proxies all /api/* requests through the Next.js server to BACKEND_URL using Docker's internal networking. Browsers only talk to port 3000; the backend host port is only for local diagnostics. For local dev without Docker, BACKEND_URL defaults to http://localhost:8000.

🀝 Contributors

ShadowBroker is built in the open. These people shipped real code:

Who | What | PR

@Alienmajik | Raspberry Pi 5 support β€” ARM64 packaging, headless deployment notes, runtime tuning for Pi-class hardware | β€” @wa1id | CCTV ingestion fix β€” threaded SQLite, persistent DB, startup hydration, cluster clickability | #92 @AlborzNazari | Spain DGT + Madrid CCTV sources, STIX 2.1 threat intel export | #91 @adust09 | Power plants layer, East Asia intel coverage (JSDF bases, ICAO enrichment, Taiwan news, military classification) | #71, #72, #76, #77, #87 @Xpirix | LocateBar style and interaction improvements | #78 @imqdcr | Ship toggle split (4 categories) + stable MMSI/callsign entity IDs | β€” @csysp | Dismissible threat alerts + stable entity IDs for GDELT & News | #48, #63 @suranyami | Parallel multi-arch Docker builds (11min β†’ 3min) + runtime BACKEND_URL fix | #35, #44 @chr0n1x | Kubernetes / Helm chart architecture for HA deployments | β€”

⚠️ Disclaimer

This tool is built entirely on publicly available, open-source intelligence (OSINT) data. No classified, restricted, or non-public data is used. Carrier positions are estimates based on public reporting. The military-themed UI is purely aesthetic.

πŸ“œ License

Built with β˜• and too many API calls