So I got tired of bouncing between Flightradar, MarineTraffic, and Twitter every time something kicked off globally, so I wrote a dashboard to aggregate it all locally. It’s called Shadowbroker.
I’ll admit I leaned way too hard into the "movie hacker" aesthetic for the UI, but the actual pipeline underneath is real. It pulls commercial/military ADS-B, the AIS WebSocket stream (about 25,000+ ships), N2YO satellite telemetry, and GDELT conflict data into a single MapLibre instance.
Getting this to run without melting my browser was the hardest part. I'm running this on a laptop with an i5 and an RTX 3050, and initially, dumping 30k+ moving GeoJSON features onto the map just crashed everything. I ended up having to write pretty aggressive viewport culling, debounce the state updates, and compress the FastAPI payloads by like 90% just to make it usable.
My favorite part is the signal layer—it actually calculates live GPS jamming zones by aggregating the real-time navigation degradation (NAC-P) of commercial flights overhead.
It’s Next.js and Python. I threw a quick-start script in the releases if you just want to spin it up, but the repo is open if you want to dig into the backend.
Let me know if my MapLibre implementation is terrible, I'm always looking for ways to optimize the rendering.
Have you seen these projects?
Right now, ShadowBroker is really optimized for 'blinking blip' real-time radar tracking (streaming the raw GeoJSON payload from the FastAPI backend directly to MapLibre every 60s), so we get as close to as smooth 60fps entity animations across the map.
Moving to something like Martin would be incredible for handling EVEN MORE entities if we start archiving historical flight and AIS data into a proper PostGIS database, but the trade-off of having to invalidate the vector tile cache every few seconds for live-moving targets makes it a bit overkill right now....
Great project, will be contributing!
I set that up for an agricultural project a while back.
everything is open source
https://github.com/blue-monads/potato-apps/tree/master/cimpl...
i should finish but have not have time
You might consider changing this to a more accurate headline, like "Air and Space domain awareness."
"Full spectrum Geospatial intelligence" most commonly refers to full color satellite photos (sometimes including near infrared).
In the Geospatial world, "spectrum" almost always takes on its literal meaning - the spectrum of light. And "Geospatial intelligence" refers to intelligence gathered from Geospatial platforms, not intelligence about the locations of those platforms.
No planes etc.
No helpful output in the command window.
Seems fun but doesn't seem to be working.
Did the terminal throw any Python FastAPI errors, or did it just serve the Next.js frontend? I'm going to push an update later today to show a prominent "Backend Disconnected / Missing API Keys" warning on the UI so it doesn't just look dead. Thanks for testing it!
fastapi==0.103.1
uvicorn==0.23.2
yfinance>=0.2.40
feedparser==6.0.10
legacy-cgi==2.6.1
requests==2.31.0
apscheduler==3.10.3
pydantic==2.11.0
pydantic-settings==2.8.0
playwright>=1.58.0
beautifulsoup4>=4.12.0
sgp4>=2.22
cachetools>=5.3.0
cloudscraper>=1.2.71
reverse_geocoder>=1.5.1
lxml>=5.0
python-dotenv>=1.0
and be on python 3.13 and it should get you up and running
[1] node:internal/modules/cjs/loader:1368
[1] throw err;
[1] ^
[1]
[1] Error: Cannot find module '/home/user/shadow/start-backend.js'
[1] at Function._resolveFilename (node:internal/modules/cjs/loader:1365:15)
[1] at defaultResolveImpl (node:internal/modules/cjs/loader:1021:19)
[1] at resolveForCJSWithHooks (node:internal/modules/cjs/loader:1026:22)
[1] at Function._load (node:internal/modules/cjs/loader:1175:37)
[1] at TracingChannel.traceSync (node:diagnostics_channel:322:14)
[1] at wrapModuleLoad (node:internal/modules/cjs/loader:235:24)
[1] at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:171:5)
[1] at node:internal/main/run_main_module:36:49 {
[1] code: 'MODULE_NOT_FOUND',
[1] requireStack: []
[1] }Curious whether you're doing any timestamp normalization across feeds. Marine AIS in particular can be spoofed or delayed, and correlated analysis gets messy fast if the time windows aren't aligned.
I need a realtime OSINT dashboard for OSINT dashboards.
I wish these weekend warriors would work on a project like that someday, to see what capabilities truly take. You want to know what's happening in the world, you need to place physical sensors out there, deal with the fact that your own signals are being jammed and blocked, the things you're trying to see are also trying to hide and disguise themselves.
The attention to detail is something I've never seen replicated outside. Every time we changed or put out a new algorithm, we had to process old data with it and explain to analysts and scientists every single pixel that changed in the end product and why.
apples and oranges
Then again they were named after a video game character so it's probably fair.
(spoiler alert if you ever intend to play ME)
Nothing wrong with that. Beats a boring corporate dashboard any day. Video game and similar interfaces work for a reason.
And add chronological feeds of govtrack.us along with all politicians social media feeds
Let me ask a dumb question. Can this be run on a public server (I use dreamhost) with a web interface for others to see? Or is this strictly something that gets run on a local computer?
You can throw it on a server and run it for you to see (or anyone else if you trust people or dont care about losing your free API keys) It's just a standard Next.js and FastAPI stack, and there are Dockerfiles in the repo so it should be pretty straightforward to spin up on a cheap VPS (like a DigitalOcean droplet or Hetzner).
Honestly, if you just want to show it off to a few people, running it locally and exposing it with a Cloudflare Tunnel or Ngrok is probably the path of least resistance.
I WILL work on having a version to host it where users have to bring their own keys to see it in the future though
Archive version...
https://web.archive.org/web/20120112012912/http://henchmansh...
How long before we see this UI in some Iran related news story
https://www.yahoo.com/news/articles/why-f-ck-x-big-220249332...
@grok who should we boomb next?
first llm to stop using those damn colors for every single transparent modal in existence is going to be a big step forward.
assessment = "ANALYSIS: "
if any(k in keywords for k in ["strike", "missile", "attack", "bomb", "drone"]):
assessment += f"{random.randint(75, 95)}% probability of kinetic escalation within 24 hours. Recommend immediate asset relocation from projected blast radius."
elif...
edit: no idea why they deleted the comment but they linked to this video https://www.youtube.com/watch?v=0p8o7AeHDzg
As was already said in one of the reference videos, it's impressive what one person can do.
But the next step is to define an architecture where authors can defined/implement plug-ins with particular modular capabilities instead of one big monolith. For example, instead of front-end (GUI) and back-end (feeds), there ought to be a middle layer that models some of the domain logic (events: surces, filters, sinks; stories/time lines etc.).
I would like to see a plug-in for EMM (European Media Monitor) integrated, for instance ( https://emm.newsbrief.eu/NewsBrief/alertedition/en/ECnews.ht... ).
---
## Verdict: Not malicious
This is an *OSINT (Open Source Intelligence) dashboard* called "ShadowBroker" that aggregates publicly available real-time data — flights, ships, satellites, CCTV, news, radio, weather, earthquakes, stock markets, and geopolitical events — onto a map. The name references the infamous hacking group but the code itself contains no malware.
---
## What `start.sh` does
1. Checks for Node.js and Python 3 2. Creates a Python venv and installs dependencies from `requirements.txt` 3. Installs npm packages from `frontend/package.json` 4. Runs `npm run dev` which starts both a Next.js frontend and a FastAPI (uvicorn) backend
*No obfuscated commands, encoded payloads, curl/wget to suspicious URLs, reverse shells, or hidden steps.*
---
## What the full codebase does
It fetches data from these *legitimate public sources*:
| Category | Sources | |---|---| | Aviation | adsb.lol (open ADS-B), OpenSky Network (OAuth2) | | Maritime | aisstream.io (AIS vessel tracking) | | Satellites | CelesTrak (NORAD TLEs), SGP4 propagation | | CCTV | TfL London, Singapore LTA, Austin TX, NYC DOT, OpenStreetMap | | News | NPR, BBC, Al Jazeera, NYT, GDACS, NHK RSS feeds | | Radio | Broadcastify (scraping), OpenMHz API | | Weather | RainViewer | | Earthquakes | USGS GeoJSON feed | | Markets | Yahoo Finance (defense stocks, oil) | | Geopolitics | GDELT, Liveuamap (Playwright scraping) |
---
## Things that are NOT present (good signs)
- No data exfiltration — nothing sends your personal data anywhere - No reverse shells or backdoors - No cryptominer code - No encoded/obfuscated payloads - No filesystem scanning or credential harvesting - No network scanning or port scanning - The `subprocess.run` call in `network_utils.py` uses argument lists (not `shell=True`), preventing command injection
---
## Noteworthy concerns (not malicious, but worth awareness)
1. *`cloudscraper` + Playwright stealth* — Used to bypass Cloudflare/Turnstile protections on Liveuamap and OpenMHz. Legally gray (may violate those sites' ToS).
2. *CORS wide open* (`allow_origins=[""]`) in `main.py` — acceptable for a local-only tool, but means any website you visit could make requests to your local backend on port 8000 while it's running.
3. *API key management* — The `/api/settings/api-keys` PUT endpoint writes to `.env` on disk. It does validate against a whitelist of known keys and rejects newlines, but it's exposed without authentication on localhost.
4. *Resource consumption* — The scheduler makes hundreds of outbound API calls per hour from your IP to public services (ADSB, OpenSky, CelesTrak, USGS, RSS feeds, etc.).
5. *UAV data is fake* — `fetch_uavs()` generates simulated drone positions in conflict zones. It's not real tracking data.
6. *Dependencies are all legitimate* — `fastapi`, `yfinance`, `feedparser`, `playwright`, `beautifulsoup4`, `requests`, `sgp4`, etc. are all well-known Python packages. Frontend deps (Next.js, React, MapLibre, Tailwind) are standard.
---
*Bottom line*: Safe to run. It's a hobbyist OSINT dashboard with an edgy name. No malicious behavior detected anywhere in the codebase.
Everyone has their own hueristic, but if it took someone 6 hours or whatever to make some whole big app, my confidence that they will continue to maintain or care about it even next week is pretty much zero... How could they? They've already made three other apps in that time!
I don't care if the code is perfect, all this stuff just has the feel of plastic cutlery, if that makes sense.
Of course it's commoditized and a dime-a-dozen today, but if this is what HN terms as "AI slop" then apparently human SWEs weren't that much better.