PromptHub
Developer Tools Cybersecurity & OSINT

ShadowBroker OSINT Dashboard: Track Aircraft, Ships & Satellites

B

Bright Coding

Author

14 min read
36 views
ShadowBroker OSINT Dashboard: Track Aircraft, Ships & Satellites

ShadowBroker: The Insane OSINT Dashboard Tracking 60+ Intelligence Feeds in Real-Time

What if I told you that billionaires' private jets, nuclear aircraft carriers, spy satellites, and police scanner chatter are all broadcasting publicly right now—and you could watch them all on one screen?

Here's the dirty secret of modern surveillance: the data is already out there. Aircraft squawk their positions via ADS-B. Ships blare AIS signals across the oceans. Satellites trace predictable orbits. Earthquakes ripple through USGS sensors. Police scanners stream unencrypted. The wealthy fly their Gulfstreams with transponders blazing. Yet this ocean of open-source intelligence (OSINT) remains fractured across dozens of tools, paywalled APIs, and clunky interfaces that would make a 1990s GIS analyst weep.

Analysts waste hours tab-hopping between FlightRadar24, MarineTraffic, SatNOGS, and a dozen niche tools. Researchers miss critical correlations because no single platform connects the dots. Radio operators manually tune frequencies while geopolitical events unfold in separate browser tabs. The signal is drowning in noise—not because the data doesn't exist, but because nobody bothered to unify it.

Until now.

Enter ShadowBroker—a decentralized, self-hosted intelligence platform that aggregates 60+ live telemetry feeds into a single dark-ops map interface. Built by BigBodyCobain and exploding across developer communities, this isn't just another flight tracker. It's a complete geospatial intelligence operating system that runs entirely in your browser against a backend you control. No accounts. No telemetry theft. No cloud dependency. Just pure, unfiltered situational awareness of everything happening on Earth right now.

Ready to see what the world looks like when every public signal converges on one screen? Let's dive deep.


What Is ShadowBroker?

ShadowBroker is an open-source intelligence platform designed for real-time, multi-domain geospatial awareness. Created by developer BigBodyCobain and hosted at https://github.com/BigBodyCobain/Shadowbroker, it represents a radical reimagining of how public telemetry should be consumed—not as fragmented SaaS products, but as a unified, operator-controlled intelligence surface.

The platform's architecture stacks three vertical planes: a Next.js + MapLibre GL Operator UI, a FastAPI + Python Backend Service Plane, and an experimental decentralized InfoNet layer for obfuscated mesh communications. Two cross-cutting bridges—the Time Machine snapshot playback system and the Agentic AI Command Channel—transform it from passive dashboard into active intelligence workstation.

ShadowBroker is trending now because it solves a problem that has plagued OSINT practitioners for decades: correlation across domains. When a private jet disappears from ADS-B near a GPS jamming zone while a carrier strike group repositions per GDELT news scraping and seismic sensors detect anomalous readings—those connections remain invisible in siloed tools. ShadowBroker renders them on the same map, updating in real time, with an AI agent that can parse patterns no human would catch.

The project explicitly does not introduce new surveillance capabilities. It aggregates and visualizes existing public datasets—ADS-B broadcasts, AIS maritime signals, satellite orbital data, earthquake sensors, mesh radio networks, and more. Its fully open-source nature means anyone can audit exactly what data is accessed and how. No user data is collected or transmitted. Everything runs locally against a self-hosted backend. This privacy-first, transparency-maximal approach has resonated powerfully with developers, researchers, and analysts who are exhausted by proprietary intelligence tools that monetize their attention while hiding their own data practices.


Key Features That Make ShadowBroker Insane

ShadowBroker's feature set reads like a wishlist from an intelligence analyst's fever dream. Here's what separates it from anything else in the open-source ecosystem:

🛰️ 60+ Toggleable Data Layers: From commercial flights and military aircraft to maritime AIS vessels, satellite orbits, CCTV cameras, police scanners, mesh radio nodes, earthquakes, wildfires, internet outages, and power plants—every layer can be independently toggled. The SAR (Synthetic Aperture Radar) ground-change detection layer deserves special mention: it detects millimeter-scale ground deformation through cloud cover and darkness, using free NASA OPERA and Copernicus EGMS data.

🎨 Five Visual Modes: DEFAULT (dark CARTO), SATELLITE (sub-meter Esri), FLIR (thermal inverted greyscale), NVG (night vision green phosphor), and CRT (retro terminal scanlines). Switch aesthetics instantly based on operational needs or pure cyberpunk preference.

🤖 Agentic AI Command Channel: A bidirectional, HMAC-signed bridge that gives compatible AI agents full read/write access. OpenClaw is the reference implementation, but any LLM agent speaking the protocol—Claude, GPT, LangChain, custom Python/TypeScript clients—can connect. Agents place investigation pins, control map views, query SAR anomalies, participate in mesh governance, and generate intelligence reports. The batch execution endpoint handles 20 concurrent commands in a single request.

⏱️ Time Machine Snapshot Playback: The entire telemetry feed becomes a media recording. Scrub, pause, rewind, and fast-forward through saved snapshots with frame interpolation for smooth motion. Profile-aware playback ensures what you see matches what an operator would have seen at that moment.

🧅 InfoNet Decentralized Mesh: An experimental testnet for obfuscated intelligence communications—gate personas, Dead Drop peer-to-peer exchange, token-based epoch mailboxes, and a governance economy called Sovereign Shell with petitions, upgrade-hash voting, and dispute markets. No accounts. No signup. Pure pseudonymous participation.

🔍 Shodan Integration: Query internet-connected devices worldwide—cameras, SCADA systems, databases—and plot results as a live overlay. Uses your own API key; results stay local.

📻 Integrated SIGINT: Click 500+ KiwiSDR nodes to tune live shortwave. Listen to police scanners via OpenMHZ. Monitor Meshtastic mesh radio and APRS amateur networks. Detect GPS jamming zones from aircraft NAC-P degradation analysis.


Real-World Use Cases Where ShadowBroker Dominates

1. Investigative Journalism & Wealth Tracking

ShadowBroker's aviation layer doesn't just track flights—it identifies owners of private jets and highlights Air Force One plus all Presidential/Vice Presidential aircraft from wheels-up. Journalists tracking oligarch movements, corporate executive travel to suspicious destinations, or government officials' undisclosed trips gain unprecedented visibility. The holding pattern detection and flight trail accumulation reveal circling behavior that suggests surveillance, waiting, or coordination.

2. Maritime Security & Sanctions Enforcement

With 25,000+ AIS vessels, fishing activity from Global Fishing Watch, and a carrier strike group tracker that estimates US Navy aircraft carrier positions through automated GDELT news scraping, maritime analysts can identify sanctions-evading ship-to-ship transfers, illegal fishing in protected waters, or military repositioning before official announcements. The 50+ geographic region-to-coordinate mappings (e.g., "Eastern Mediterranean" → lat/lng) enable rapid geolocation of vague news reports.

3. Disaster Response & Environmental Monitoring

When earthquakes strike, wildfires spread, or floods submerge regions, ShadowBroker correlates USGS seismic data, NASA FIRMS thermal anomalies, SAR ground-change detection, air quality readings, and weather alerts on one screen. SAR's ability to see through cloud cover means flood extent and landslide detection continues when optical satellites are blinded. Define custom AOIs (Areas of Interest) and receive anomaly alerts automatically.

4. Cybersecurity & Infrastructure Intelligence

The Shodan overlay maps internet-exposed industrial control systems, databases, and cameras. Cross-reference with 2,000+ data centers, 35,000+ power plants, and internet outage regions from Georgia Tech IODA to identify critical infrastructure at risk or already compromised. The GPS jamming detection layer reveals electronic warfare activity that may precede or accompany cyber operations.

5. AI-Augmented Analyst Workflows

Connect an AI agent through the HMAC-signed channel and transform ShadowBroker from dashboard to collaborative intelligence partner. The agent monitors all 35+ layers continuously, promotes SAR anomalies to investigation pins, flies your map to emerging hotspots, generates structured intelligence reports with correlation analysis, and delivers alerts to Discord or Telegram. Human analysts focus on judgment; AI handles relentless pattern detection across domains.


Step-by-Step Installation & Setup Guide

ShadowBroker offers multiple deployment paths—from one-command Docker to full source builds. Here's how to get running fast.

Docker Quick Start (Recommended)

The fastest path to a working dashboard. Requires Docker Desktop or Docker Engine.

# Clone the repository
git clone https://github.com/BigBodyCobain/Shadowbroker.git
cd Shadowbroker

# Pull pre-built images and start containers
docker compose pull
docker compose up -d

Open http://localhost:3000 in your browser. That's it. The frontend proxies API calls through Next.js to the backend; you only need port 3000 exposed.

Backend port conflict? If port 8000 is occupied, create/edit .env next to docker-compose.yml:

BACKEND_PORT=8001

Then restart: docker compose up -d.

Memory-constrained hosts? The backend defaults to 4GB. If you see OOM restarts (docker events --since 30m --filter container=shadowbroker-backend --filter event=oom), reduce in .env:

BACKEND_MEMORY_LIMIT=3G

Expect slower layer warmup with less memory.

Podman users: Install a Compose provider first, then run from the cloned folder:

# Linux/macOS/WSL
python3 -m pip install --user podman-compose
podman-compose pull
podman-compose up -d

# Or use the included wrapper
./compose.sh --engine podman pull
./compose.sh --engine podman up -d

Standalone Deploy (Portainer, NAS, Cloud VMs)

No repo clone needed. Create this docker-compose.yml and deploy directly:

services:
  backend:
    image: ghcr.io/bigbodycobain/shadowbroker-backend:latest
    container_name: shadowbroker-backend
    ports:
      - "${BACKEND_PORT:-8000}:8000"
    environment:
      - AIS_API_KEY=your_aisstream_key          # Required — free at aisstream.io
      - OPENSKY_CLIENT_ID=                       # Optional — higher flight rate limits
      - OPENSKY_CLIENT_SECRET=                   # Optional — paired with Client ID
      - LTA_ACCOUNT_KEY=                         # Optional — Singapore CCTV cameras
      - SHODAN_API_KEY=                          # Optional — Shodan device search
      - SH_CLIENT_ID=                            # Optional — Sentinel Hub imagery
      - SH_CLIENT_SECRET=                        # Optional — paired with Sentinel Hub ID
    volumes:
      - backend_data:/app/data
    restart: unless-stopped

  frontend:
    image: ghcr.io/bigbodycobain/shadowbroker-frontend:latest
    container_name: shadowbroker-frontend
    ports:
      - "3000:3000"
    environment:
      - BACKEND_URL=http://backend:8000   # Docker internal networking
    depends_on:
      - backend
    restart: unless-stopped

volumes:
  backend_data:

The BACKEND_URL is a runtime variable—change it in Portainer or any compose editor without rebuilding. Point it at any reachable backend address.

Developer Setup (Source Build)

For code modification or contribution:

Prerequisites:

  • Node.js 18+ and npm
  • Python 3.10, 3.11, or 3.12 (3.13+ may have compatibility issues)
  • API keys: aisstream.io (required), optionally opensky-network.org (OAuth2), lta.gov.sg
# Clone repository
git clone https://github.com/BigBodyCobain/Shadowbroker.git
cd Shadowbroker

# Backend setup
cd backend
python -m venv venv
source venv/bin/activate    # macOS/Linux
# venv\Scripts\activate     # Windows
pip install .

# Create environment file with your keys
echo "AIS_API_KEY=your_aisstream_key" >> .env
echo "OPENSKY_CLIENT_ID=your_opensky_client_id" >> .env
echo "OPENSKY_CLIENT_SECRET=your_opensky_secret" >> .env

# Frontend setup
cd ../frontend
npm ci

# Start both frontend and backend concurrently
npm run dev

This launches:

  • Next.js frontend at http://localhost:3000
  • FastAPI backend at http://localhost:8000

No-Code Quick Start

  1. Visit the Releases tab
  2. Download latest .zip
  3. Extract to your computer
  4. Windows: Double-click start.bat Mac/Linux: chmod +x start.sh && dos2unix start.sh && ./start.sh
  5. Dashboard auto-launches when ready

REAL Code Examples from the Repository

Let's examine actual implementation patterns from ShadowBroker's codebase, with detailed explanations of what each block accomplishes.

Example 1: Docker Compose Quick Start

The repository's recommended deployment path uses pre-built container images. Here's the exact quick-start sequence from the README:

# Clone the repository from GitHub
git clone https://github.com/bigbodycobain/Shadowbroker.git

# Enter the project directory
cd Shadowbroker

# Pull latest pre-built images from GitHub Container Registry
docker compose pull

# Start containers in detached mode (background)
docker compose up -d

What's happening here? The git clone fetches the repository including docker-compose.yml, which defines two services: backend (FastAPI + Python data fetchers) and frontend (Next.js + MapLibre). The docker compose pull command downloads pre-built images rather than building from source—critical for rapid deployment. up -d starts both containers detached from your terminal. The frontend exposes port 3000; the backend exposes port 8000 for local diagnostics but communicates internally via Docker networking. This design means you can update in seconds: docker compose pull && docker compose up -d grabs new images and restarts without rebuilds.

Example 2: Kubernetes Helm Deployment

For high-availability or home-lab cluster deployments, ShadowBroker provides a Helm chart:

# Add the bjw-s-labs Helm repository
helm repo add bjw-s-labs https://bjw-s-labs.github.io/helm-charts/

# Update repository index to latest charts
helm repo update

# Install ShadowBroker from local chart directory into new namespace
helm install shadowbroker ./helm/chart --create-namespace --namespace shadowbroker

What's happening here? This deploys ShadowBroker onto Kubernetes with modular scaling—backend and frontend can be scaled independently. The chart includes security contexts with restricted UIDs (1001) for container hardening, and is compatible with Traefik ingress, Cert-Manager for TLS, and Gateway API. The ./helm/chart path refers to charts included in the cloned repository. This deployment pattern suits operators running homelab clusters who need resilience beyond single-node Docker.

Example 3: AI Agent Channel Authentication (HMAC-SHA256)

The agentic AI command channel uses cryptographic signing for secure agent access. Here's the signing contract from the architecture documentation:

# The HMAC signature construction for agent authentication
# This is the protocol any compatible agent must implement

signature = HMAC-SHA256(
    secret,           # Shared HMAC secret from AI Intel panel "Connect Agent"
    METHOD |          # HTTP method: "POST"
    path |            # API path: "/api/ai/channel/command"
    timestamp |       # X-SB-Timestamp header (epoch seconds)
    nonce |           # X-SB-Nonce header (cryptographic nonce)
    sha256(body)      # SHA-256 hash of the JSON request body
)

What's happening here? Every agent command is cryptographically signed to prevent replay attacks and request tampering. The secret is generated when you click Connect Agent in the AI Intel panel. The signature binds the HTTP method, API path, timestamp (with tolerance for clock skew), unique nonce, and body hash. This means even if an attacker intercepts a valid request, they cannot replay it (nonce consumed), modify it (signature invalidates), or forge new requests (requires secret). The tier-gated access control means restricted tier agents get read-only access; full tier adds write capabilities, map control, and native layer injection. This is enterprise-grade API security applied to personal intelligence infrastructure.

Example 4: Local AIS Receiver Feed (RTL-SDR Integration)

ShadowBroker can ingest your own radio-received ship data using an RTL-SDR dongle:

# Docker deployment of AIS-catcher with RTL-SDR device passthrough
docker run -d --device /dev/bus/usb \
  ghcr.io/jvde-github/ais-catcher \
  -H http://host.docker.internal:4000/api/ais/feed \
  interval 10

# Native deployment (direct binary execution)
AIS-catcher -H http://localhost:4000/api/ais/feed interval 10

What's happening here? AIS-catcher decodes VHF maritime radio signals on 161.975 MHz and 162.025 MHz using software-defined radio. The -H flag specifies ShadowBroker's AIS ingestion endpoint; interval 10 POSTs decoded vessel data every 10 seconds. The --device /dev/bus/usb flag passes your RTL-SDR USB dongle through to the container. Ships detected by your local antenna appear alongside the global AISstream feed—giving you coverage of vessels within 20-60 nautical miles depending on antenna quality, even in areas with poor internet AIS coverage. This hybrid approach combines global API data with local radio intelligence for comprehensive maritime awareness.


Advanced Usage & Best Practices

Optimize Performance for Your Hardware: ShadowBroker's backend defaults to 4GB RAM. On constrained systems (Raspberry Pi 4/5, old laptops), reduce to 3GB and disable heavy layers like CCTV Mesh or MODIS Terra until needed. The frontend's viewport culling and clustering already minimize rendering load—trust the defaults before tweaking.

Layer Correlation Strategy: Don't enable all 37 layers simultaneously. Start with domain-relevant subsets: aviation + GPS jamming for electronic warfare analysis; maritime + fishing activity + carrier tracker for naval intelligence; SAR + earthquakes + infrastructure for disaster assessment. The AI agent excels at cross-layer correlation when you give it focused domains.

Time Machine for Pattern Analysis: Enable snapshot capture during significant events. The playback system lets you prove temporal sequences—"the GPS jamming appeared 12 minutes before the military flights diverted"—with frame-accurate reconstruction. Snapshots store locally; no cloud exposure.

InfoNet Operational Security: Treat ALL channels as public. The Dead Drop DMs offer the strongest current lane but are not yet confidently private. Do not transmit sensitive operational information. For maximum caution, run mesh participation through Tor or VPN layers until Sprint 11+ privacy primitives (RingCT, stealth addresses) are wired.

API Key Hygiene: The v0.9.7 API Keys panel is path-first, read-only—key values never reach the browser. Always edit .env directly on the backend host, never through web forms. The critical-warn startup check for OpenSky credentials ensures you know when flight coverage degrades to ADSB-only with gaps in Africa, Asia, and Latin America.


ShadowBroker vs. Alternatives: Why This Wins

Feature ShadowBroker FlightRadar24 MarineTraffic Google Earth Custom GIS Stack
Self-hosted ✅ Full control ❌ SaaS only ❌ SaaS only ❌ Cloud ⚠️ Complex
Multi-domain ✅ 60+ layers ❌ Aviation only ❌ Maritime only ❌ Static imagery ⚠️ Manual integration
Real-time updates ✅ <60s most layers ✅ ~5s ✅ ~60s ❌ Delayed ⚠️ Build yourself
AI agent integration ✅ Native HMAC channel ❌ None ❌ None ❌ None ⚠️ Custom dev
SAR ground-change ✅ Free NASA/Copernicus ❌ None ❌ None ❌ Limited ⚠️ Expert setup
Decentralized mesh ✅ InfoNet testnet ❌ None ❌ None ❌ None ❌ None
Privacy ✅ Zero data collection ❌ Tracks users ❌ Tracks users ❌ Tracks users ✅ If configured
Cost ✅ Free, open-source 💰 Premium tiers 💰 Expensive API 💰 Enterprise 💰 High dev cost
CCTV/scanner/SIGINT ✅ Integrated ❌ None ❌ None ❌ None ⚠️ Fragmented tools
Carrier tracking ✅ GDELT OSINT estimate ❌ None ❌ None ❌ None ❌ None

The verdict: ShadowBroker doesn't just compete with alternatives—it eliminates the need for multiple subscriptions while adding capabilities no commercial platform offers. The self-hosted model means your intelligence stays yours. The open-source code means capabilities improve transparently. The AI channel means it grows smarter with your workflows, not against them.


Frequently Asked Questions

Is ShadowBroker legal to use?

Yes. ShadowBroker aggregates publicly broadcast data—ADS-B, AIS, satellite orbital elements, earthquake feeds, and other open sources. It does not intercept encrypted communications, hack systems, or access private data. The Shodan overlay uses your own API key for internet device search, which is explicitly permitted by Shodan's terms. Always comply with local laws regarding radio reception and data use.

Do I need programming skills to run ShadowBroker?

No. The Docker quick start requires only copying three terminal commands. The no-code release downloads include start.bat and start.sh scripts that auto-install everything. Developer setup is only needed for code modification or contribution.

What hardware do I need?

Minimum: any computer running Docker with 4GB RAM available. The backend runs on both x86_64 and ARM64 (including Raspberry Pi 5). For local AIS radio reception, add an RTL-SDR USB dongle (~$30). For enhanced flight coverage, free OpenSky API credentials suffice.

Is my data private when using ShadowBroker?

Completely. No user data is collected or transmitted. The dashboard runs entirely in your browser against a backend you self-host. No accounts, no analytics, no telemetry. The InfoNet mesh communications are obfuscated but explicitly not yet end-to-end encrypted—treat them as public channels for now.

Can I connect my own AI agent?

Yes. Any agent implementing the HMAC-SHA256 signing protocol can connect. OpenClaw is the reference agent with a ShadowBrokerClient skill package. Claude Code, GPT, LangChain, and custom agents work with the documented contract. The discovery endpoint lets agents introspect their available commands based on tier.

How do I update to new versions?

Docker: docker compose pull && docker compose up -d. Takes seconds. For major version migrations (like the March 2026 commit history rewrite), fresh clone and re-pull. The Helm chart supports rolling updates via helm upgrade.

What happens if my backend runs out of memory?

The backend container restarts automatically. Slow/heavy layers (CCTV, SAR, satellite imagery) may appear empty until they repopulate. Check with docker events --filter event=oom and reduce BACKEND_MEMORY_LIMIT or disable heavy layers if your host is constrained.


Conclusion: The Intelligence Surface You Didn't Know You Needed

ShadowBroker represents something rare in modern software: a tool that gets more powerful the more you understand it, without punishing beginners. In 30 minutes, you can have a working dashboard tracking global aviation, maritime traffic, and satellite positions. In 30 days, you can have an AI agent correlating SAR ground-change anomalies with geopolitical events, feeding intelligence briefs to your team via Telegram, while participating in an experimental decentralized mesh network.

The platform's architecture—three vertical planes, two cross-cutting bridges, and a privacy-core Rust crate—reveals serious engineering depth beneath its accessible surface. The 60+ data layers aren't vanity features; they're the result of recognizing that intelligence is inherently multi-domain. A ship disappearing from AIS near a GPS jamming zone while private jets converge on a nearby airport isn't three separate stories—it's one story that only makes sense when viewed together.

What BigBodyCobain has built isn't just a dashboard. It's an operating system for open-source intelligence that respects operator autonomy, prioritizes privacy, and embraces AI augmentation without dependency on cloud AI providers. The experimental InfoNet mesh and Sovereign Shell governance suggest even more radical possibilities: intelligence communities that are decentralized, pseudonymous, and collectively governed.

My assessment? ShadowBroker is the most significant open-source intelligence platform since early Tor nodes made anonymity accessible. It won't replace classified systems for nation-states, but for journalists, researchers, security analysts, disaster responders, and curious developers—it offers capabilities that were literally impossible to self-host at any price just two years ago.

The knowledge is available to all but rarely aggregated in the open. Until now.

👉 Get started today: Clone https://github.com/BigBodyCobain/Shadowbroker, run docker compose up -d, and see what the world looks like when every public signal converges on your screen. The map is waiting. What will you discover?

Comments (0)

Comments are moderated before appearing.

No comments yet. Be the first to share your thoughts!

Support us! ☕