And add chronological feeds of govtrack.us along with all politicians social media feeds

Have you seen these projects?

https://github.com/protomaps/PMTiles

https://github.com/maplibre/martin

I need a realtime OSINT dashboard for OSINT dashboards.

No planes etc.

No helpful output in the command window.

Seems fun but doesn't seem to be working.

first llm to stop using those damn colors for every single transparent modal in existence is going to be a big step forward.

Let me ask a dumb question. Can this be run on a public server (I use dreamhost) with a web interface for others to see? Or is this strictly something that gets run on a local computer?

How long before we see this UI in some Iran related news story

Archive version...

https://web.archive.org/web/20120112012912/http://henchmansh...

Nothing wrong with that. Beats a boring corporate dashboard any day. Video game and similar interfaces work for a reason.

Then again they were named after a video game character so it's probably fair.

You might consider changing this to a more accurate headline, like "Air and Space domain awareness."

"Full spectrum Geospatial intelligence" most commonly refers to full color satellite photos (sometimes including near infrared).

In the Geospatial world, "spectrum" almost always takes on its literal meaning - the spectrum of light. And "Geospatial intelligence" refers to intelligence gathered from Geospatial platforms, not intelligence about the locations of those platforms.

    assessment = "ANALYSIS: "

    if any(k in keywords for k in ["strike", "missile", "attack", "bomb", "drone"]):

        assessment += f"{random.randint(75, 95)}% probability of kinetic escalation within 24 hours. Recommend immediate asset relocation from projected blast radius."

    elif...

Curious whether you're doing any timestamp normalization across feeds. Marine AIS in particular can be spoofed or delayed, and correlated analysis gets messy fast if the time windows aren't aligned.

---

## Verdict: Not malicious

This is an *OSINT (Open Source Intelligence) dashboard* called "ShadowBroker" that aggregates publicly available real-time data — flights, ships, satellites, CCTV, news, radio, weather, earthquakes, stock markets, and geopolitical events — onto a map. The name references the infamous hacking group but the code itself contains no malware.

---

## What `start.sh` does

1. Checks for Node.js and Python 3 2. Creates a Python venv and installs dependencies from `requirements.txt` 3. Installs npm packages from `frontend/package.json` 4. Runs `npm run dev` which starts both a Next.js frontend and a FastAPI (uvicorn) backend

*No obfuscated commands, encoded payloads, curl/wget to suspicious URLs, reverse shells, or hidden steps.*

---

## What the full codebase does

It fetches data from these *legitimate public sources*:

| Category | Sources | |---|---| | Aviation | adsb.lol (open ADS-B), OpenSky Network (OAuth2) | | Maritime | aisstream.io (AIS vessel tracking) | | Satellites | CelesTrak (NORAD TLEs), SGP4 propagation | | CCTV | TfL London, Singapore LTA, Austin TX, NYC DOT, OpenStreetMap | | News | NPR, BBC, Al Jazeera, NYT, GDACS, NHK RSS feeds | | Radio | Broadcastify (scraping), OpenMHz API | | Weather | RainViewer | | Earthquakes | USGS GeoJSON feed | | Markets | Yahoo Finance (defense stocks, oil) | | Geopolitics | GDELT, Liveuamap (Playwright scraping) |

---

## Things that are NOT present (good signs)

- No data exfiltration — nothing sends your personal data anywhere - No reverse shells or backdoors - No cryptominer code - No encoded/obfuscated payloads - No filesystem scanning or credential harvesting - No network scanning or port scanning - The `subprocess.run` call in `network_utils.py` uses argument lists (not `shell=True`), preventing command injection

---

## Noteworthy concerns (not malicious, but worth awareness)

1. *`cloudscraper` + Playwright stealth* — Used to bypass Cloudflare/Turnstile protections on Liveuamap and OpenMHz. Legally gray (may violate those sites' ToS).

2. *CORS wide open* (`allow_origins=[""]`) in `main.py` — acceptable for a local-only tool, but means any website you visit could make requests to your local backend on port 8000 while it's running.

3. *API key management* — The `/api/settings/api-keys` PUT endpoint writes to `.env` on disk. It does validate against a whitelist of known keys and rejects newlines, but it's exposed without authentication on localhost.

4. *Resource consumption* — The scheduler makes hundreds of outbound API calls per hour from your IP to public services (ADSB, OpenSky, CelesTrak, USGS, RSS feeds, etc.).

5. *UAV data is fake* — `fetch_uavs()` generates simulated drone positions in conflict zones. It's not real tracking data.

6. *Dependencies are all legitimate* — `fastapi`, `yfinance`, `feedparser`, `playwright`, `beautifulsoup4`, `requests`, `sgp4`, etc. are all well-known Python packages. Frontend deps (Next.js, React, MapLibre, Tailwind) are standard.

---

*Bottom line*: Safe to run. It's a hobbyist OSINT dashboard with an edgy name. No malicious behavior detected anywhere in the codebase.

1. How do you handle deduplication when the same event surfaces across multiple feeds simultaneously? For news aggregation this is the hard part - an event that appears in Reuters, Bloomberg, and 12 downstream outlets is one story, not 13.

2. What's your rate limiting strategy across 15 sources? Some of the better data APIs (Shodan, GreyNoise, etc.) have strict per-minute limits that become a real constraint at even modest query frequencies.

The B2B application of this pattern is company intelligence - pulling company news, job postings, funding signals, and tech stack changes from 10+ sources and surfacing the relevant signal per account. Same architecture challenge (deduplication, rate limits, signal:noise ratio) with a much smaller initial data volume but higher precision requirements per entity.