Shadowbroker: The Open-Source OSINT Platform Bringing Global Intelligence to Everyone

What Is Shadowbroker?

Shadowbroker is a self-hosted, open-source global intelligence platform that aggregates 60+ real-time OSINT feeds into a single dark-ops map interface. Think of it as a Google Earth for intelligence analysts—but with live telemetry from aircraft transponders, ship broadcasts, satellite orbits, conflict zones, CCTV networks, GPS jamming zones, earthquake sensors, wildfires, police scanners, mesh radio networks, and breaking geopolitical events. All updating in real time. All on one screen.

Built with Next.js, MapLibre GL, FastAPI, and Python, Shadowbroker is fully open-source (AGPL-3.0) and runs entirely on your own hardware—no cloud dependencies, no telemetry, no user tracking. It's designed for analysts, researchers, journalists, radio operators, and anyone who wants to see what the world looks like when every public signal is on the same map.

Key differentiators:

• Decentralized intelligence mesh (InfoNet) — the first OSINT tool with built-in encrypted peer-to-peer communication
• AI agent command channel — let AI agents analyze the data alongside you with full read/write access
• SAR ground-change detection — detect mm-scale ground deformation through cloud cover using NASA OPERA and Copernicus EGMS
• 35+ toggleable data layers — independently control what you see, from commercial flights to military bases
• Multiple visual modes — DEFAULT, SATELLITE, FLIR (thermal), NVG (night vision), CRT (retro terminal)

📦 GitHub: BigBodyCobain/Shadowbroker 🌟 6.7k+ stars | 🍴 1.1k forks | 🐳 Docker ready

Why Shadowbroker Exists: The OSINT Aggregation Problem

A surprising amount of global telemetry is already public:

• Aircraft broadcast ADS-B positions every second (OpenSky Network, adsb.lol)
• Ships transmit AIS signals for collision avoidance (aisstream.io, 25,000+ vessels)
• Satellites publish orbital elements (CelesTrak, 2,000+ tracked objects)
• Earthquakes are detected by USGS seismometers worldwide
• Conflicts are aggregated by GDELT from 100,000+ news sources
• 11,000+ CCTV cameras stream publicly across London, NYC, California, Spain, Singapore
• GPS jamming zones are inferred from aircraft NAC-P degradation
• Police scanners broadcast emergency communications (OpenMHZ)
• Mesh radio networks (Meshtastic, APRS) relay messages globally

The problem: This data is scattered across dozens of tools and APIs. Analysts have to juggle FlightRadar24, MarineTraffic, N2YO, separate news feeds, separate conflict databases, separate weather services—switching contexts constantly, losing the big picture.

Shadowbroker's answer: Combine all of it into a single interface. No accounts. No telemetry. Fully open-source so you can audit exactly what data is accessed and how.

Core Features: What Can Shadowbroker Do?

1. Real-Time Multi-Domain Tracking

Aviation (4 layers):

• Commercial flights — 5,000+ aircraft via OpenSky Network
• Private jets — bizjets with owner identification (track billionaire movements)
• Military flights — tankers, ISR, fighters via adsb.lol military endpoint
• Air Force One — Presidential/Vice Presidential aircraft highlighted and monitored from takeoff

Maritime (4 layers):

• AIS vessels — 25,000+ real-time positions via WebSocket
• Carrier strike groups — All 11 US Navy aircraft carriers with OSINT-estimated positions (automated GDELT news scraping)
• Fishing activity — Global Fishing Watch vessel events
• Superyachts — Billionaire and oligarch vessels

Space (3 layers):

• Satellites — 2,000+ orbital assets color-coded by mission (military recon, SAR, SIGINT, navigation)
• SatNOGS — Amateur satellite ground station network
• TinyGS — LoRa satellite constellation tracking

Rail:

• Amtrak trains — Real-time US rail positions
• DigiTraffic — European rail tracking

2. Surveillance & SIGINT

CCTV Mesh — 11,000+ live cameras across 13 sources, 6 countries:

• 🇬🇧 Transport for London JamCams
• 🇺🇸 NYC DOT, Austin, California (12 Caltrans districts), Washington, Georgia, Illinois, Michigan
• 🇪🇸 Spain DGT + Madrid City (357 cameras)
• 🇸🇬 Singapore LTA
• 🌍 Windy Webcams

Software-Defined Radio:

• KiwiSDR — Click any SDR node to tune live shortwave radio directly in the dashboard
• Police scanners — OpenMHZ feeds with scan mode (eavesdrop-by-click)
• Meshtastic mesh radio — MQTT-based mesh radio integration with node map
• APRS — Amateur radio positioning via APRS-IS TCP feed

GPS Jamming Detection — Real-time analysis of aircraft NAC-P (Navigation Accuracy Category) values identifies interference zones with red overlay squares and "GPS JAM XX%" severity labels.

3. Geopolitics & Conflict Monitoring

• GDELT incidents — ~1,000 conflict events from the last 8 hours
• Ukraine frontline — Live warfront GeoJSON from DeepState Map
• Ukraine air alerts — Real-time regional air raid alerts
• SIGINT/RISINT news feed — RSS aggregation from intelligence-focused sources (up to 20 customizable feeds)

Region Dossier — Right-click anywhere on Earth for:

• Country profile (population, capital, languages, area)
• Current head of state (live Wikidata SPARQL query)
• Wikipedia summary with thumbnail
• Latest Sentinel-2 satellite photo (10m resolution, capture date, cloud cover %)

4. Environmental & Hazard Monitoring

• NASA FIRMS fire hotspots — 5,000+ thermal anomalies from NOAA-20 VIIRS (24h, color-coded by fire radiative power)
• Earthquakes — USGS 24h feed with magnitude-scaled markers
• Volcanoes — Smithsonian Global Volcanism Program Holocene volcanoes
• Weather alerts — Severe weather polygons with urgency/severity indicators
• Air quality — OpenAQ PM2.5 stations worldwide
• Space weather — Live NOAA geomagnetic storm indicator (Kp index, G1–G5 storm scale)

5. Infrastructure Monitoring

• Internet outages — Georgia Tech IODA regional connectivity alerts
• Data centers — 2,000+ global data centers with automatic outage cross-referencing
• Military bases — Global military installation database
• Power plants — 35,000+ facilities from WRI database

6. Satellite Imagery & Visual Modes

Imagery layers:

• NASA GIBS (MODIS Terra) — Daily true-color satellite imagery with 30-day time slider (~250m/pixel)
• Esri World Imagery — Sub-meter resolution (zoom 18+, see buildings)
• Sentinel Hub Process API — Copernicus CDSE with OAuth2 token flow
• VIIRS Nightlights — Night-time light change detection

5 visual modes (toggle via STYLE button):

1. DEFAULT — Dark CARTO basemap
2. SATELLITE — Sub-meter Esri World Imagery
3. FLIR — Thermal imaging aesthetic (inverted greyscale)
4. NVG — Night vision green phosphor
5. CRT — Retro terminal scanline overlay

7. SAR Ground-Change Detection (NEW in v0.9.7)

Synthetic Aperture Radar layer detects ground changes through cloud cover, at night, anywhere on Earth. Two modes:

Mode A (Catalog) — Free Sentinel-1 scene metadata from Alaska Satellite Facility. No account required. Shows when radar passes happened and when the next pass is coming.

Mode B (Full Anomalies) — Real-time ground-change alerts from:

• NASA OPERA — DISP (ground deformation), DSWx (surface water), DIST-ALERT (vegetation disturbance)
• Copernicus EGMS — European Ground Motion Service (mm-scale subsidence)

Anomaly types:

• 🟠 Ground deformation — mm-scale subsidence, landslides
• 🔵 Surface water change — flood extent, dam releases
• 🟢 Vegetation disturbance — deforestation, burn scars, blast craters
• 🔴 Damage assessments — UNOSAT/Copernicus EMS verified damage

AOI Editor — Define areas of interest directly from the map. Click-to-drop AOI centers, set radius (1–500 km), and category. AOIs appear on the map immediately with color-coded boundaries.

OpenClaw Integration — AI agents can inspect SAR anomaly details (sar_pin_click) and fly the operator's map to any AOI center (sar_focus_aoi) for collaborative analyst workflows.

The InfoNet: Decentralized Intelligence Mesh

InfoNet is the first decentralized intelligence communication layer built directly into an OSINT platform. No accounts, no signup, no identity required. v0.9.7 promotes InfoNet from a chat layer into a full governance economy with a clear path to a privacy-preserving decentralized intelligence platform.

Communication Layer

Three-tab Mesh Chat panel:

1. INFONET — Global obfuscated message relay. Gate personas, Ed25519 signing, transport obfuscation. Anyone running Shadowbroker can transmit and receive.

2. MESH — Meshtastic radio integration. Connect to mesh radio nodes, see nodes on the map, integrated into chat.

3. DEAD DROP — Peer-to-peer message exchange with token-based epoch mailboxes. Strongest current lane (SAS word contact verification, abuse reporting).

Gate Persona System — Pseudonymous identities with:

• Ed25519 signing keys
• X25519 Diffie-Hellman key exchange
• Prekey bundles
• SAS word contact verification
• Abuse reporting

Crypto Stack:

• Ed25519 signing
• X25519 Diffie-Hellman
• AESGCM encryption with HKDF key derivation
• Hash chain commitment system
• Double-ratchet DM scaffolding (in progress)

Mesh Terminal — Built-in CLI: send, dm, market commands, gate state inspection. Draggable panel, minimizes to top bar. Type help to see all commands.

Sovereign Shell — Governance Economy (NEW in v0.9.7)

Petitions + Governance DSL — On-chain parameter changes via signed petitions:

• UPDATE_PARAM, BATCH_UPDATE_PARAMS
• ENABLE_FEATURE, DISABLE_FEATURE
• Tunable knobs change by vote—no code deploys required

Upgrade-Hash Governance — Protocol upgrades vote on SHA-256 hash of verified release:

• 80% supermajority
• 40% quorum
• 67% Heavy-Node activation
• Lifecycle: signatures → voting → challenge window → awaiting readiness → activated

Resolution & Dispute Markets:

• Stake on market resolution outcomes (yes / no / data_unavailable)
• Open disputes with bonded evidence
• Stake on dispute confirm-or-reverse

Heavy-Node-One-Vote — First 100 markets resolve via one-vote-per-eligible-node (not stake-weighted):

• Eligibility: identity age ≥ 3 days, valid Argon2id PoW (Heavy-Node-only)
• Transitions to staked resolution at 1,000 nodes

⚠️ Experimental Testnet — No Privacy Guarantee

InfoNet messages are obfuscated but NOT end-to-end encrypted. Meshtastic/APRS is public by design. Dead Drop DMs are the strongest current lane, but Shadowbroker explicitly warns:

Do not transmit anything sensitive on any channel. Treat all lanes as open and public for now.

Privacy primitives (RingCT, stealth addresses, DEX) are locked Protocol contracts in place, but the cryptographic scheme has not been chosen yet. E2E encryption is the next major milestone.

AI Agent Command Channel: OpenClaw + Compatible Agents

Shadowbroker exposes a bidirectional agentic AI command channel—a signed, tier-gated bridge that gives any compatible AI agent full read/write access to the intelligence platform.

OpenClaw is the reference agent, but the channel is an open protocol: any LLM-driven agent that signs requests with HMAC-SHA256 (Claude Code, GPT, LangChain, custom Python/TypeScript clients) can connect.

Channel Architecture (v0.9.7)

Single Command Channel — POST /api/ai/channel/command accepts {cmd, args} and dispatches to any registered tool.

Batched Concurrent Execution — POST /api/ai/channel/batch accepts up to 20 commands in one request. Backend runs them concurrently and returns a fan-out result map. Cuts agent latency by an order of magnitude over sequential calls.

Tier-Gated Access — OPENCLAW_ACCESS_TIER controls which commands the agent can call:

• restricted — Read-only (query layers, inspect pins)
• full — Read + write + injection (place pins, control map, push custom data)

HMAC-SHA256 Signing — Every command is signed:

HMAC-SHA256(secret, METHOD|path|timestamp|nonce|sha256(body))

Timestamp + nonce replay protection, request integrity validation.

Agent Capabilities

Full Telemetry Access — Query all 35+ data layers:

• Flights, ships, satellites, SIGINT, conflict events, earthquakes, fires, wastewater, prediction markets

AI Intel Pins — Place color-coded investigation markers on the map:

• 14 categories (threat, anomaly, military, maritime, aviation, SIGINT, infrastructure)
• Confidence scores, TTL expiry, source URLs
• Batch placement up to 100 pins at once

Map Control:

• Fly the operator's map to any coordinate
• Trigger satellite imagery lookups
• Open region dossiers

SAR Ground-Change:

• Query SAR anomaly feeds
• Inspect pin details
• Manage AOIs
• Fly map to watch areas

Native Layer Injection — Push custom data directly into Shadowbroker's native layers:

• CCTV cameras, ships, SIGINT nodes, military bases
• Agent-discovered sources render alongside real feeds

Wormhole Mesh Participation — The agent can:

• Join decentralized InfoNet
• Post signed messages
• Join encrypted gate channels
• Send/receive encrypted DMs
• Interact with Meshtastic radio and Dead Drops
• Operate as a full mesh peer

Sovereign Shell Participation (v0.9.7):

• File petitions
• Sign and vote on governance changes
• Stake on resolutions and disputes
• Signal Heavy-Node readiness for upgrades

Alert Delivery — Send intelligence briefs to Discord webhooks and Telegram channels.

Intelligence Reports — Generate structured reports with summary stats, top military flights, correlations, earthquake activity, SIGINT counts.

How to Connect an Agent

1. Open the AI Intel panel in left sidebar
2. Click Connect Agent → copy HMAC secret
3. For OpenClaw: Import ShadowBrokerClient from OpenClaw skill package
4. For any other agent: Use HMAC contract (timestamp + nonce + body digest, tier-gated)

The channel is the protocol, not the agent. Any agent that speaks HMAC can connect.

Time Machine: Snapshot Playback (NEW in v0.9.7)

A media-style transport for the entire telemetry feed. Treat the live map as a recording that can be scrubbed, paused, and replayed.

Features:

• Live ↔ Snapshot Toggle — Pause global polling instantly; switching to Live invalidates ETags and force-refreshes
• Hourly Index — Every snapshot indexed by hour bucket with count, latest_id, latest_ts, full snapshot_ids list
• Frame Interpolation — Moving entities (aircraft, ships, satellites) interpolate smoothly between recorded frames
• Variable Playback Speed — Step, play, fast-forward, rewind at adjustable speed
• Profile-Aware — Each snapshot records the privacy profile active when captured

Operator-side, not server-side — Snapshots stored locally in backend; no third party sees playback timeline.

Technical Architecture

Shadowbroker v0.9.7 is composed of three vertically-stacked planes:

1. Operator UI (Next.js + MapLibre GL)

• MaplibreViewer.tsx — Core map with all GeoJSON layers
• MeshChat.tsx — InfoNet / Mesh / Dead Drop chat panel
• MeshTerminal.tsx — Draggable CLI terminal
• WorldviewLeftPanel.tsx — 35+ data layer toggles
• AdvancedFilterModal.tsx — Airport/country/owner filtering
• SettingsPanel.tsx — API Keys, News Feeds, Shodan config

2. Backend Service Plane (FastAPI + Python)

• Data Fetcher — APScheduler with fast/slow tiers
• 60+ OSINT sources — OpenSky, adsb.lol, CelesTrak, USGS, AIS, GDELT, NASA FIRMS, etc.
• Snapshot Store — Time Machine source with hourly index
• Agentic AI Channel — HMAC-signed command dispatcher with tier-gated access

3. Decentralized Layer (InfoNet Testnet)

• Wormhole Relay — Transport layer with gate personas, canonical signing
• Sovereign Shell — Governance DSL, upgrade-hash voting, resolution/dispute markets
• Privacy Core — Rust crate with locked Protocol contracts for future ring sigs, stealth addresses

Performance Optimizations

Massive real-time dataset handling:

• Gzip compression — 92% reduction (11.6 MB → 915 KB)
• ETag caching — 304 Not Modified skips JSON parsing
• Viewport culling — Only render features in visible bounds (+20% buffer)
• Imperative map updates — High-volume layers bypass React reconciliation
• Clustered rendering — Ships, CCTV, earthquakes cluster at low zoom
• Debounced viewport updates — 300ms debounce prevents GeoJSON rebuild thrash
• Position interpolation — Smooth 10s tick animation between refreshes

Getting Started: 3 Ways to Run Shadowbroker

Option 1: Docker (Recommended — Fastest)

git clone https://github.com/BigBodyCobain/Shadowbroker.git
cd Shadowbroker
docker compose pull
docker compose up -d

Open http://localhost:3000 to view the dashboard.

Requires: Docker Desktop or Docker Engine

Port already in use? Set BACKEND_PORT=8001 in .env:

echo "BACKEND_PORT=8001" >> .env
docker compose up -d

Option 2: Pre-Built Quick Start (No Terminal)

1. Go to Releases
2. Download latest .zip file
3. Extract folder
4. Windows: Double-click start.bat Mac/Linux: Run chmod +x start.sh && ./start.sh

Automatically installs dependencies and launches dashboard.

Option 3: Developer Setup (Modify Code)

Prerequisites:

• Node.js 18+ — nodejs.org
• Python 3.10, 3.11, or 3.12 — python.org

# Clone repository
git clone https://github.com/BigBodyCobain/Shadowbroker.git
cd Shadowbroker

# Backend setup
cd backend
python -m venv venv
source venv/bin/activate  # Windows: venv\Scripts\activate
pip install .

# Create .env with API keys
echo "OPENSKY_CLIENT_ID=your_id" >> .env
echo "OPENSKY_CLIENT_SECRET=your_secret" >> .env
echo "AIS_API_KEY=your_key" >> .env

# Frontend setup
cd ../frontend
npm ci

# Run (from frontend directory — starts both servers)
npm run dev

Opens:

• Frontend: http://localhost:3000
• Backend API: http://localhost:8000

API Keys: What You Need

Required (as of v0.9.7)

OpenSky Network OAuth2 — Global flight coverage:

• Free registration: opensky-network.org
• Set: OPENSKY_CLIENT_ID + OPENSKY_CLIENT_SECRET
• Without it: Flights layer has significant gaps in Africa, Asia, Latin America

Highly Recommended

AIS Stream — Ship tracking (25,000+ vessels):

• Free at aisstream.io
• Set: AIS_API_KEY
• Without it: Ships layer is empty

Optional (Enhances Features)

• Shodan — Internet device search overlay: shodan.io
• LTA Singapore — Singapore CCTV cameras: lta.gov.sg
• Sentinel Hub — Copernicus satellite imagery: sentinel-hub.com
• NASA Earthdata — SAR ground-change Mode B: urs.earthdata.nasa.gov
• Copernicus Data Space — EGMS + EMS damage assessments: dataspace.copernicus.eu

Use Cases: What Can You Do With Shadowbroker?

1. Track High-Value Targets

Air Force One — Presidential/Vice Presidential aircraft highlighted from takeoff.

Private jets — Track billionaire movements (Elon Musk, Jeff Bezos, oligarchs) with owner identification.

Superyachts — Follow billionaire vessels worldwide.

Military tankers — Infer operations by tracking aerial refueling aircraft.

2. Open-Source Investigations

Conflict monitoring — Combine GDELT incidents + Ukraine frontline + air alerts + satellite imagery for comprehensive situational awareness.

Ground-change detection — Use SAR to detect:

• Pre-earthquake ground deformation
• Flood extent after dam releases
• Deforestation or burn scars
• Blast craters or damage in conflict zones

Infrastructure analysis — Cross-reference military bases + power plants + data centers + internet outages for operational insights.

3. AI-Assisted Analysis

Connect an AI agent (OpenClaw, Claude, GPT, custom):

• Query all 35+ layers concurrently
• Place investigation pins on anomalies
• Fly map to coordinates of interest
• Generate intelligence reports
• Participate in InfoNet governance

Example workflow:

1. Agent detects SAR ground deformation anomaly near military base
2. Cross-references with recent GDELT conflict events
3. Places "threat" pin with confidence score
4. Flies operator's map to location
5. Sends alert to Discord webhook

4. Radio Intercept & SIGINT

Tune live SDR — Click any KiwiSDR node to listen to shortwave radio directly in dashboard.

Police scanner scan mode — Cycle through active emergency communications feeds automatically.

Meshtastic mesh participation — Join global mesh radio network, send/receive messages, see nodes on map.

GPS jamming detection — Identify interference zones from aircraft NAC-P degradation.

5. Satellite Imagery Intelligence

Right-click anywhere → Latest Sentinel-2 photo (10m resolution, capture date, cloud cover).

MODIS Terra time slider — Scrub through 30 days of daily satellite imagery with play/pause animation.

Visual mode switching — DEFAULT → SATELLITE → FLIR → NVG → CRT for different analysis contexts.

6. Environmental Monitoring

Wildfire tracking — NASA FIRMS 5,000+ thermal anomalies color-coded by intensity.

Earthquake alerts — USGS 24h feed with magnitude-scaled markers.

Volcanic activity — Holocene volcanoes worldwide from Smithsonian GVP.

Air quality — OpenAQ PM2.5 stations with real-time readings.

Security & Privacy Considerations

What Shadowbroker Is

• OSINT aggregator — Combines only publicly available data
• Self-hosted — Runs entirely on your hardware
• No telemetry — Zero user tracking, no data collected
• Open-source — Audit exactly what it does (AGPL-3.0)

What Shadowbroker Is NOT

• Not a hacking tool — No exploitation, no intrusion, no classified data access
• Not a private messenger — InfoNet is experimental, NOT E2E encrypted yet
• Not a surveillance system — Aggregates existing public data, doesn't create new capabilities

InfoNet Privacy Warning

From the official README:

Channel Privacy Status:

• Meshtastic / APRS: PUBLIC (radio transmissions interceptable)
• InfoNet Gate Chat: OBFUSCATED (NOT E2E encrypted)
• Dead Drop DMs: STRONGEST CURRENT LANE (token-based epoch mailbox with SAS verification)
• Sovereign Shell governance: PUBLIC LEDGER (pseudonymous via gate persona)
• Privacy primitives: NOT YET WIRED (locked Protocol contracts in place, scheme not chosen)

Do not transmit anything sensitive on any channel. Treat all lanes as open and public for now.

E2E encryption and Tauri desktop hardening are the next major milestones.

Privacy-Core Rust Crate

Shadowbroker includes a privacy-core Rust crate with locked Protocol contracts for:

• Ring signatures
• Stealth addresses
• Pedersen commitments
• Bulletproofs
• Blind-signature issuance (RSA / BBS+ / U-Prove / Idemix)

When a cryptographic scheme is chosen (Sprint 11+), primitives wire into locked Protocols without API churn.

Legal & Ethical Considerations

Is This Legal?

Yes, with caveats:

1. OSINT is legal — Shadowbroker aggregates publicly broadcast signals (ADS-B, AIS, TLE) and public APIs. No classified data, no intrusion.

2. API Terms of Service — You must comply with each provider's ToS:

   • OpenSky Network, aisstream.io, Shodan, etc.
   • Some prohibit commercial use or redistribution

3. Jurisdiction matters — Laws vary by country:

   • Some nations restrict access to certain OSINT sources
   • Export controls may apply to SIGINT/crypto features

4. No harassment/stalking — Using Shadowbroker to track individuals for harassment violates most jurisdictions' laws.

Ethical Use

Shadowbroker is built for:

• ✅ Journalism (investigative reporting, conflict coverage)
• ✅ Academic research (geopolitics, environmental monitoring)
• ✅ Open-source intelligence analysis (OSINT community)
• ✅ Radio hobbyists (SDR, mesh networks)
• ✅ Disaster response (earthquake, fire, flood monitoring)

Shadowbroker is NOT for:

• ❌ Stalking or harassment
• ❌ Malicious use (targeting individuals)
• ❌ Circumventing laws or regulations
• ❌ Unauthorized surveillance

From the official disclaimer:

This tool is built entirely on publicly available, open-source intelligence (OSINT) data. No classified, restricted, or non-public data is used. Carrier positions are estimates based on public reporting. The military-themed UI is purely aesthetic.

Comparison: Shadowbroker vs. Existing Tools

Unique to Shadowbroker:

• ✅ All-in-one platform (no context switching)
• ✅ AI agent co-analyst (autonomous analysis)
• ✅ Decentralized intelligence mesh (InfoNet)
• ✅ Sovereign Shell governance (on-chain parameter changes)
• ✅ SAR ground-change detection (through cloud cover)
• ✅ Time Machine playback (scrub through history)

Community & Contributors

Shadowbroker is built in the open with 19 contributors shipping real code:

Major contributions:

• @Alienmajik — Raspberry Pi 5 support (ARM64 packaging, headless deployment)
• @wa1id — CCTV ingestion fix (threaded SQLite, persistent DB)
• @AlborzNazari — Spain DGT + Madrid CCTV sources, STIX 2.1 threat intel export
• @adust09 — Power plants layer, East Asia intel coverage (JSDF bases, Taiwan news)
• @chr0n1x — Kubernetes/Helm chart architecture for HA deployments
• @csysp — Dismissible threat alerts + stable entity IDs
• @suranyami — Parallel multi-arch Docker builds (11min → 3min)

Tech stack:

• Frontend: TypeScript (34.6%), Next.js, MapLibre GL
• Backend: Python (61.0%), FastAPI, APScheduler
• Privacy: Rust (2.4%), privacy-core crate
• Infra: Docker, Kubernetes, Helm

GitHub stats:

• ⭐ 6.7k stars
• 🍴 1.1k forks
• 👥 19 contributors
• 📦 14 releases (latest: v0.9.79)

Roadmap: What's Next for Shadowbroker?

Sprint 11+ (Privacy-First)

End-to-End Encryption — Wire privacy primitives into InfoNet:

• Choose cryptographic scheme (RSA blind sigs / BBS+ / U-Prove / Idemix)
• Ring signatures for anonymous sender
• Stealth addresses for anonymous receiver
• Pedersen commitments + range proofs
• DEX matching for privacy-preserving governance

Tauri Desktop Hardening — Package as native desktop app:

• Eliminate browser process attack surface
• Hardware security module (HSM) integration
• Secure enclave key storage

Function Keys — Anonymous Citizenship Proof:

• 5 of 6 pieces shipped (nullifiers, challenge-response, two-phase commit)
• Remaining: Issuance via blind signatures

v0.10.0 (Governance Maturity)

Staked Resolution Transition — Move from eligible-node-1-vote to stake-weighted resolution at 1,000 nodes.

Constitutional Invariants — Enforce immutable rules via MappingProxyType:

• Minimum voting periods
• Maximum stake concentration
• Emergency brake conditions

Cross-Chain Bridges — Connect InfoNet governance to external blockchains for DeFi liquidity.

Future Milestones

Mobile App — iOS/Android via React Native or Flutter.

3D Visualization — CesiumJS for terrain-relative rendering.

Historical Playback — Expand Time Machine to weeks/months of telemetry.

ML Anomaly Detection — Train models on telemetry streams to auto-flag unusual patterns.

Federation — Multiple Shadowbroker instances share telemetry peer-to-peer.

Frequently Asked Questions

Can I use Shadowbroker for commercial purposes?

It depends. Shadowbroker itself is AGPL-3.0 (open-source), but individual data sources have varying licenses:

• Some APIs (OpenSky, aisstream.io) prohibit commercial use
• CCTV feeds are public but may have usage restrictions
• Shodan requires paid API plan for commercial use

Check each API provider's ToS before commercial deployment.

Will Shadowbroker work on Raspberry Pi?

Yes! Shadowbroker supports ARM64 (linux/arm64):

• Raspberry Pi 5 confirmed working (contributed by @Alienmajik)
• Requires 4GB+ RAM (backend memory limit configurable via BACKEND_MEMORY_LIMIT)
• Expect slower layer repopulation times on slower layers

Can I deploy Shadowbroker publicly (not just localhost)?

Yes. Set BACKEND_URL to your server's address:

# Via environment variable
BACKEND_URL=http://myserver.com:9096 docker compose up -d

# Or in .env file
echo "BACKEND_URL=http://192.168.1.50:9096" >> .env
docker compose up -d

For HTTPS/public internet deployments:

• Use a reverse proxy (Nginx, Traefik, Caddy)
• Configure SSL certificates (Let's Encrypt)
• Set CORS_ORIGINS in backend .env if needed

How much does it cost to run Shadowbroker?

Zero dollars for the software (open-source), but API costs vary:

Free APIs (required/recommended):

• ✅ OpenSky Network — Free OAuth2 registration
• ✅ AIS Stream — Free API key
• ✅ Most OSINT sources — Free public APIs

Paid APIs (optional):

• Shodan — $59/month (device search)
• Singapore LTA — Free government API (just registration)
• Sentinel Hub — Free tier (500 requests/month), then paid

Infrastructure:

• Self-hosted — Only your electricity costs
• Cloud VM — $5–20/month (DigitalOcean, Linode, Hetzner)
• Kubernetes — Variable (depends on cluster)

Is the InfoNet safe to use?

Not yet for sensitive communications. From the official warning:

InfoNet is an experimental testnet with obfuscated messaging but NOT end-to-end encrypted. Do not transmit anything sensitive on any channel. Treat all lanes as open and public for now.

Current status:

• ✅ Obfuscation — Gate personas hide real identities
• ✅ Canonical signing — Messages are authenticated
• ✅ SAS verification — Contact verification in Dead Drops
• ❌ E2E encryption — Not yet implemented
• ❌ Metadata protection — Not yet implemented

Use InfoNet for:

• ✅ Testing mesh protocols
• ✅ Coordinating open-source investigations
• ✅ Learning decentralized governance

Do NOT use InfoNet for:

• ❌ Whistleblowing
• ❌ Operational security
• ❌ Classified information
• ❌ Anything requiring privacy guarantees

Conclusion: Intelligence for Everyone

Shadowbroker represents a paradigm shift in open-source intelligence: instead of intelligence being the domain of governments and corporations with massive budgets, anyone can run a global intelligence platform on their laptop.

What makes Shadowbroker unique:

1. All-in-one aggregation — 60+ OSINT feeds, one map, zero context switching
2. AI agent co-analyst — Let AI analyze alongside you with full read/write access
3. Decentralized mesh — First OSINT tool with built-in encrypted P2P communication
4. SAR ground-change — Detect anomalies through cloud cover with NASA/Copernicus data
5. Time Machine — Scrub through telemetry history like a video recording
6. Governance economy — On-chain parameter voting, upgrade-hash validation, dispute markets
7. Fully open-source — Audit every line (AGPL-3.0), no black boxes
8. Self-hosted — No cloud dependencies, no telemetry, no user tracking

The vision: A world where intelligence is democratized—where journalists, researchers, activists, and curious citizens have the same situational awareness tools as government agencies. Where AI agents can participate as first-class analysts. Where intelligence networks are decentralized, governed by participants, and privacy-preserving by default.

Shadowbroker v0.9.7 is a major step toward that vision. The platform is production-ready for OSINT analysis today, with a clear roadmap to privacy-first decentralized intelligence in upcoming releases.

Get started:

git clone https://github.com/BigBodyCobain/Shadowbroker.git
cd Shadowbroker
docker compose pull
docker compose up -d

Open http://localhost:3000 and see the world differently.

Read next: What Are Agent Skills? Complete Guide · OpenClaw AI Agent Architecture · Claude Code Ultrareview: Cloud Bug Hunt

Shadowbroker aggregates publicly available OSINT data. Users are responsible for complying with API providers' terms of service and applicable laws in their jurisdiction. This article is for educational purposes.