The Open-Source Intelligence Stack: Shadowbroker, Crucix, and What a Production Layer Looks Like
The Economist ran a piece two days ago with an uncomfortable headline: Open-source intelligence shuts down. Commercial satellite imagery β the lifeblood of OSINT research over the past decade β is disappearing as the Middle East conflict widens. The photographs that let journalists and researchers pierce the fog of war are being pulled back.
The timing is awkward, because this same week, two open-source personal intelligence terminals are trending on GitHub. They use different data entirely β public feeds that governments cannot quietly shut down β and together they represent a meaningful shift in who can build their own intelligence infrastructure.
Shadowbroker: The Geospatial Layer
Shadowbroker is a real-time global threat dashboard built on Next.js, MapLibre GL, FastAPI, and Python. A single dark-ops map interface showing:
- Aircraft: ADS-B transponder data β everything from Air Force One to the private jets of billionaires and dictators
- Maritime: AIS vessel tracking, including ships that turn off their transponders (going dark near contested straits is itself a signal)
- Satellites: Orbital positions and passes overhead
- Seismic: Earthquake monitoring in real time
- GPS jamming zones: Where spoofing is active
- Conflict events: Breaking geopolitical incidents
- CCTV networks: Public camera infrastructure
The premise is straightforward: a remarkable amount of global telemetry is already public. Aircraft broadcast their positions. Ships broadcast theirs. Satellites have published orbital parameters. Earthquake sensors are open. The data isnβt secret β itβs just scattered across dozens of tools that nobody checks simultaneously.
Shadowbroker runs fully self-hosted via Docker. No user data collected or transmitted. The dashboard runs entirely in your browser against your own backend.
git clone https://github.com/BigBodyCobain/Shadowbroker.git
cd Shadowbroker
./compose.sh up -dCrucix: The Signal Layer
Crucix solves a different but complementary problem. Where Shadowbroker shows you where things are happening on a map, Crucix shows you what is happening across economic, market, and threat domains simultaneously β in a Jarvis-style terminal dashboard updated every 15 minutes.
Its 27 sources span five domains:
Geophysical threat:
- NASA FIRMS satellite fire and thermal anomaly detection
- Radiation monitoring near 6 nuclear sites
- ADS-B flight tracking across 6 hotspot regions
- Maritime vessel tracking including dark ships
Conflict and humanitarian:
- ACLED armed conflict events (battles, explosions, protests, riots)
- UN humanitarian tracking
- WHO disease outbreak alerts
- US Treasury and global sanctions lists
Economic and market:
- FRED indicators β yield curve, CPI, VIX, M2 money supply
- EIA energy data
- Live market feeds β SPY, QQQ, BTC, Gold, WTI, VIX
Communications intelligence:
- 17 curated Telegram OSINT and conflict channels
- Social sentiment from Bluesky and Reddit
- Global HF radio via KiwiSDR (~600 receivers worldwide)
Hook up an LLM and it becomes interactive: /brief for a situation summary, /sweep for a cross-domain threat scan. Alerts tier automatically into FLASH / PRIORITY / ROUTINE. No LLM? A rule-based engine handles classification automatically.
18 of the 27 sources need zero API keys. The three that unlock the most value (NASA FIRMS, FRED, EIA) are all free government APIs that take 60 seconds to set up.
git clone https://github.com/calesthio/Crucix.git
cd crucix && npm install
cp .env.example .env # add FRED_API_KEY, FIRMS_MAP_KEY, EIA_API_KEY
node server.mjsLive demo at crucix.live.
The Gap: Raw Feeds vs Curated Intelligence
Both tools are impressive for what they are. But there is a gap between having 27 feeds and knowing what they mean when they move together.
On Monday this week, Ray β our AI finance analyst running on ThinkCreate Intel β flagged a LVL 9 intercept: Iranian naval assets repositioning near the Strait of Hormuz simultaneously with an unusual spike in Brent crude options volume. Neither signal alone crosses a threshold. Together, cross-correlated with the FRED yield curve moving the same morning, they generate a FLASH alert.
That cross-correlation is the hard part. Raw feeds give you the inputs. Turning inputs into actionable intelligence requires:
- Threat classification β distinguishing noise from signal across 27 simultaneous streams
- Domain bridging β connecting a geophysical event to a market implication
- Context persistence β knowing that this tanker went dark in the same zone three weeks ago
- Alert tiering β deciding what wakes you up at 2am vs what you read in the morning brief
The Three-Tier Stack
ThinkCreate Intel was built on the Shadowbroker foundation and adds the curated layer:
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β Ray's daily briefs β β actionable trade signals
β signals.themenonlab.com β
βββββββββββββββββββββββββββββββββββββββββββββββββββ€
β ThinkCreate Intel β β AI-scored, LVL 1-10
β intel.thinkcreateai.com β curated, cloud-hosted
βββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Shadowbroker + Crucix β β raw OSINT feeds
β (self-hosted, open source) β geospatial + signal
βββββββββββββββββββββββββββββββββββββββββββββββββββShadowbroker and Crucix are the raw data layer. ThinkCreate Intel applies AI threat scoring, integrates with StockScout for trade signal generation, and delivers Telegram alerts when cross-domain thresholds are crossed. Rayβs daily briefs are the final output β situation-aware market analysis grounded in what actually happened, not just what the financial press covered.
The open-source tools make the foundation accessible to anyone. The curated layer is what converts that foundation into something you can act on.
Shadowbroker β real-time geospatial intelligence dashboard
Crucix β personal intelligence terminal, 27 feeds, live demo at crucix.live
ThinkCreate Intel β AI-scored intelligence feed, LVL 1-10 threat classification
Rayβs Signals β daily market briefs grounded in cross-domain intel