🛡️ Production-grade SIGINT forensics and wireless network analysis platform. Real-time threat detection, geospatial correlation via PostGIS, and interactive analysis dashboards.
- React/Vite front-end is being introduced (
src/routes like/geospatial-intel,/analytics,/ml-training,/api-test), backed by new PostGIS materialized views for fast explorer pages. - Legacy HTML/JS under
public/stays in place (and is still served) until the React refactor reaches full feature parity—do not remove legacy assets yet. - Backend serves both: Express APIs at
/api/*plus React build assets (dist/) once built; legacy pages remain accessible under their existing paths. - ETL pipeline lives in
etl/with modular load/transform/promote steps feeding the explorer views; staging tables remain UNLOGGED for ingestion speed.
- Dashboard: Real-time network environment overview with threat indicators
- Geospatial Analysis: Interactive Mapbox visualization with spatial correlation
- Network Analysis: Deep dive into individual network characteristics and behavior patterns
- Threat Detection: ML-powered identification of surveillance devices and anomalies
- Analytics: Advanced charts and graphs for network pattern analysis
- Address Enrichment: Multi-API venue and business identification (4 sources)
- Device Classification: Automatic identification of device types and behavioral profiling
- Trilateration: AP location calculation from multiple observations
Backend: Node.js/Express REST API with PostgreSQL + PostGIS
Frontend: React + Vite (new explorers and dashboards) and legacy HTML/JS (Mapbox/Chart.js) until parity is reached
Database: PostgreSQL 18 with PostGIS extension (566,400+ location records, 173,326+ unique networks)
- Node.js 20+
- PostgreSQL 18+ with PostGIS
git clone https://github.com/your-username/shadowcheck-static.git
cd shadowcheck-static
npm installCreate PostgreSQL database with PostGIS:
CREATE ROLE shadowcheck WITH LOGIN PASSWORD 'your_password';
CREATE DATABASE shadowcheck OWNER shadowcheck;
\c shadowcheck
CREATE EXTENSION postgis;Create .env in project root (or load secrets via keyring):
DB_USER=shadowcheck
DB_HOST=localhost
DB_NAME=shadowcheck
DB_PASSWORD=your_password
DB_PORT=5432
PORT=3001
See .env.example for all options.
psql -U shadowcheck -d shadowcheck -f sql/functions/create_scoring_function.sql
psql -U shadowcheck -d shadowcheck -f sql/functions/fix_kismet_functions.sql
psql -U shadowcheck -d shadowcheck -f sql/migrations/migrate_network_tags_v2.sql
psql -U shadowcheck -d shadowcheck -f sql/migrations/README.md # see migration order guidancenpm startServer runs on http://localhost:3001
- Dashboard (React):
/and/dashboard - Geospatial Intelligence (React):
/geospatialor/geospatial-intel - Analytics (React):
/analytics - API Test (React):
/api-test - ML Training (React):
/ml-training - Legacy HTML (kept until parity):
/geospatial.html,/networks.html,/analytics.html,/surveillance.html,/kepler-test.html
GET /api/networks- All networksGET /api/threats/quick- Quick threat detectionGET /api/analytics/*- Analytics dataGET /api/networks/observations/:bssid- Network observations
See server.js for full endpoint documentation.
ShadowCheck includes multi-algorithm threat detection with model training and hyperparameter optimization.
POST /api/ml/train
Trains logistic regression model on all tagged networks in database.
Request:
curl -X POST http://localhost:3001/api/ml/trainResponse:
{
"ok": true,
"model": {
"type": "logistic_regression",
"accuracy": 0.92,
"precision": 0.88,
"recall": 0.95,
"f1": 0.91,
"rocAuc": 0.94
},
"trainingData": {
"totalNetworks": 45,
"threats": 18,
"falsePositives": 27
},
"message": "Model trained successfully"
}Errors:
400: Fewer than 10 tagged networks (minimum required)503: ML model module unavailable
GET /api/ml/status
Check model training status and tag statistics.
Test multiple algorithms with grid search and cross-validation:
pip install -r scripts/ml/requirements.txt
python3 scripts/ml/ml-iterate.pyTests Logistic Regression, Random Forest, and Gradient Boosting with hyperparameter tuning.
- Observation count (network detections)
- Unique days seen
- Geographic distribution (location clustering)
- Signal strength (RSSI max)
- Distance range from home location
- Behavioral flags (seen at home vs. away)
shadowcheck-static/
├── src/
│ ├── api/ # 🔧 Backend API routes
│ ├── services/ # 🔧 Backend business logic
│ ├── repositories/ # 🔧 Backend data access
│ ├── components/ # ⚛️ Frontend React components
│ ├── App.tsx # ⚛️ Frontend React app
│ └── main.tsx # ⚛️ Frontend entry point
├── server.js # 🔧 Backend Express server
├── index.html # ⚛️ Frontend HTML template
├── vite.config.js # ⚛️ Frontend build config
├── public/ # Static assets
├── scripts/ # Utility scripts
│ ├── import/ # Data import utilities
│ ├── enrichment/ # Address enrichment
│ └── ml/ # ML utilities
├── sql/ # Database
│ ├── migrations/ # Schema migrations
│ └── functions/ # SQL functions
├── tests/ # Jest tests
├── docs/ # Documentation
└── docker-compose.yml # Docker configuration
📖 See docs/architecture/project-structure.md for detailed frontend/backend organization.
Also see docs/DIRECTORY_STRUCTURE.md for complete details.
Run dev server:
npm run devRun tests:
npm testKey environment variables (see .env.example):
DB_*- PostgreSQL connectionPORT- Server port (default: 3001)NODE_ENV- development or production
- Use strong database credentials in production
- Enable HTTPS/TLS at reverse proxy layer
- Restrict API access via rate limiting (already enabled)
- See
SECURITY.mdfor detailed security guidelines
Additional documentation is available in the docs directory. See docs/INDEX.md for navigation.
See CONTRIBUTING.md for code standards and workflow.
See CODE_OF_CONDUCT.md.
MIT. See LICENSE for details.