Osiris has appeared on GitHub as an open-source platform for real-time global intelligence, gathering aviation, public cameras, earthquakes, fires, news, satellites, conflict zones, cyber threats, sanctions, cryptocurrencies, and reconnaissance tools all in one web panel. Its repository presents it as an open alternative to Palantir, a strong comparison that helps understand the project’s ambition—though it’s wise to read it with caution.
The tool, published by Souleimen Mrad under the MIT license, is built with Next.js 16, TypeScript, and MapLibre GL JS. Its interface uses WebGL to render thousands of entities simultaneously on a map with smooth performance. The visual aspect is striking, but the real interest lies in another layer: its ability to orchestrate heterogeneous public sources and turn them into an operational view of what’s happening in the world, almost in real-time.
An OSINT dashboard with many layers of intelligence
Osiris is based on a well-known idea in open-source intelligence: relevant data is already out there, but scattered across APIs, feeds, public portals, cameras, lists, databases, weather services, vulnerability records, and information channels. The challenge isn’t just accessing them, but integrating, filtering, normalizing, and presenting them in a useful way.
The project aggregates aviation data via OpenSky Network, public traffic cameras from networks like TfL, WSDOT, Caltrans, NYC DOT, or VicRoads, real-time earthquakes from USGS, active fires from NASA FIRMS, weather events from NASA EONET, space data from NOAA SWPC and N2YO, vulnerabilities from NVD, sanctions via OpenSanctions, BTC and ETH wallet tracing with blockstream.info and Blockscout, and public Telegram posts geotagged from open channels’ web views.
It also includes a real-time news network with over 25 signals 24/7 from international media, and a layer of conflict zones with severity markers. Practically, Osiris aims to condense signals that typically require multiple tools, tabs, and workflows into a single screen.
| Layer | Function in Osiris |
|---|---|
| Aviation | Monitoring commercial, private, military flights, and jets |
| CCTV | Public traffic and transport cameras |
| Earthquakes | Real-time M2.5+ alerts |
| Fires | Active hotspots via NASA FIRMS |
| News | 24/7 signals from global broadcasters |
| Satellites & Space | Solar weather and orbital tracking |
| Cybersecurity | CVE, scanner, DNS, WHOIS, SSL, and IP intelligence |
| Telegram OSINT | Geoparsing public posts |
| Crypto | BTC/ETH tracing and sanctions cross-referencing |
| Sanctions | Searching in lists of individuals, organizations, ships, and aircraft |
The sensitive part: browser-based RECON tools
The most delicate aspect for a technology and security-focused media is the RECON toolkit. Osiris includes TCP port scanning with service fingerprinting, comprehensive DNS queries, WHOIS, SSL/TLS certificate inspection, IP intelligence, CVE searches, crypto wallet tracing, and checks against sanctions lists.
These functions are useful in defensive contexts, OSINT investigations, authorized audits, investigative journalism, or incident analysis. But they also turn Osiris into a dual-use tool. A port scanner, an IP reputation query, or vulnerability searches can help protect assets but may also be used to profile third-party systems if employed without authorization.
It’s important to clarify: open source status does not automatically make any use legitimate. Offensive security, network reconnaissance, and OSINT analysis have legal, contractual, and ethical boundaries. In the hands of a defense team, Osiris can serve as an analysis hub; misused, it may facilitate invasive practices or violate terms of service of the sources queried.
The technical design reflects this separation: according to the repository, Osiris functions partially without API keys because many layers use public, unauthenticated sources. However, the RECON toolkit requires configuration of SCANNER_URL and SCANNER_KEY; if not set, it returns a 503 error. This separation can limit certain uses in basic setups but does not replace the need for access controls and secure deployment policies.
Browser as command center—with inherent risks
Osiris can be run locally via npm, Docker Compose, or using a prebuilt image from GHCR. The image is published as a standalone build on Node 22 Alpine, running non-root, with support for CasaOS. Ease of deployment makes it attractive for labs, analysts, and technical teams but also carries responsibilities.
Any tool that adds OSINT sources, network scanning, and operational dashboards must be deployed carefully. It shouldn’t be exposed directly online without authentication, reverse proxies, HTTPS, access limits, and log reviews. Protecting API keys, reviewing environment variables, controlling user access for RECON modules, and isolating the scanning backend in shared environments are also recommended.
Performance optimization is also crucial. Osiris reports a 75% reduction in edge requests compared to initial versions, relaxing polling on stable data and loading layers on demand. These decisions are necessary to prevent API overloads, unnecessary costs, or blockages due to usage limits.
From an operational security perspective, this efficiency is also a double-edged sword. Poorly designed OSINT dashboards can generate noise, false correlations, and alert overload. Intelligence is about distinguishing signals worth attention, not just accumulating points on a map. The interface aids this goal, but human judgment remains essential.
Democratized OSINT, but not trivial
The Palantir comparison functions as a headline but needs context. Palantir offers enterprise platforms with data governance, internal connectors, granular permissions, auditing, integration with corporate systems, support, and complex deployments. Osiris is an open-source project demonstrating part of this logic using public sources and modern web architecture.
That doesn’t diminish its merit. On the contrary, it shows that access to operational intelligence tools is becoming democratized. What once required enormous budgets, private integrations, and long-term contracts can now start as prototypes with open APIs, WebGL, TypeScript, Docker, and solid data structuring.
For cybersecurity teams, Osiris can be valuable as an OSINT lab, situational panel, threat analysis supplement, global event monitor, or architecture demonstrator. Journalists and analysts can use it to cross signals related to conflict, infrastructure, climate, flights, and open sources. Administrations or companies might find it inspirational for building internal, more governed platforms.
The key is to differentiate between technical possibility and operational maturity. Before deploying such a tool in production, sources, data licenses, API limits, privacy, deployment security, information reliability, traceability, and user control must be evaluated. A point on a map isn’t always a confirmed fact; a temporal correlation doesn’t imply causation.
Data pipelines define modern security
Osiris exemplifies where part of security technology is headed: data integration, real-time visualization, and contextual automation. In cybersecurity, physical defense, crisis response, or corporate intelligence, the challenge is no longer just acquiring data but turning it into actionable signals without overwhelming the analyst.
The project also highlights that many organizations still work with siloed tools—one panel for flights, another for vulnerabilities, cameras, news, sanctions, crypto, weather—Osiris strives to unify these pieces into a common experience.
Its appearance on GitHub doesn’t mean any company can instantly replace a comprehensive intelligence platform. But it demonstrates that a well-designed, browser-facilitated open architecture can reach far. It also prompts a relevant question for any security team: what parts of their current monitoring could be better built as a real-time data platform rather than a collection of disconnected tools?
Osiris is more than an attractive dashboard. It’s a sign of the moment: OSINT is becoming more accessible, visual, and integrated. When used prudently, it can enhance security; if deployed uncontrolled, it can pose risks. As with most technology, success depends not only on the tool but on how it’s governed.
FAQs
What is Osiris?
Osiris is an open-source platform for real-time OSINT and global intelligence that aggregates public sources from aviation, CCTV, earthquakes, fires, news, satellites, cybersecurity, sanctions, crypto, and conflict zones.
Why is it compared to Palantir?
Because it aims to integrate multiple data sources within a single analysis interface. However, it doesn’t provide the enterprise-level governance, internal connectors, permission controls, or support that a commercial platform like Palantir offers on its own.
What security risks does it pose?
It includes RECON tools like port scanners, DNS queries, WHOIS, SSL checks, CVE searches, and IP intelligence. These are useful for defense and authorized audits but could be misused for profiling third parties without permission.
Can it run locally?
Yes. The repository supports setup via npm, Docker Compose, or prebuilt images from GHCR. Many layers function without API keys, though some features require additional configuration.
Sources: