Open Source Security Apps
Discover the best open source security tools for vulnerability scanning, threat detection & access control. Protect your system with community-driven solutions.
Apps in Security
ALTCHA
Security
A self-hosted, privacy-first CAPTCHA alternative that uses memory-hard proof-of-work to stop bots without cookies, tracking, or third-party APIs.
ALTCHA
MITAuthelia
Security · Authentication
OpenID Certified SSO and MFA portal for securing self-hosted web applications behind reverse proxies.
Authelia
Apache 2.0authentik
Authentication · Security
The self-hosted Identity Provider that replaces Okta, Auth0, and Entra ID with a unified SSO platform supporting SAML, OAuth2/OIDC, LDAP, RADIUS, and WebAuthn.
authentik
OtherBitwarden Server
Password Manager · Security
Self-hosted, open-source password management backend with zero-knowledge encryption and enterprise-grade identity services
Bitwarden Server
OtherCaddy
Devops · Security
The only web server that obtains and renews TLS certificates automatically, with HTTP/1-2-3 support and zero dependency on external runtimes.
Caddy
Apache 2.0CertMate
Security · Devops
Automate SSL certificate lifecycle across any CA, 24+ DNS providers, and every major secret store — with a REST API, web dashboard, and built-in MCP server for AI-driven ops.
CertMate
MITCosmos-Server
Security · Authentication
All-in-one self-hosted home server with SmartShield anti-DDoS, Nebula mesh VPN, automatic HTTPS, and a 250-app marketplace — all secured behind a unified auth layer.
Cosmos-Server
OtherCryptgeon
File Storage · Security
Self-destructing encrypted notes and files that vanish after viewing — the server never sees your keys.
Cryptgeon
MITDefGuard
Security · Networking · Authentication
Self-hosted secure remote access that unifies WireGuard VPN, identity management, and connection-level MFA in one open-source platform.
DefGuard
OtherDokploy
Devops · Hosting Control Panel · Security
Self-hosted PaaS that deploys apps and databases on your own VPS using Docker, Traefik, and multi-build-system orchestration
Dokploy
OtherEnclosed
Security
Send end-to-end encrypted notes and files where the server never sees your content — true zero-knowledge sharing.
Enclosed
Apache 2.0Firezone
Networking · Security
Enterprise-grade zero-trust access platform built on WireGuard® that replaces legacy VPNs with peer-to-peer, identity-aware secure tunnels.
Firezone
Apache 2.0Hanko
Security · Authentication
Open source, self-hostable authentication platform with passkeys, SAML SSO, and OAuth — the privacy-first alternative to Auth0 and Clerk.
Hanko
Otherhoodik
File Storage · Security
Self-hosted, end-to-end encrypted cloud storage with browser-based encryption and S3-compatible storage support
hoodik
Otherhoop
Security · Monitoring
A wire-protocol gateway that enforces data masking, command blocking, approval workflows, and full session recording for engineers and AI agents accessing production infrastructure.
hoop
MITInfisical
Security · Devops
The open-source platform for secrets, certificates, privileged access, and AI agent security — all in one self-hostable system.
Infisical
OtherKeePassXC
Security
A cross-platform, offline password manager with YubiKey, passkey, browser integration, and TOTP — all encrypted locally in the open KDBX format.
KeePassXC
Othermagika
Developer Tools · Security
AI-powered file type detection that identifies 200+ content types with ~99% accuracy in milliseconds using a compact deep learning model.
magika
Apache 2.0Maltrail
Security · Monitoring
Detect malicious network traffic using 47+ live threat feeds, heuristics, and a fat-client reporting dashboard — no commercial stack required.
Maltrail
MITMarble
Security · Analytics
The open-source, self-hostable fraud detection and AML compliance engine that gives fintechs full control over their detection rules, data, and investigations.
Marble
OtherNetBird
Security
Replace your VPN with a zero-trust WireGuard overlay network that auto-connects devices, enforces SSO and posture checks, and deploys in under 5 minutes.
NetBird
OtherNetmaker
Automation · Security
Automate secure WireGuard mesh networks from homelab to enterprise scale without manual configuration.
Netmaker
OtherNetworking Toolbox
Developer Tools · Security
The offline-first networking toolbox for sysadmins — 100+ subnet, DNS, DHCP, and TLS utilities that work without internet access.
Networking Toolbox
MITNginx Proxy Manager
Developer Tools · Networking · Security
Manage Nginx reverse proxies and free Let's Encrypt SSL through a beautiful web interface — no Nginx expertise required.
Nginx Proxy Manager
MITNotesnook
Note Taking · File Storage · Security
End-to-end encrypted, open-source note-taking where your data stays yours — even from the server.
Notesnook
GPL 3.0OnetimeSecret
Security
Generate self-destructing single-use links to share passwords and sensitive data without leaving traces in inboxes or chat logs.
OnetimeSecret
MITOpenSandbox
Developer Tools · Security
Secure, fast, and extensible sandbox runtime for AI agents with multi-language SDKs and Docker/Kubernetes runtimes.
OpenSandbox
Apache 2.0OSV.dev
Security
Google's open-source vulnerability database that maps CVEs to exact package versions across 50+ ecosystems with a public API and data dumps.
OSV.dev
Apache 2.0Palmr.
File Storage · Security
Self-hosted, privacy-focused file sharing without limits
Palmr.
Apache 2.0Passbolt API
Password Manager · Security
Self-hosted, end-to-end encrypted password manager API built for teams who demand full ownership of their credentials.
Passbolt API
AGPL 3.0Phase Console
Security · Devops
End-to-end encrypted secrets management for engineering teams — from local dev to Kubernetes production.
Phase Console
OtherPrivateCaptcha
Security · Authentication
Privacy-first, self-hostable Proof-of-Work CAPTCHA for GDPR-compliant bot protection.
PrivateCaptcha
OtherRequestly
Developer Tools · Monitoring · Security
Open-source HTTP interceptor and API mocker trusted by 300,000+ developers — intercept, modify, and mock HTTP traffic from browser extensions or desktop without complex proxy setup.
Requestly
OtherSafeLine
Security
Self-hosted WAF with a custom semantic detection engine and ML-powered threat analysis that blocks web attacks without cloud dependency.
SafeLine
GPL 3.0Sentry
Security · Developer Tools · Monitoring
Developer-first error tracking and performance monitoring platform with AI-powered root-cause analysis across 20+ languages and frameworks.
Sentry
OtherSocial Analyzer
Security
Find and analyze a person's digital footprint across 1000+ social media platforms using multi-layer detection, OCR, and metadata extraction.
Social Analyzer
AGPL 3.0SpiceDB
Security · Authentication · Databases
An open source, Google Zanzibar-inspired authorization database that models permissions as relationships and evaluates fine-grained access checks at massive scale with single-digit millisecond latency.
SpiceDB
Apache 2.0ST3GG
Security · Developer Tools
The ultimate open-source steganography suite — hide anything in any file using 100+ encoding techniques, detect it all, and run everything 100% in your browser.
ST3GG
AGPL 3.0Superagent
Security · AI Agents
An open-source SDK that blocks prompt injections, redacts PII and secrets, scans repositories for AI-targeted attacks, and red-teams production agents.
Superagent
MITSuperTokens
Authentication · Security
Open-source authentication platform you self-host, giving you complete control over user data with zero vendor lock-in.
SuperTokens
OtherTeleport
Security · Authentication
Zero-trust infrastructure access platform that replaces credentials and VPNs with short-lived certificates, SSO, and identity-aware proxies for SSH, Kubernetes, databases, RDP, and AI agents.
Teleport
AGPL 3.0tirreno
Monitoring · Security
Embed security inside your product — detect threats, fraud, and abuse in real time at the application layer
tirreno
AGPL 3.0Tracecat
Security · Automation · AI Agents
Open-source agentic security automation platform that runs AI agents and durable workflows at scale with sandboxed execution.
Tracecat
AGPL 3.0Traefik
Devops · Automation · Security
A cloud-native reverse proxy and load balancer that auto-configures itself from Docker, Kubernetes, and other orchestrators — zero manual routing required.
Traefik
MITVaultwarden
Password Manager · Security
Unofficial Bitwarden-compatible server in Rust — run the full Bitwarden ecosystem on a Raspberry Pi using every official client you already have, without the multi-container overhead.
Vaultwarden
AGPL 3.0VoidAuth
Security · Authentication
Self-hosted SSO with OIDC, LDAP, passkeys, and proxy auth for your entire self-hosted stack
VoidAuth
AGPL 3.0Warrant
Authentication · Security
A Google Zanzibar-inspired authorization service for defining, checking, and auditing fine-grained access control across your applications.
Warrant
Apache 2.0web-check
Security · Developer Tools
All-in-one OSINT dashboard that dissects any website's IP, SSL, DNS, headers, cookies, ports, trackers, and more in a single scan.
web-check
MITAbout Security
Security software is a critical component of modern development and operations. These applications focus on identifying, preventing, and responding to security risks across a variety of platforms and environments. Core functionality often includes vulnerability scanning, threat detection, access control, encryption, and security monitoring. They provide layers of defense to safeguard sensitive information and maintain system integrity.
Typical use cases include protecting web applications from common attacks, securing cloud infrastructure, managing user authentication and authorization, detecting malicious activity within networks, and ensuring data privacy. Features commonly found in this category include intrusion detection systems (IDS), firewalls, secure code analysis tools, and compliance auditing capabilities. Effective security solutions allow teams to proactively identify weaknesses before they can be exploited, minimizing potential damage and downtime.
Investing in robust security practices is paramount for any organization handling data or operating online. Open source Security applications offer transparency, customizability, and community support – providing developers with greater control over their security posture. They help address compliance requirements, build trust with users, and protect valuable assets from evolving cyber threats. Regular security assessments, incident response planning tools, and secure communication protocols are key benefits.