Best Self-hosted Security & Privacy tools in 2026
117 self-hosted open source alternatives in this category
117 services found
MyIP (IPCheck.ing)
Open-source IP toolbox for IP, DNS, WebRTC and network diagnostics
MyIP (IPCheck.ing) is an open-source web IP toolbox that detects local/public IPs, runs DNS leak and WebRTC checks, speed/latency/MTR tests, availability and whois lookup...
Amnezia
Cross-platform client to deploy and use your own VPN server
Open-source VPN client for desktop and mobile that can automatically set up a private VPN server and connect using WireGuard, OpenVPN, IKEv2, and obfuscated modes.
Firezone
Zero-trust remote access platform built on WireGuard
Firezone is a zero-trust VPN replacement built on WireGuard, providing identity-aware access policies, peer-to-peer encrypted tunnels, and lightweight gateways.
step-ca
Private certificate authority and ACME server for X.509 and SSH
step-ca is a private CA and ACME server for issuing and automating X.509 TLS and SSH certificates, enabling short-lived credentials and secure enrollment for teams.
Graylog
Centralized log management and analysis platform
Graylog is an open source platform for collecting, indexing, searching, and alerting on logs and machine data from many sources in one place.
iodine
IPv4-over-DNS tunneling server and client
iodine is a DNS tunneling tool that forwards IPv4 traffic through DNS queries and replies, providing a TUN interface to route IP traffic when only DNS is allowed.
Tinyauth
Lightweight authentication middleware for protecting web apps
Tinyauth is a lightweight auth middleware that adds a login screen, OAuth, or LDAP authentication in front of your apps via common reverse proxies.
WatchYourLAN
Lightweight LAN IP scanner with web UI, alerts, and metrics export
Self-hosted lightweight LAN IP/ARP scanner with web dashboard, new-host notifications, online/offline history, and metrics export to Prometheus or InfluxDB for Grafana.
Warpgate
Transparent bastion and PAM for SSH, HTTPS, MySQL and PostgreSQL
Self-hosted transparent bastion host and PAM for SSH, HTTPS, MySQL and Postgres with RBAC, session recording, and SSO/2FA—no client-side software required.
OneUptime
Open-source monitoring, incident management, and observability platform
Self-hostable observability platform for uptime monitoring, alerting, incident management, on-call, status pages, logs, and APM in one integrated suite.
Pocket ID
A passkey-only OpenID Connect identity provider
Pocket ID is a simple self-hosted OpenID Connect (OIDC) provider that lets users sign in to apps using passkeys instead of passwords.
ClamAV
Open-source antivirus engine for gateway and file scanning
ClamAV is an open-source antivirus toolkit providing a multi-threaded daemon, command-line scanners, and automatic signature updates for mail gateways and file scanning.
MeshCentral
Open-source web-based remote device management and remote desktop server
Self-hosted Node.js server for remote monitoring, web-based remote desktop, terminal, file access and multi-DB device management.
LLDAP
Lightweight LDAP authentication server with a web UI
LLDAP is a lightweight LDAP server for authentication and user management, providing a simplified LDAP interface, a web admin UI, and SQLite/MySQL/PostgreSQL backends.
Passbolt
Open-source password and secret manager for teams
Passbolt is an open-source, security-first password and secret manager for teams, with end-to-end encryption, granular sharing permissions, and auditing.
Cosmos Cloud
Security-first self-hosting platform with reverse proxy, SSO, and apps
Cosmos Cloud is a security-focused self-hosting platform that provides an app store, reverse proxy with automatic HTTPS, SSO/MFA, container management, backups, and monit...
NetAlertX
Network device scanner and presence detection with alerts
Self-hosted network visibility and presence scanner that discovers connected devices and alerts on new, unknown, or changed hosts across your LAN/Wi‑Fi.
OpenBao
Open source secrets management for keys, certificates, and tokens
OpenBao is an open source secrets management platform to securely store, generate, lease, and revoke secrets, certificates, and encryption keys with auditing and access c...
Cap
Privacy-first proof-of-work CAPTCHA alternative for web and APIs
Lightweight, self-hostable CAPTCHA alternative using SHA-256 proof-of-work challenges to protect forms and APIs from bots without tracking or visual puzzles.
Pomerium
Identity- and context-aware access proxy for zero trust access
Pomerium is an identity-aware access proxy that provides zero trust, per-request authorization to internal web apps and services without a traditional VPN.
Kanidm
Simple, secure identity management and SSO provider
Kanidm is a secure identity management platform providing SSO, passkeys (WebAuthn), and integrations like OAuth2/OIDC, RADIUS, and LDAP gateway for legacy apps.
Cerbos
Context-aware authorization and access control policy engine
Cerbos is a scalable, language-agnostic authorization layer for defining and evaluating context-aware access control policies via a dedicated Policy Decision Point (PDP)...
OPNsense
Open source firewall and routing platform for network security
OPNsense is an open source FreeBSD-based firewall and routing platform with a web GUI, API, VPN, traffic shaping, and security features for networks and homelabs.
OpenZiti
Open-source zero trust networking overlay for applications
OpenZiti is an open-source zero trust networking platform that builds an identity-based overlay mesh with SDKs, tunnelers, and policy-based access controls.
2FAuth
Web-based TOTP/HOTP authenticator and 2FA account manager
Open-source web app to manage TOTP/HOTP 2FA accounts: scan QR codes, generate one-time codes, import/export tokens, and protect access with WebAuthn and optional encrypti...
WGDashboard
Web dashboard to manage and monitor WireGuard VPN
Self-hosted web dashboard for WireGuard and AmneziaWG to manage configs, peers, and access with a simple UI and optional 2FA.
Password Pusher
Securely share passwords and sensitive data with auto-expiring links.
Open-source app that creates self-deleting secret links with audit logs.
GLAuth
Lightweight LDAP authentication server with pluggable backends
GLAuth is a lightweight LDAP/LDAPS authentication server for development, CI, and homelabs, supporting file, S3, SQL, or LDAP proxy backends and optional 2FA.
Canarytokens
Honeytokens that alert when accessed or executed
Canarytokens generates honeytokens (URLs, files, credentials, docs) that alert you when an attacker touches them, helping detect breaches early.
Onetime Secret
Self-destructing service for sharing single-use encrypted secrets
Open-source web and API service to create encrypted, single-view links for sharing secrets with configurable expiry and optional passphrase protection.