Best Self-hosted Security & Privacy tools in 2026
117 self-hosted open source alternatives in this category
117 services found
Wizarr
User invitation and management system for media servers
Wizarr automates user invitations and onboarding for Plex, Jellyfin, Emby and similar media servers, with SSO, time-limited access, Discord and request-system integration...
Yopass
Secure one-time secret sharing with client-side encryption
Open-source tool for sharing secrets and files via client-side OpenPGP encryption and one-time expiring links.
Defguard
Zero-trust WireGuard VPN with protocol-level MFA and integrated SSO
Enterprise-grade zero-trust access management platform providing WireGuard VPN with true protocol-level 2FA/MFA, plus integrated OpenID Connect SSO and user/device contro...
AliasVault
End-to-end encrypted password manager with built-in email aliasing
Privacy-first, end-to-end encrypted password and email alias manager with passkeys, TOTP, apps and extensions, plus a built-in email server for self-hosting.
ShellHub
Centralized SSH gateway for remote access and device management
Centralized SSH gateway to remotely manage Linux servers, containers and IoT devices via web or native SSH; offers key auth, firewall rules, audit logging and session rec...
Maza ad blocking
Local DNS-based ad blocker using your operating system
Simple local ad blocker that updates your system hosts or dnsmasq rules to block ad and tracking domains across any browser or application.
Beelzebub
Low-code honeypot framework using LLMs for safe system deception
Secure low-code honeypot framework that uses LLMs to simulate high-interaction systems across SSH/HTTP/TCP and MCP, with metrics and cloud-native deployment options.
TeamPass
Collaborative on-prem password management with RBAC and encryption.
On-prem password manager enabling secure sharing and fine-grained access control over credentials.
VoidAuth
Self-hosted SSO and user management with OpenID Connect and ForwardAuth
VoidAuth is a self-hosted SSO provider with OpenID Connect, ForwardAuth proxy auth, and built-in user and group management plus MFA and passkeys.
UUSEC WAF
Web application firewall and API security gateway (WAAP)
High-performance web application firewall and API security gateway with semantic detection, rule management, and reverse-proxy deployment for protecting websites and APIs...
Wiredoor
Ingress-as-a-service to expose private services via WireGuard and NGINX
Self-hosted ingress platform that exposes internal HTTP/TCP services to the internet through reverse WireGuard tunnels, with NGINX routing and automatic TLS certificates.
GlobaLeaks
Secure whistleblowing and anonymous reporting platform
Open-source platform for secure, anonymous whistleblowing and case handling, designed for privacy by default and adaptable to many reporting use cases.
Databunker
Self-hosted vault for tokenizing and encrypting sensitive records
Databunker is a self-hosted vault that tokenizes and encrypts PII/PHI/KYC/PCI data, providing a secure API, consent management, and audit trails for compliance.
Authgear
Identity and authentication platform for apps and APIs
Open-source Auth0/Clerk/Firebase Auth alternative with passkeys, MFA, SSO (OIDC/SAML), user management portal, and extensible auth flows for web and mobile apps.
Hemmelig
Encrypted secret sharing with client-side encryption and self-destructing links
Share sensitive text or files securely using client-side encryption, expiring links, view limits, and optional password protection.
ZTNET
Web UI for managing private ZeroTier controllers with teams
ZTNET is a self-hosted web UI for administering private ZeroTier controllers, with multi-user access, organization support, and streamlined network and member management.
tirreno
Security analytics framework for in-app threat detection and risk
Open-source security analytics framework for event tracking, in-app threat detection, and risk management to protect applications from abuse, bots, and account takeover.
NetGoat
Self-hostable reverse proxy and traffic manager with WAF features
NetGoat is a self-hostable reverse proxy and traffic management platform offering Cloudflare-like features such as TLS termination, rate limiting, WAF-style filtering, an...
GoAway
Lightweight DNS sinkhole with a web admin dashboard
Self-hosted DNS sinkhole written in Go that blocks ads, trackers and malicious domains; provides a modern web dashboard, Docker support, DoT/DoH options and realtime stat...
Mozilla Accounts (FxA)
Account and authentication service for Mozilla products
Mozilla Accounts (FxA) is an account and authentication service used by Mozilla clients, providing login, session management, and account-related APIs for Mozilla product...
Melody Auth
OAuth 2.0 and authentication server for Cloudflare Workers or Node.js
Turnkey OAuth 2.0/OIDC authentication system with admin panel, REST APIs, RBAC, MFA, social login, and flexible deployment on Cloudflare Workers or Node.js.
sup3rS3cretMes5age
Self-destructing one-time message service backed by HashiCorp Vault
Self-hosted one-time, self-destructing message service that stores secrets in HashiCorp Vault, with a lightweight web UI and optional TLS automation.
FlashPaper
One-time encrypted secret sharing web application
Simple PHP app for one-time encrypted secret sharing. Stores encrypted secrets in SQLite, deletes on retrieval, and provides a curl API and Docker images.
Cert Warden
Centralized ACME certificate manager with REST API and UI
Open-source centralized ACME client to manage TLS certificates with automated renewals, API-key retrieval for clients, http-01/dns-01 challenge support, Go backend and Re...
Shhh
One-time encrypted secret sharing web app
Tiny Flask app to create encrypted, expiring secrets shareable via private links. Secrets are encrypted and deleted after viewing, expiration, or max attempts.
VaulTLS
Web application to generate and manage mTLS certificates.
Self-hosted web app to generate, manage and distribute mTLS client and server certificates with OIDC auth, email alerts and a REST API.
Cupdate
Zero-config service that detects and lists outdated container images
Cupdate auto-detects container images in Kubernetes, Docker or Podman, finds newer versions and exposes results via a UI, API and RSS feed with vulnerability metadata.
YeetFile
Encrypted self-hosted file sharing and vault with client-side encryption
Self-hosted encrypted file sharing and vault. Client-side encryption, shareable expiring links, CLI and web UI, and storage backends (local, S3, Backblaze B2).
Fail2Ban-Report
Web dashboard for Fail2Ban logs and centralized UFW blocklist management
Lightweight PHP dashboard that converts Fail2Ban logs into searchable JSON reports and centralizes UFW-based blocklist control with HTTPS-based multi-server sync.
OrigamiVault
Encrypt and split secrets for printable offline paper recovery
Client-side web app to encrypt or split secrets into QR codes and OCR-friendly printouts for offline recovery using AES and Shamir Secret Sharing.