Search Results for "web%20servers"
Sort By:
Showing 26 open source projects for "web%20servers"
View related business solutions-
Vibes don’t ship, Retool doesVibe coding tools create cool demos, but Retool helps you build software your company can actually use. Generate internal apps that connect directly to your data—deployed in your cloud with enterprise security from day one. Build dashboards, admin panels, and workflows with granular permissions already in place. Stop prototyping and ship on a platform that actually passes security review.
-
Atera all-in-one platform IT management software with AI agentsAtera’s AI agents don’t just assist, they act. From detection to resolution, they handle incidents and requests instantly, taking your IT management from automated to autonomous.
-
1
SafeLine
Serve as a reverse proxy to protect your web services from attacks
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. ... -
2
Gobuster
Directory/File, DNS and VHost busting tool written in Go
Gobuster is a tool used to brute-force. This project is born out of the necessity to have something that didn't have a fat Java GUI (console FTW), something that did not do recursive brute force, something that allowed me to brute force folders and multiple extensions at once, something that compiled to native on multiple platforms, something that was faster than an interpreted script (such as Python), and something that didn't require a runtime. Provides several modes, like the classic... -
3
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. ... -
4
XRAY
XRay for recon, mapping and OSINT gathering from public networks
XRAY is a modular security toolset that helps developers and security professionals analyze, fuzz, and test web applications, protocols, and network services for vulnerabilities. It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. ... -
G-P - Global EOR SolutionWith G-P's industry-leading Employer of Record (EOR) and Contractor solutions, you can hire, onboard and manage teams in 180+ countries — quickly and compliantly — without setting up entities.
-
5
OWASP Amass
In-depth attack surface mapping and asset discovery
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security. The volume argument allows the Amass graph database to persist between executions and output files to be accessed on the host system. ... -
6
gost
GO Simple Tunnel, a simple tunnel written in golang
...Listening on multiple ports, multi-level forward proxies - proxy chain, standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support. Probing resistance support for web proxy, TLS encryption via negotiation support for SOCKS5 proxy. Support multiple tunnel types, tunnel UDP over TCP. Local/remote TCP/UDP port forwarding, TCP/UDP Transparent proxy, Shadowsocks Protocol (TCP/UDP), and SNI Proxy. Permission control, load balancing, route control, DNS resolver and proxy, and TUN/TAP Device. In GOST, GOST and other proxy services are considered as proxy nodes, GOST can handle the requests itself, or forward the requests to any one or more proxy nodes. ... -
7
Boulder
An ACME-based certificate authority, written in Go
...The ACME protocol allows the CA to automatically verify that an applicant for a certificate actually controls an identifier, and allows domain holders to issue and revoke certificates for their domains. Boulder is the software that runs Let's Encrypt. This component model lets us separate the function of the CA by security context. The Web Front End, Validation Authority, OCSP Responder and Publisher need access to the Internet, which puts them at greater risk of compromise. The Registration Authority can live without Internet connectivity, but still needs to talk to the Web Front End and Validation Authority. The Certificate Authority need only receive instructions from the Registration Authority. ... -
8
Open Source API Firewall by Wallarm
Fast and light-weight API proxy firewall for request and response
API Firewall is a high-performance proxy with API request and response validation based on OpenAPI/Swagger schema. It is designed to protect REST API endpoints in cloud-native environments. API Firewall provides API hardening with the use of a positive security model allowing calls that match a predefined API specification for requests and responses, while rejecting everything else. -
9
Paralus
All-in-one Kubernetes access manager
Paralus is an open-source, zero-trust access management solution for Kubernetes. It provides secure access to Kubernetes clusters without the need for VPNs, streamlining operations and enhancing security. Paralus can be easily integrated with your pre-existing RBAC configuration and your SSO providers, or Identity Providers (IdP) that support OIDC (OpenID Connect). Through just-in-time service account creation and fine-grained user credential management, Paralus provides teams with an... -
eProcurement SoftwareeBuyerAssist by Eyvo is a cloud-based procurement solution designed for businesses of all sizes and industries. Fully modular and scalable, it streamlines the entire procurement lifecycle—from requisition to fulfillment. The platform includes powerful tools for strategic sourcing, supplier management, warehouse operations, and contract oversight. Additional modules cover purchase orders, approval workflows, inventory and asset management, customer orders, budget control, cost accounting, invoice matching, vendor credit checks, and risk analysis. eBuyerAssist centralizes all procurement functions into a single, easy-to-use system—improving visibility, control, and efficiency across your organization. Whether you're aiming to reduce costs, enhance compliance, or align procurement with broader business goals, eBuyerAssist helps you get there faster, smarter, and with measurable results.
-
10
teler
Real-time HTTP Intrusion Detection
teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. kitabisa/teler-waf: teler-waf is a Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy to integrate into existing Go applications. teler provides alerting when a threat is detected, push notifications include Slack, Mattermost, Telegram and Discord. ... -
11
Kubernetes Dashboard
General-purpose web UI for Kubernetes clusters
Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself. To access Dashboard from your local workstation you must create a secure channel to your Kubernetes cluster. Kubeconfig Authentication method does not support external identity providers or certificate-based authentication. -
12
Kubeapps
A web-based UI for deploying and managing applications in Kubernetes
Kubeapps is an in-cluster web-based application that enables users with a one-time installation to deploy, manage, and upgrade applications on a Kubernetes cluster. Deploy and Manage your Favorite Kubernetes Packages. Browse and deploy packages from public and private registries. Perform day-two operations such as upgrades or rollbacks seamlessly. Create and manage different catalogs isolating them in different namespaces and clusters just using a single Kubeapps instance. -
13
go-mitmproxy
mitmproxy implemented with golang
go-mitmproxy is a Golang implementation of mitmproxy that supports man-in-the-middle attacks and parsing, monitoring, and tampering with HTTP/HTTPS traffic. Parses HTTP/HTTPS traffic and displays traffic details via a web interface. Supports a plugin mechanism for easily extending functionality. Various event hooks can be found in the examples directory. HTTPS certificate handling is compatible with mitmproxy and stored in the ~/.mitmproxy folder. If the root certificate is already trusted from the previous use of mitmproxy, go-mitmproxy can use it directly. ... -
14
Authelia
The Single Sign-On Multi-Factor portal for web apps
Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies. With a compressed container size smaller than 20 megabytes and observed memory usage normally under 30 megabytes, it's one of the most lightweight solutions available. Written in Go and React, authorization policies and many other backend tasks are completed in mere milliseconds and login portal loading times of 100 milliseconds makes it one of the fastest solutions available. ... -
15
AWS Secrets Manager Go Caching Client
Enables in-process caching of secrets for Go applications
...To use this client you must have a Go development environment. If you do not have one, go to Golang Getting Started on The Go Programming Language website, then download and install Go. An Amazon Web Services (AWS) account to access secrets stored in AWS Secrets Manager and use AWS SDK for Go. To create an AWS account, go to Sign In or Create an AWS Account and then choose I am a new user. Follow the instructions to create an AWS account. To create a secret in AWS Secrets Manager, go to Creating Secrets and follow the instructions on that page. ... -
16
Merlin HTTP/2
Merlin is a cross-platform post-exploitation HTTP/2 Command
...You just simply download it and run it. The command-line interface only works great if it will be used by a single operator at a time. The Merlin agent can be controlled through Mythic, which features a web-based user interface that enables multiplayer support, and a slew of other features inherent to the project. -
17
Casdoor
An open-source Identity and Access Management (IAM)
...Within a few steps, we can setup a Casdoor app and realize our authorization management. Casdoor has a front-end back-end separation architecture, with maneuverable web UI and supporting high concurrency. Casdoor is supporting multi-languages, using i18n to support multi-languages UI. For more languages support, welcome to propose in our community. Casdoor SDK provides many functions, such as identity authentication, user management, resource upload, etc. Access to Casdoor is very convenient, please visit How to Connect to Casdoor for details. ... -
18
gorush
A push notification server written in Go (Golang)
A push notification micro server using Gin framework written in Go (Golang) and see the demo app. Support graceful shutdown that workers and queue have been sent to APNs/FCM before shutdown service. Support different Queue as backend like NSQ or NATS, defaut engine is local Channel. You can deploy gorush to alternative solution like netlify functions. Netlify lets you deploy serverless Lambda functions without an AWS account, and with function management handled directly within Netlify.... -
19
dex
OpenID Connect (OIDC) identity and OAuth 2.0 provider
...Clients write their authentication logic once to talk to dex, then dex handles the protocols for a given backend.ID Tokens are an OAuth2 extension introduced by OpenID Connect and dex's primary feature. ID Tokens are JSON Web Tokens (JWTs) signed by dex and returned as part of the OAuth2 response that attest to the end user's identity. -
20
PhoenixC2
Command & Control-Framework created for collaboration in python3
PhoenixC2 is a command & control framework. The purpose of this software is, to aid red teamers and penetration testers in their operations, by providing a way to manage hacked devices. -
21
Hetty
An HTTP toolkit for security research
...HTTP client for manually creating/editing requests, and replay proxied requests. Intercept requests and responses for manual review (edit, send/receive, cancel) Scope support, to help keep work organized. Easy-to-use web-based admin interface. Project-based database storage, to help keep work organized. -
22
GoSpider
Gospider - Fast web spider written in Go
GoSpider - Fast web spider written in Go. Fast web crawling. Brute force and parse sitemap.xml. Parse robots.txt. Generate and verify link from JavaScript files. Link Finder. Find AWS-S3 from response source. Find subdomains from the response source. Get URLs from Wayback Machine, Common Crawl, Virus Total, Alien Vault. Format output easy to Grep. Support Burp input. -
23
sso
Single sign-on solution for securing internal services
...Octopus or octoboi — is the authentication and authorization system BuzzFeed developed to provide a secure, single sign-on experience for access to the many internal web apps used by our employees. It depends on Google as its authoritative OAuth2 provider and authenticates users against a specific email domain. Further authorization based on Google Group membership can be required on a per-upstream basis. The main idea behind sso is a "double OAuth2" flow, where sso-auth is the OAuth2 provider for sso-proxy and Google is the OAuth2 provider for sso-auth. -
24
NPS
Lightweight, high-performance, powerful intranet penetration proxy
...Https integration, support to convert backend proxy and web services to https, and support multiple certificates. Just simple configuration on web ui can complete most requirements. Complete information display, such as traffic, system information, real-time bandwidth, client version, etc. Powerful extension functions, everything is available (cache, compression, encryption, traffic limit, bandwidth limit, port reuse, etc.) -
25
pico
A Git-driven task runner built to facilitate GitOps and Infrastructure
...What once was a place to chat and collaborate with people across the planet is now a platform for the commercialization of products and services. At the seat of the modern web is the browser. The modern browser is very much like an operating system, both in terms of complexity and code size. Only massive corporations can build and maintain it. Further, the web breeds platforms that exploit your reward and learning centers in order to increase "engagement." We have no issue with the commercialization of the web -- that's how useful services exist. ...
