75 Repos
Tools for generating and managing time-based or counter-based authentication tokens.
Distinguishing note: Focuses on the generation of TOTP/HOTP codes for account security.
Explore 75 awesome GitHub repositories matching security & cryptography · Two-Factor Authentication. Refine with filters or upvote what's useful.
Dieses Projekt ist ein von der Community kuratiertes Verzeichnis von Open-Source-Software, die für den Einsatz in privaten Serverumgebungen und Home-Labs konzipiert ist. Es dient als umfassende Ressource zur Entdeckung unabhängiger, selbst gehosteter Alternativen zu gängigen Cloud-Diensten und ermöglicht es Nutzern, die volle Datenhoheit und Kontrolle über ihre digitale Infrastruktur zu behalten. Das Verzeichnis ist durch eine hierarchische Taxonomie strukturiert, die eine riesige Sammlung von Anwendungen in logische Kategorien organisiert, von Medienmanagement und Datenanalyse bis hin zu privater Kommunikation und Tools für die Teamproduktivität. Es zeichnet sich durch einen kollaborativen Peer-Review-Prozess aus, bei dem Community-Mitglieder die Qualität und Relevanz jeder Einreichung validieren, um sicherzustellen, dass das Verzeichnis korrekt und zuverlässig bleibt. Das Projekt deckt ein breites Spektrum an Fähigkeiten ab, einschließlich Infrastruktur-Automatisierung, containerbasierter Service-Bereitstellung und deklarativem Konfigurationsmanagement. Diese Tools unterstützen Nutzer bei der Aufrechterhaltung reproduzierbarer Serverumgebungen und der Verwaltung komplexer Service-Abhängigkeiten auf privater Hardware. Das Verzeichnis wird als versionskontrolliertes Repository gepflegt, wodurch sichergestellt wird, dass alle Updates und Community-gesteuerten Änderungen nachverfolgt und transparent sind.
Stores and generates security tokens for two-factor authentication accounts to secure user logins.
This project is an AI model API gateway and proxy server designed to provide a unified interface for interacting with diverse artificial intelligence service providers. It functions as a centralized middleware platform that routes, load balances, and translates API requests across multiple models, enabling developers to access text, image, audio, and video generation capabilities through a single, standardized integration. The gateway distinguishes itself through comprehensive administrative and financial controls, including event-driven usage accounting, real-time token consumption tracking,
Allows for the disabling of two-factor authentication requirements for specific user accounts.
This project is a Node.js web application boilerplate designed to accelerate development by providing a pre-configured foundation with integrated routing, templating, and developer tooling. It serves as a comprehensive starter kit that includes a full-stack authentication system, a payment integration starter, and an LLM agent framework. The framework distinguishes itself with specialized tools for AI development, including a retrieval-augmented generation implementation kit with vector search and semantic caching. It enables the creation of reasoning agents featuring tool-calling loops and r
Secures user accounts by requiring second-factor verification via email codes or authenticator apps.
Ente is a privacy-focused platform for end-to-end encrypted storage and two-factor authentication management. It functions as a zero-knowledge identity provider, ensuring that all cryptographic operations, key derivation, and data encryption occur locally on the user's device. By maintaining this architecture, the service provider remains unable to access or decrypt any stored personal information or authentication credentials. The platform distinguishes itself through a combination of on-device intelligence and resilient data distribution. It utilizes a local machine learning engine to perfo
Creates two-factor authentication codes with support for end-to-end encrypted cloud backups.
Firefly III is a self-hosted personal finance management system built on a double-entry bookkeeping engine. It provides a comprehensive platform for tracking income, expenses, and account balances while maintaining financial integrity through structured accounting principles. Designed for private use, the system supports multi-user access, allowing independent financial administrations to coexist within a single installation. The platform distinguishes itself through extensive automation and integration capabilities. It features a robust REST JSON API and webhook system that enables programma
Requires an additional verification code from an authenticator app during login to protect user accounts against unauthorized access.
Trojan is a censorship circumvention tool and TLS proxy server designed to bypass network restrictions by imitating legitimate web services. It functions as a TLS traffic obfuscator that masks proxy activity by mimicking the handshake and data flow of standard HTTPS requests. The system disguises network traffic as common web browsing to avoid deep packet inspection. It achieves this by wrapping TCP and UDP data within TLS encryption and forwarding unauthenticated or unauthorized requests to a legitimate destination website to hide the proxy's purpose. The project provides a tunnel that conv
The service responds to plain HTTP requests with a specific file to mimic a legitimate web server.
Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from stru
Protects administrative access by requiring time-based one-time passwords from external authenticator applications.
Diaspora is a federated social networking platform that allows users to run and manage self-hosted community servers, known as pods. It operates as a distributed network where independent server nodes exchange content and users using open protocols and standardized communication schemas. The platform is distinguished by its focus on decentralized identity management and privacy-preserving communication. It includes a privacy-focused media proxy that routes external assets through a local server to protect user identity and supports cross-instance account migration, allowing users to move thei
Secures user accounts by requiring time-based one-time passwords during the sign-in process.
Nightingale is a Prometheus-compatible monitoring and alerting platform designed to centralize telemetry management across multiple time-series databases. It functions as a multi-source alerting engine and metric data pipeline that ingests telemetry via remote write protocols and triggers alarms based on data from sources such as Prometheus, Elasticsearch, Loki, and ClickHouse. The system is distinguished by its automated alert healing system, which executes predefined scripts and RPC-based corrective actions when monitoring thresholds are breached. It supports distributed alert processing, a
Handles authentication and session persistence using JSON Web Tokens with configurable expiration times.
KeeWeb is a web-based password manager and vault that allows users to open and edit encrypted databases through a browser interface. It functions as a cross-platform tool for managing password vaults using the KeePass database format. The application provides a self-hosted password vault that can be deployed as a single HTML file or via Docker. It integrates with remote storage providers using OAuth to synchronize encrypted database files across multiple devices. The system includes capabilities for secure credential generation, two-factor authentication management through time-based one-tim
Generates time-based one-time passwords (TOTP) to provide an extra layer of account security.
Aegis is a mobile application designed to manage and store multi-factor authentication tokens. It functions as a local-first credential vault that generates time-based and counter-based one-time passwords to verify user identity across various online services. The application secures sensitive authentication data by employing authenticated symmetric encryption and hardware-backed key storage to protect credentials at rest. Access to the stored tokens is gated by system-level biometric authentication or password verification, ensuring that only authorized users can retrieve the generated secur
Generates time-based and counter-based security codes to verify user identity across online services.
Spectrum is an open-source community platform designed for developer teams to host real-time threaded discussions, share code, and collaborate around GitHub projects. It provides a complete environment for creating and managing online communities with organized channels, member roles, and content moderation tools that keep conversations civil and on-topic. The platform integrates directly with GitHub, enabling users to authenticate through GitHub OAuth, search across code repositories and projects, and connect discussions to repository activity. Spectrum offers role-based team permission mana
Requires a second verification step beyond a password to confirm user identity during login.
Lucia is an authentication library that provides session management, OAuth integration, and password-based login for web applications. It creates and validates server-side sessions using cryptographically random tokens stored in HttpOnly, Secure, SameSite=Lax cookies, with constant-time token comparison to prevent timing side-channel attacks. The library supports authentication through email and password, GitHub OAuth, Google OAuth, and passkey-based sign-in. It enforces two-factor authentication using time-based one-time passwords (TOTP) from authenticator apps, generates recovery codes for
Enforces two-factor authentication using time-based one-time passwords from authenticator apps.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Disables the Antimalware Scan Interface using techniques like module unloading or DLL hijacking.
Kanboard ist ein selbst gehostetes Kanban-Projektmanagement-Tool und eine Produktivitätssuite, die für die Verfolgung von Softwareaufgaben und Teamzusammenarbeit entwickelt wurde. Es bietet ein visuelles System zur Verwaltung von Arbeitsabläufen durch die Verwendung von Boards, Spalten und Karten. Das Projekt verfügt über ein erweiterbares Plugin-Framework und eine umfassende API für die programmatische Aufgaben- und Projektverwaltung. Es beinhaltet spezialisiertes Identitätsmanagement durch LDAP-Integration, was die Synchronisierung von Benutzerkonten und Gruppenberechtigungen von Verzeichnisservern ermöglicht. Das System deckt eine breite Palette von Funktionen ab, einschließlich ereignisgesteuerter Workflow-Automatisierung, detaillierter Projektanalysen wie Burn-Down-Diagrammen und Zykluszeitmessung sowie granularer rollenbasierter Zugriffskontrolle. Es unterstützt zudem integrierte Zeiterfassung, Unteraufgaben-Zerlegung und Multi-Methoden-Authentifizierung, einschließlich Zwei-Faktor-Authentifizierung und Reverse-Proxy-Unterstützung. Die Anwendung ist mit MySQL und PostgreSQL für die persistente Datenspeicherung kompatibel und kann mittels Docker Compose bereitgestellt werden.
Implements time-based one-time passwords to add a secondary security layer after primary login.
This project is a curated directory and catalog of privacy-respecting software and security-focused services. It serves as a structured resource for finding alternatives to corporate services, focusing on tools that prioritize data sovereignty, end-to-end encryption, and user anonymity. The directory is maintained as a markdown-based resource list and rendered via a static site generator. It further extends its utility through a CORS-enabled public API and a JSON-based data schema, allowing the curated catalog of tools and providers to be retrieved programmatically. The collection covers a w
Lists tools for generating and managing time-based or counter-based authentication tokens.
Home Assistant is a local home automation platform and server that acts as an IoT device orchestrator. It integrates diverse smart home hardware by wrapping third-party APIs into a standardized logic layer and stores all system state and historical statistics on local hardware to eliminate cloud dependencies. The system functions as a Matter IoT controller and an MQTT home automation bridge, allowing for local interoperability between different manufacturers. It features a state-based entity model and an internal event bus that decouple physical device logic from system automation. The platf
Home Assistant requires a time-synchronized six-digit code from a mobile app to verify a user during login.
This project provides a complete OpenVPN server deployment packaged as a Docker container, with an integrated EasyRSA certificate authority for automated public-key infrastructure management. It handles the full lifecycle of a VPN server, from initial PKI bootstrap and server configuration generation to client certificate issuance and revocation, all within a containerized environment. The server is configured entirely through Docker environment variables, eliminating the need for manual configuration file editing. It supports time-based one-time password (TOTP) authentication as a second fac
Enforces time-based one-time passwords from authenticator apps as a second factor for OpenVPN client logins.
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
Enforces multi-factor authentication and single sign-on requirements to ensure secure identity verification.
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
Generates time-based one-time passwords directly within the vault for integrated two-factor authentication.