Open-source alternatives to Android

KeePassDX is an Android password manager that opens, edits, and stores encrypted credential databases using the open KeePass 2.x file format. It keeps all password data stored locally on the device without requiring cloud sync or internet access, and supports multiple symmetric-key encryption algorithms including AES, Twofish, and ChaCha20 with Argon2 key derivation. The app unlocks the credential database by delegating authentication to the platform's biometric API, allowing users to bypass the master password entry using fingerprint or face recognition. It generates one-time passwords local

Passbolt is an open-source, self-hosted password manager designed for teams. It provides a centralized, encrypted vault where organizations can store, share, and manage credentials securely. The server exposes a JSON REST API that authenticates requests using either GPGAuth or JWT tokens, and all secrets are protected with OpenPGP end-to-end encryption, ensuring the server never has access to plaintext passwords. The platform distinguishes itself through a comprehensive role-based access control system that governs resource sharing and administrative actions. Teams can organize users into gro

KeeWeb is a web-based password manager and vault that allows users to open and edit encrypted databases through a browser interface. It functions as a cross-platform tool for managing password vaults using the KeePass database format. The application provides a self-hosted password vault that can be deployed as a single HTML file or via Docker. It integrates with remote storage providers using OAuth to synchronize encrypted database files across multiple devices. The system includes capabilities for secure credential generation, two-factor authentication management through time-based one-tim

MacPass is a native macOS password manager and encrypted database client designed to manage credentials using the KeePass standard. It serves as a secure credential vault for storing usernames and passwords within a hierarchical structure. The application integrates a TOTP authenticator to generate time-based and hash-based one-time passwords for multi-factor authentication. It utilizes a KeePass-compatible database engine to ensure data portability and supports keyfile-based authentication to increase decryption entropy. The project covers broader capabilities including automated credential

Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies

This is a two-factor authentication library and open-source multi-factor authentication implementation. It provides a suite of tools for implementing security workflows that require a second layer of verification beyond standard credentials. The project implements both time-based one-time passwords and HMAC-based one-time passwords. It includes utilities for generating these codes based on shared secrets and counters, following industry standards such as RFC 6238. The library covers cryptographic primitives including Base32 secret key encoding, dynamic truncation extraction, and symmetric ke

This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis

Aegis is a mobile application designed to manage and store multi-factor authentication tokens. It functions as a local-first credential vault that generates time-based and counter-based one-time passwords to verify user identity across various online services. The application secures sensitive authentication data by employing authenticated symmetric encryption and hardware-backed key storage to protect credentials at rest. Access to the stored tokens is gated by system-level biometric authentication or password verification, ensuring that only authorized users can retrieve the generated secur

Keyguard is a password manager application and secure vault designed for storing and organizing logins, passkeys, and sensitive data. It provides a multi-factor authentication vault that utilizes encrypted offline access to ensure credentials remain available without an internet connection. The application includes a dedicated SSH key manager and agent integration for generating and managing keys to access remote servers. It also features a password security auditor that analyzes vault entries to identify compromised, reused, or weak credentials. The system covers a broad range of security c

TheHive is a security incident response platform and multi-tenant case management system. It functions as a Security Orchestration, Automation, and Response (SOAR) tool and a threat intelligence platform designed to coordinate security investigations by managing alerts, cases, and observables. The platform is distinguished by its multi-tenant architecture, which isolates data across different organizations while supporting selective cross-tenant sharing. It features a SOAR automation engine capable of executing sandboxed JavaScript logic to automate workflows and trigger response actions thro

PasswordPusher is a self-hosted secret sharing service and file sharing platform used to create encrypted, self-destructing links for sensitive text and files. It functions as a white-label security gateway, allowing organizations to manage the distribution of secrets on their own internal infrastructure. The system supports corporate white-labeling through custom domain mapping and branding customization to align the interface with a professional identity. It provides a RESTful API and command-line interface for the automated distribution of secrets within external scripts and workflows. Th

Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,

Ente is a privacy-focused platform for end-to-end encrypted storage and two-factor authentication management. It functions as a zero-knowledge identity provider, ensuring that all cryptographic operations, key derivation, and data encryption occur locally on the user's device. By maintaining this architecture, the service provider remains unable to access or decrypt any stored personal information or authentication credentials. The platform distinguishes itself through a combination of on-device intelligence and resilient data distribution. It utilizes a local machine learning engine to perfo

Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and

Stack Auth is an open-source authentication and authorization platform that provides pre-built UI components, OAuth integration, team management, and session handling for web applications. It offers a complete authentication lifecycle covering sign-in, sign-up, session management, password recovery, and multi-factor security, with support for passkey authentication and OAuth providers including Google, GitHub, and Apple. The platform includes a team-based permission system with role-based access control, allowing users to be organized into teams with granular permissions for membership manage

Kanboard is a self-hosted Kanban project management tool and productivity suite designed for tracking software tasks and team collaboration. It provides a visual system for managing workflows through the use of boards, columns, and cards. The project features an extensible plugin framework and a comprehensive API for programmatic task and project administration. It includes specialized identity management through LDAP integration, allowing for the synchronization of user accounts and group permissions from directory servers. The system covers a wide range of capabilities, including event-dri

SuperTokens Core is an open-source, self-hosted authentication and identity management platform designed for deployment within private infrastructure. It provides a comprehensive suite for managing user accounts, roles, and secure authentication flows, utilizing a modular, recipe-based architecture that allows developers to enable specific security features without modifying the core codebase. The platform distinguishes itself through its robust multi-tenancy capabilities, which allow for the logical or physical isolation of user records and configuration settings across different organizatio

Romm is a self-hosted game library manager and ROM management web interface. It serves as a central server for storing and categorizing game files and emulator firmware, providing a web-based browser to organize collections through automated library scanning and metadata retrieval. The project distinguishes itself by integrating a web-based emulator frontend that uses WebAssembly to play games directly in the browser. It further provides a game save synchronization server that uses SSH-based synchronization to transfer save states and progress between the server and registered handheld device

JumpServer is a privileged access management platform designed to manage and audit secure access to SSH, RDP, Kubernetes, and database endpoints. It functions as a centralized gateway that brokers remote terminal and graphical sessions to isolate users from critical infrastructure. The system utilizes a web-based protocol gateway to translate remote connections into browser-compatible streams and a protocol-based proxy layer to isolate end-user devices from target assets. It incorporates security watermarking to deter unauthorized screen captures and provides a Kubernetes access gateway for c

Vikunja is a self-hosted task management platform designed for organizing personal and team projects. It provides a centralized system for managing tasks using multiple visualization formats, including Kanban boards, Gantt charts, and tables. The project distinguishes itself through extensive external connectivity, offering a REST API, OpenAPI specifications, and CalDAV synchronization for external calendar integration. It supports sophisticated identity federation via LDAP, OpenID Connect, and Single Sign-On, alongside event-driven automation using webhooks. The platform covers a broad rang

This project provides a complete OpenVPN server deployment packaged as a Docker container, with an integrated EasyRSA certificate authority for automated public-key infrastructure management. It handles the full lifecycle of a VPN server, from initial PKI bootstrap and server configuration generation to client certificate issuance and revocation, all within a containerized environment. The server is configured entirely through Docker environment variables, eliminating the need for manual configuration file editing. It supports time-based one-time password (TOTP) authentication as a second fac

osTicket is an open-source help desk software and ticket management system designed to centralize customer support inquiries from emails, web forms, and API requests. It functions as a multi-channel support tool that converts incoming communications into a structured queue for agent resolution and IT help desk management. The platform features a dedicated customer support portal where users can submit requests, track ticket status, and access a self-service knowledgebase of help articles and FAQs. It integrates secure OAuth2 email authentication to retrieve and send messages without storing l

Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to ag

This project provides containerized images for deploying a self-managed content collaboration and file sharing server. It enables the creation of private cloud storage and self-hosted file synchronization environments, allowing users to maintain data ownership and control over their infrastructure. The deployment model utilizes Docker images to simplify installation, scaling, and version updates. It distinguishes itself through a database-agnostic storage approach, supporting integration with PostgreSQL, MySQL, MariaDB, or SQLite, and employs volume mapping to ensure data persistence across c

Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from stru

This repository is a comprehensive collection of reference implementations and sample libraries for the Universal Windows Platform. It provides practical examples of how to use Windows Runtime APIs to build cross-device applications, including detailed guidance on XAML-based declarative user interfaces and DirectX-integrated rendering. The project distinguishes itself by providing a wide array of hardware integration suites, covering low-level communication with USB, Serial, I2C, SPI, and GPIO peripherals. It includes specialized implementations for mixed reality holographic rendering, advanc