30 open-source projects similar to lazy-luo/smargate, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best SmarGate alternative.
This project is a privacy-focused VPN manager and WireGuard client application designed to establish encrypted tunnels that mask user IP addresses and activity. It focuses on maintaining anonymity through a system that supports account creation without personal identifying information. The application distinguishes itself with advanced privacy tools, including a multi-hop orchestrator for routing traffic through multiple sequential servers and a network traffic obfuscator that uses Shadowsocks, TCP, and QUIC to bypass deep packet inspection and censorship. It also implements quantum-resistant
NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce
goflyway is an encrypted traffic relay and HTTP TCP tunneling proxy. It encapsulates TCP traffic within HTTP POST or WebSocket requests to bypass restrictive firewalls and network proxies. The system provides a SOCKS5 proxy server that routes traffic via a WebSocket relay and includes a UDP over TCP tunnel to enable transport across networks that block UDP traffic. It also functions as a TCP traffic interceptor for capturing and inspecting data passing through relayed connections. Capabilities cover network tunneling and traffic proxying through various transport protocols, including HTTP PO
shadowsocks-libev is an event-driven network daemon that provides an encrypted SOCKS5 proxy. It functions as a lightweight proxy server using a non-blocking event loop to route TCP and UDP traffic through encrypted tunnels to bypass network restrictions. The project implements a transparent proxy gateway capable of intercepting outbound packets at the network layer, allowing system traffic to be redirected through the encrypted tunnel without per-application configuration. It also includes a daemon process manager to control multiple proxy server instances as child processes via local communi
pwnat is a set of software utilities designed for TCP hole punching, network tunneling, and proxy-based port forwarding to bypass network address translation restrictions. It functions as a tool for establishing direct TCP connections between hosts located behind separate network address translators without requiring manual port forwarding, DMZ configurations, or third-party servers. The project enables peer-to-peer TCP tunnels by exploiting network address translation table properties to bypass firewalls. It provides a proxy that routes local port traffic to remote hosts and ports through pe
3proxy is a multi-protocol proxy server and network access control gateway. It functions as a network traffic forwarder capable of routing TCP and UDP traffic across HTTP, SOCKS, and various email and file protocols. The project provides specialized capabilities for secure traffic inspection, including the decryption and analysis of HTTPS and TLS streams through certificate spoofing and mutual authentication. It further supports client identity anonymization by routing outbound traffic through recursive upstream proxy chains. The software covers a broad range of network management functions,
This project is a wireless hotspot management interface for Debian devices. It provides a web-based controller for managing wireless access points, wireless repeaters, VPN gateways, and DNS ad-blocking filters. The system includes a captive portal framework to intercept network traffic via customizable splash pages and a VPN controller that supports WireGuard and OpenVPN with kill-switch functionality. It further differentiates itself with a DNS ad-blocking filter using curated blacklists and the ability to operate in multiple network modes, including bridged access point and wireless repeate
ShadowsocksR is a Python-based implementation of a SOCKS5 proxy server designed to tunnel network traffic through encrypted connections. It functions as an encrypted network tunnel that obfuscates internet traffic to circumvent network restrictions and firewalls. The project includes security hardening features to protect the proxy server from unauthorized access, specifically by blocking IP addresses that attempt brute force credential attacks. The server manages bidirectional TCP and UDP traffic and can be executed as a background system daemon to maintain persistent connectivity. It suppo
A Rust port of shadowsocks
zrok is a zero trust networking service that provides a secure overlay mesh to expose local services and files through firewalls and NAT without the need for manual port forwarding. It functions as a zero trust network manager, orchestrating identities, policies, and routers to establish secure connectivity between applications and users. The project distinguishes itself through the use of identity-based routing and hardened HTTP frontends that integrate with external identity providers. These capabilities allow for the creation of identity-aware proxies and secure reverse proxies that authen
Firezone is a zero trust network access platform that uses WireGuard to provide identity-based connectivity to internal network resources. It functions as a virtual private network that synchronizes authentication and user groups via OpenID Connect providers. The system implements a group-based access control engine to enforce least privilege by restricting network resources to specific user groups. It utilizes holepunching and relay protocols for NAT traversal to establish encrypted tunnels through firewalls without requiring inbound ports. The platform includes a control plane for managing
x-ui-yg is a web-based proxy panel and multi-protocol manager used to deploy and manage network proxy protocols for bypassing internet censorship. It serves as a centralized administrator for secure network tunnels, providing a dashboard to obscure internet traffic and maintain user privacy. The project functions as a proxy subscription server, generating aggregated client subscription links and configuration files locally to remove reliance on third-party conversion tools. It also acts as a CDN proxy orchestrator, allowing the use of CDN domains and encryption to mask server identities and p
Ockam is an end-to-end encryption framework and distributed identity provider designed to establish secure communication between applications and devices. It provides a secure network overlay that utilizes cryptographic identities and attribute-based access control to implement zero trust network access. The project distinguishes itself through metadata-driven multi-hop routing and a pluggable transport layer, allowing encrypted traffic to move across diverse network topologies without requiring virtual IP overlays. It specifically enables secure tunneling for legacy applications by wrapping
Anthias is a digital signage management system used to schedule and display images, videos, and web pages across a fleet of screens. It functions as a Docker-based device orchestrator that deploys containerized software across networked hardware units via a centralized interface. The platform includes a web-based content scheduler to control the timing, duration, and visibility of media assets using specific date and time windows. Administration is handled through a secure gateway that utilizes a reverse proxy and TLS termination to manage remote display devices over HTTPS. The system covers
Plain-app is a multi-purpose toolset for self-hosted device management, providing a web-based dashboard to remotely access files, system settings, and notifications on a mobile device over a local network. It functions as a remote gateway for SMS and notifications, a peer-to-peer file transfer system, and a media server for streaming content to browsers or casting to televisions via DLNA and Chromecast. The project emphasizes secure local connectivity, utilizing TLS and XChaCha20-Poly1305 encryption to protect traffic between the mobile device and the browser. It also includes a distraction-f
gost is a multi-protocol proxy tunnel and secure tunneling server designed to route network traffic through encrypted connections. It functions as a traffic obfuscation gateway and a transparent proxy server capable of intercepting TCP and UDP traffic at the IP level. The project also includes a virtual network interface manager for creating TUN and TAP devices to intercept operating system packets. The system distinguishes itself through a chain-based request routing model, allowing traffic to pass through an ordered sequence of proxy nodes. It provides extensive transport-layer encapsulatio
Webmin is a web-based administration interface for Unix systems. It provides a centralized console for managing the full range of server administration tasks — users and groups, software packages, storage, network configuration, system services, and security — all through a browser. Its modular architecture allows separate modules to handle databases (MySQL, MariaDB, PostgreSQL), web servers (Apache), DNS (BIND), email (Sendmail, Dovecot), file sharing (Samba, NFS), and more, with a unified access control system that restricts what each administrator can see and do. What sets Webmin apart is
i2pd is a C++ implementation of the I2P anonymous network layer, serving as a peer-to-peer overlay network and I2P network router. It functions as a decentralized communication system that masks IP addresses and encrypts data using a garlic routing protocol. This project provides a lightweight daemon that acts as a self-hosted privacy gateway, connecting local applications to the I2P network for private data transmission without the use of Java. The system covers anonymous peer communication, privacy-preserving networking, and secure client-server interactions. It implements end-to-end encry
Nexterm is a centralized management platform for remote server administration, providing a web-based gateway for SSH, VNC, and RDP connections. It serves as a unified interface for managing remote server connectivity, secure access control, and server resource monitoring. The platform integrates a Docker container orchestrator and a virtualization management console to control LXC and QEMU containers. It features an identity gateway that supports OpenID Connect single sign-on and two-factor authentication, alongside an SFTP file manager for remote file transfer and organization. The system i
This project is a shell-based deployment script for configuring multi-protocol proxy servers using sing-box. It provides a system for installing and managing network proxy environments on remote servers, supporting protocols such as Reality, Hysteria2, TUIC, Trojan, and Shadowsocks. The tool includes a proxy subscription generator that creates formatted node lists compatible with various proxy clients via a single subscription link. It also implements specialized network configurations, including Cloudflare WARP proxy chains for bypassing regional restrictions and Argo tunnel gateways for NAT
MasterDnsVPN is a DNS tunneling VPN and network censorship bypass tool that encapsulates network traffic within DNS queries to circumvent restrictive firewalls. It functions as a secure tunneling protocol and SOCKS5 proxy server, allowing local application traffic to be routed through a secure tunnel to a remote destination. The project distinguishes itself through a DNS resolver load balancer that distributes traffic across multiple resolvers based on latency and packet loss scoring. It further secures and masks traffic using symmetric payload encryption—supporting ChaCha20, AES-GCM, and XOR
This project is an Android RPA framework designed for automating user interfaces and system tasks on rooted Android devices using Python and ADB. It provides a suite of tools for rooted device management, allowing for programmatic control of system settings, application lifecycles, and shell command execution via a remote API. The framework distinguishes itself through a combination of dynamic instrumentation and AI integration. It can inject scripts into running processes to hook Java interfaces and modifies application behavior in real time. Additionally, it supports large language model in
SSH.NET is a .NET library that implements the SSH-2 protocol for encrypted remote connections and secure file transfers. It provides a complete SSH-2 protocol stack implementation with a channel multiplexing engine that manages multiple concurrent channels over a single connection, supporting simultaneous shell sessions, remote command execution, SFTP transfers, and port forwarding tunnels. The library includes a pluggable authentication pipeline supporting password, public key, certificate, keyboard-interactive, and multi-factor authentication combinations. The library distinguishes itself t
Tribler is an anonymized peer-to-peer network and BitTorrent client that enables the sharing of files and streaming of media through multi-hop encrypted circuits. It functions as a distributed content search engine and privacy-preserving torrent streamer designed to prevent traffic analysis. The project distinguishes itself by integrating onion routing directly into the file-sharing process, masking the identities and locations of both downloaders and seeders. It utilizes a decentralized reputation system to track node reliability and mitigate spam without relying on central servers. The pla
This project is a web-based interface and RPC client designed to control the Transmission BitTorrent client. It serves as a browser-accessible dashboard for managing torrent downloads and uploads, allowing users to organize files and track transfer progress. The controller provides specialized tools for tracker optimization, including batch tracker replacement and health monitoring to improve peer discovery. It also enables remote file system organization, allowing users to relocate data storage directories for specific entries without deleting the underlying data. The system covers a broad
Proxyman is a cross-platform HTTP debugging proxy that captures, inspects, and modifies HTTP, HTTPS, and WebSocket traffic. It functions as a man-in-the-middle proxy, decrypting SSL/TLS traffic to allow real-time inspection and modification of encrypted requests and responses. The tool is designed for debugging web and mobile applications, with capabilities for API mocking and simulation, scriptable traffic modification, and team collaboration on network logs. What distinguishes Proxyman is its deep integration with mobile and cross-platform development workflows. It provides automated certif
Syncthing Android is a mobile application and service wrapper that enables decentralized, peer-to-peer file synchronization on the Android platform. It functions as a distributed data sync tool that mirrors folders across multiple devices without the need for a central cloud server. The project provides a mobile interface to manage a synchronization instance, utilizing a service-wrapper architecture to handle the lifecycle and configuration of the underlying synchronization binary. It ensures secure data exchange through TLS encryption, certificate-based identity verification, and password-pr
Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe
This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis
GOAD is an Ansible-based automation tool and infrastructure orchestrator used to deploy pre-configured networks of vulnerable Windows virtual machines. It serves as a security training environment for practicing Active Directory penetration testing, privilege escalation, and lateral movement across various cloud platforms and local virtualization hypervisors. The project distinguishes itself through a multi-provider infrastructure model and a system of infrastructure recipes that simulate intentional security misconfigurations. It supports the deployment of varied attack scenarios, including