# OpenNHP/opennhp

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/opennhp-opennhp).**

13,753 stars · 2,498 forks · Go · apache-2.0

## Links

- GitHub: https://github.com/OpenNHP/opennhp
- Homepage: http://opennhp.org/
- awesome-repositories: https://awesome-repositories.com/repository/opennhp-opennhp.md

## Topics

`cybersecurity` `zero-trust` `zero-trust-network-access` `zero-trust-security`

## Description

OpenNHP is a software-defined perimeter controller designed to secure network infrastructure by rendering services invisible to the public internet. It functions as a zero-trust network access gateway, ensuring that network resources remain hidden from unauthorized discovery and automated scanning tools until a client successfully verifies their identity.

The system enforces security through a combination of cryptographic identity verification and dynamic firewall orchestration. By requiring a cryptographically signed packet to initiate a connection, the platform keeps all network ports in a closed or dropped state. Only after the identity is validated does the infrastructure adjust its filtering rules to grant access, effectively removing exposed IP addresses, open ports, and DNS records from public view.

This approach facilitates private service discovery by ensuring that no network infrastructure becomes reachable or discoverable until the authentication process is complete. The project provides a framework for maintaining ephemeral infrastructure exposure, where resources are only accessible for the duration of an active, verified session.

## Tags

### Security & Cryptography

- [Software-Defined Perimeters](https://awesome-repositories.com/f/security-cryptography/software-defined-perimeters.md) — Provides a software-defined perimeter architecture to obscure network resources from unauthorized discovery.
- [Zero Trust Access](https://awesome-repositories.com/f/security-cryptography/zero-trust-access.md) — Functions as a zero-trust network access gateway to hide infrastructure and require cryptographic authentication.
- [Single-Packet Authorization](https://awesome-repositories.com/f/security-cryptography/packet-filtering-engines/single-packet-authorization.md) — Implements single-packet authorization to trigger firewall changes before services become reachable.
- [Single-Packet Authorization Systems](https://awesome-repositories.com/f/security-cryptography/packet-filtering-engines/single-packet-authorization-systems.md) — Requires a cryptographically signed packet to trigger firewall rules before services become visible.
- [Infrastructure Hiding](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/infrastructure-hiding.md) — Hides network infrastructure by removing exposed IP addresses, ports, and DNS records. ([source](http://opennhp.org/llms.txt#opennhp))
- [Zero Visibility Access](https://awesome-repositories.com/f/security-cryptography/zero-trust-access-controls/zero-visibility-access.md) — Requires cryptographic authentication before network infrastructure becomes discoverable. ([source](http://opennhp.org/llms.txt#opennhp))
- [Firewall Orchestrators](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/security-frameworks/policy-management-systems/dynamic-rule-orchestrators/firewall-orchestrators.md) — Automates real-time firewall rule adjustments based on successful identity verification.
- [Cryptographic Identity Verification](https://awesome-repositories.com/f/security-cryptography/identity-verification-modules/cryptographic-identity-verification.md) — Implements cryptographic identity verification to gate network access.
- [Infrastructure Obscuration](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/infrastructure-obscuration.md) — Obscures network infrastructure by eliminating public discoverability. ([source](http://opennhp.org/llms.txt#opennhp))
- [Stealth Networking](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/network-security/stealth-networking.md) — Secures sensitive infrastructure by rendering services invisible until cryptographic identity is verified.
- [Infrastructure Obfuscation](https://awesome-repositories.com/f/security-cryptography/network-obfuscation-tools/infrastructure-obfuscation.md) — Hides exposed IP addresses and ports from public scanning tools.
- [Network Obfuscation](https://awesome-repositories.com/f/security-cryptography/network-obfuscation-tools/network-obfuscation.md) — Obfuscates network infrastructure to render resources invisible to unauthorized scanning. ([source](http://opennhp.org/llms.txt#opennhp))
- [Identity Verification](https://awesome-repositories.com/f/security-cryptography/zero-trust-networking/identity-verification.md) — Requires cryptographic identity verification before acknowledging connection attempts.
- [Stealth Security Tools](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/network-security-tools/stealth-security-tools.md) — Prevents network-based attacks by eliminating DNS records and port exposure.

### Networking & Communication

- [Stealth Port Knocking](https://awesome-repositories.com/f/networking-communication/network-port-configuration/stealth-port-knocking.md) — Keeps network ports closed until an authenticated sequence initiates a connection.
- [Private](https://awesome-repositories.com/f/networking-communication/service-discovery/private.md) — Facilitates private service discovery by requiring cryptographic authentication before infrastructure becomes reachable.

### Development Tools & Productivity

- [Infrastructure Exposure](https://awesome-repositories.com/f/development-tools-productivity/environment-provisioning/ephemeral/infrastructure-exposure.md) — Maintains ephemeral infrastructure exposure where resources are only accessible during verified sessions.