awesome-repositories.com
博客
awesome-repositories.com

通过 AI 驱动的搜索,发现最优秀的开源仓库。

探索精选搜索开源替代品自托管软件博客网站地图
项目关于排名机制媒体报道MCP 服务器
法律隐私政策服务条款
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

89 个仓库

Awesome GitHub RepositoriesNetwork Access Control

Systems for defining and enforcing security policies to regulate traffic flow between network entities.

Distinguishing note: Focuses on network-level traffic filtering and access policy enforcement rather than generic user authentication or credential management.

Explore 89 awesome GitHub repositories matching security & cryptography · Network Access Control. Refine with filters or upvote what's useful.

Awesome Network Access Control GitHub Repositories

用 AI 发现最棒的仓库。我们将通过 AI 为您搜索最匹配的仓库。
  • hkuds/nanobotHKUDS 的头像

    HKUDS/nanobot

    44,285在 GitHub 上查看↗

    Nanobot is an orchestration framework designed for building, deploying, and managing autonomous AI agents. It provides a secure runtime environment that supports persistent memory, multi-step workflow management, and tool integration, allowing agents to maintain context and state across long-running tasks. The platform distinguishes itself through a unified model gateway that normalizes requests across diverse local and remote language models, alongside a multi-channel integration layer that connects agents to various messaging platforms. It enforces security through containerized sandboxing

    Enforces security through containerized sandboxing and network policies to ensure isolated agent execution.

    Python
    在 GitHub 上查看↗44,285
  • qwibitai/nanoclawqwibitai 的头像

    qwibitai/nanoclaw

    29,956在 GitHub 上查看↗

    Nanoclaw is an LLM agent orchestrator and multi-platform chat gateway designed to deploy and manage isolated AI agents. It provides a containerized runtime that executes agents within sandboxed Linux containers, ensuring filesystem and state isolation through dedicated workspaces and host bind-mounts. The project distinguishes itself through a unified routing pipeline that connects agents to diverse messaging platforms, including WhatsApp, Discord, Slack, Telegram, Signal, and iMessage. It integrates the Model Context Protocol to extend agent capabilities via managed external data and functio

    Forces all agent traffic through a central gateway container to prevent unauthorized external internet communication.

    TypeScriptai-agentsai-assistantclaude-code
    在 GitHub 上查看↗29,956
  • netbirdio/netbirdnetbirdio 的头像

    netbirdio/netbird

    26,188在 GitHub 上查看↗

    NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce

    Enforces granular access control and identity-based segmentation to isolate network resources across distributed environments.

    Gogolangmeshmesh-networks
    在 GitHub 上查看↗26,188
  • shieldfy/api-security-checklistshieldfy 的头像

    shieldfy/API-Security-Checklist

    23,258在 GitHub 上查看↗

    This project is a comprehensive API security audit checklist and vulnerability audit framework. It provides a structured guide of security countermeasures for designing, testing, and deploying secure APIs across various protocols. The framework includes specialized guides for securing OAuth 2.0 authorization flows, implementing zero trust networking for service-to-service communication, and protecting GraphQL endpoints from resource exhaustion and information leakage. It also provides standards for integrating static analysis, dynamic scanning, and secret detection into CI/CD delivery pipelin

    Implements network access controls using TLS configurations, HSTS headers, and IP safelisting.

    apijwtoauth2
    在 GitHub 上查看↗23,258
  • fosrl/pangolinfosrl 的头像

    fosrl/pangolin

    21,255在 GitHub 上查看↗

    Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n

    Manages WireGuard tunnel connectivity and ingress routing through integrated controller support.

    TypeScriptcrowdsecdockerhome-lab
    在 GitHub 上查看↗21,255
  • containerd/containerdcontainerd 的头像

    containerd/containerd

    20,369在 GitHub 上查看↗

    Containerd is a daemon-based container runtime that manages the complete lifecycle of containers on a host system. It functions as a core orchestration backend, handling image distribution, storage, and process execution while adhering to industry-standard specifications for container execution and configuration. The project is distinguished by its modular, plugin-based architecture, which allows for the extension of storage, runtime, and networking capabilities without requiring a full daemon recompile. It utilizes a shim-based execution model to delegate low-level operations, ensuring isola

    Permits containers to bind to low-numbered ports or perform network diagnostics without requiring elevated system capabilities.

    Gocncfcontainerdcontainers
    在 GitHub 上查看↗20,369
  • google-gemini/cookbookgoogle-gemini 的头像

    google-gemini/cookbook

    17,418在 GitHub 上查看↗

    The Gemini Cookbook is a comprehensive collection of implementation patterns, code samples, and development guides designed for building applications with Google Gemini models. It serves as a central resource for developers to integrate multimodal generative artificial intelligence into their software, providing the necessary frameworks to manage model interactions, stateful workflows, and structured data extraction. The repository distinguishes itself by offering specialized toolkits for autonomous agent orchestration, enabling the construction of agents that can execute code, browse the web

    Restricts outbound network access for agents using allowlists and credential injection.

    Jupyter Notebookgeminigemini-api
    在 GitHub 上查看↗17,418
  • slackhq/nebulaslackhq 的头像

    slackhq/nebula

    17,405在 GitHub 上查看↗

    Nebula is a scalable, decentralized overlay networking tool designed to create secure, encrypted peer-to-peer connections between distributed hosts. By utilizing a certificate-based identity authority, it enables the construction of private communication fabrics across disparate physical infrastructures, such as multiple cloud providers or on-premises data centers, without requiring central authentication servers. The project distinguishes itself through a zero-trust architecture that enforces granular, policy-driven firewall filtering based on certificate-derived group memberships. It facili

    Defines inbound and outbound firewall rules to control traffic flow and enforce security policies at the host level.

    Go
    在 GitHub 上查看↗17,405
  • m1k1o/nekom1k1o 的头像

    m1k1o/neko

    17,168在 GitHub 上查看↗

    Neko is a virtual desktop infrastructure platform that provides containerized browser isolation and remote desktop environments. It enables users to host secure, ephemeral browser instances that can be accessed and managed through a standard web browser, ensuring consistent execution across different host systems. The platform distinguishes itself through its collaborative capabilities, allowing multiple users to view and interact with a single shared browser session in real time. It synchronizes keyboard, mouse, and gamepad inputs from multiple participants while providing integrated tools f

    Manages network settings to enable remote browser access across local and public network environments.

    Godockergolangmedia-streaming
    在 GitHub 上查看↗17,168
  • snail007/goproxysnail007 的头像

    snail007/goproxy

    16,874在 GitHub 上查看↗

    This project is a multi-protocol proxy server and network tunneling tool designed to manage traffic across heterogeneous infrastructure. It functions as a traffic management gateway, providing the core infrastructure to route, filter, and secure network connections through a unified interface. The software distinguishes itself through its support for cascading proxy chaining and dynamic upstream load balancing, which allow for the creation of complex, multi-hop network paths. It provides granular control over traffic flow by normalizing diverse protocols, enabling transparent port forwarding,

    Enforces granular security policies and resource limits on network connections to prevent unauthorized access and manage usage.

    Godns-proxyencryption-proxyhttp
    在 GitHub 上查看↗16,874
  • rust-lang/rust-analyzerrust-lang 的头像

    rust-lang/rust-analyzer

    16,590在 GitHub 上查看↗

    Rust-analyzer is a language server implementation that provides real-time code intelligence, static analysis, and development productivity tools for the Rust programming language. It functions as a backend engine that communicates with text editors to deliver deep structural understanding of source code, enabling features like semantic analysis, symbol navigation, and automated refactoring. The project distinguishes itself through a core engine designed for high-performance responsiveness, utilizing incremental query-based compilation and lazy demand-driven evaluation to minimize resource con

    Operates offline by default while managing external build tool interactions.

    Rusthacktoberfestlsp-serverrust
    在 GitHub 上查看↗16,590
  • zerotier/zerotieronezerotier 的头像

    zerotier/ZeroTierOne

    16,459在 GitHub 上查看↗

    ZeroTierOne is a software-defined networking engine that creates virtual local area networks by emulating Ethernet switches across distributed devices. It functions as a peer-to-peer platform, establishing encrypted tunnels directly between endpoints to bypass the need for centralized gateways or hub-and-spoke architectures. The system distinguishes itself through a decentralized approach to network discovery and identity management. By utilizing a distributed hash table and public key infrastructure, it authenticates devices and maps virtual addresses to physical endpoints without relying on

    Applies security rules and access controls directly at each device to remove the need for centralized network chokepoints.

    C++decentralizationnetworkingpeer-to-peer
    在 GitHub 上查看↗16,459
  • shadowsocks/shadowsocks-libevshadowsocks 的头像

    shadowsocks/shadowsocks-libev

    16,180在 GitHub 上查看↗

    shadowsocks-libev is an event-driven network daemon that provides an encrypted SOCKS5 proxy. It functions as a lightweight proxy server using a non-blocking event loop to route TCP and UDP traffic through encrypted tunnels to bypass network restrictions. The project implements a transparent proxy gateway capable of intercepting outbound packets at the network layer, allowing system traffic to be redirected through the encrypted tunnel without per-application configuration. It also includes a daemon process manager to control multiple proxy server instances as child processes via local communi

    Defines and enforces security policies to regulate which client IPs can connect to the proxy.

    Ccshadowsocks
    在 GitHub 上查看↗16,180
  • angristan/openvpn-installangristan 的头像

    angristan/openvpn-install

    15,609在 GitHub 上查看↗

    This project provides a shell-based automation utility for deploying and managing OpenVPN servers on Linux hosts. It functions as an orchestration tool that handles the installation of networking software, the configuration of system-level routing rules, and the generation of cryptographic credentials required to establish secure, encrypted tunnels for remote network access. The tool distinguishes itself by automating the entire lifecycle of a private network gateway, including the management of peer identities and the distribution of standardized configuration profiles. It simplifies the set

    Enforces peer access control by managing client connections and defining allowed IP ranges.

    Shellarch-linuxbashcensorship
    在 GitHub 上查看↗15,609
  • txthinking/brooktxthinking 的头像

    txthinking/brook

    15,093在 GitHub 上查看↗

    Brook is a cross-platform proxy server designed to secure network traffic and manage multi-user access. It functions as a proxy manager that facilitates connectivity across diverse hardware architectures, including desktop, mobile, and router environments. The system distinguishes itself through integrated identity and administrative controls, utilizing email-based token authentication to verify users and enforce granular, role-based access policies. It also provides a white-label build pipeline that allows for the customization of client application branding, enabling the replacement of defa

    Regulates network traffic for multiple users through granular permission settings and subscription management.

    Goandroidcross-platformdecryption
    在 GitHub 上查看↗15,093
  • owasp-amass/amassowasp-amass 的头像

    owasp-amass/amass

    14,155在 GitHub 上查看↗

    Amass is an attack surface management tool designed to identify, map, and inventory an organization's internet-facing digital assets. It functions as a security asset discovery engine that systematically expands an organization's known infrastructure footprint through recursive domain name resolution and the collection of intelligence from diverse public data sources. The platform distinguishes itself by utilizing a graph-based modeling approach to organize discovered resources. By maintaining a persistent graph database, it tracks the relationships between infrastructure components and norma

    Visualizes relationships between digital resources to map complex network topologies and service interactions.

    Goattack-surfacesdnsenumeration
    在 GitHub 上查看↗14,155
  • termix-ssh/termixTermix-SSH 的头像

    Termix-SSH/Termix

    13,705在 GitHub 上查看↗

    Termix is a centralized web-based gateway for managing remote SSH connections and terminal sessions. It provides a browser-based interface that enables users to access, control, and monitor remote servers, containerized applications, and file systems from a single, unified dashboard. The platform distinguishes itself through robust security and session management capabilities. It integrates with external identity providers for single sign-on and enforces role-based access control to manage user permissions. To ensure reliable administration, it maintains stateful session persistence, allowing

    The platform provides a graphical representation of connected hosts and their network relationships to help users understand infrastructure layout.

    TypeScriptdockerfile-managementself-hosted
    在 GitHub 上查看↗13,705
  • coturn/coturncoturn 的头像

    coturn/coturn

    13,637在 GitHub 上查看↗

    Coturn is a network server that facilitates peer-to-peer media traffic for real-time communication applications. It functions as a relay platform for voice, video, and data transmission, enabling direct connections between clients located behind restrictive firewalls and network address translators. The server implements standard network traversal protocols to manage media packet exchange and client authentication. It utilizes a multi-threaded architecture and event-driven polling to handle high-throughput traffic, while employing hash-based message authentication codes to verify client ident

    Authenticates client requests and manages user credentials to ensure only authorized devices access relay services.

    Cnetworkingserverturn
    在 GitHub 上查看↗13,637
  • alexxit/go2rtcAlexxIT 的头像

    AlexxIT/go2rtc

    13,236在 GitHub 上查看↗

    go2rtc is a media streaming server that functions as a protocol-agnostic gateway for video and audio feeds. It ingests media from diverse sources and redistributes them across multiple streaming standards, enabling compatibility between proprietary camera hardware and web-based playback clients. The system utilizes a centralized configuration schema to manage stream routing and lifecycle orchestration based on client demand. The platform distinguishes itself through its focus on low-latency delivery, utilizing peer-to-peer connections to facilitate sub-second playback directly within web brow

    Controls network exposure by binding media services to specific interfaces and ports.

    Goffmpeggogolang
    在 GitHub 上查看↗13,236
  • nock/nocknock 的头像

    nock/nock

    13,103在 GitHub 上查看↗

    nock is a Node.js HTTP mocking library and request interceptor. It captures outgoing network traffic to specific hosts and paths, returning predefined responses to decouple applications from external servers during automated testing. The project functions as an API expectation framework to verify that specific calls were made with correct parameters. It includes a traffic recorder that captures real network interactions as fixtures for playback and a network simulation tool to introduce artificial latency or trigger network errors. Its capabilities cover request matching via hostnames, paths

    Blocks all outgoing HTTP requests to non-mocked hosts or allows specific hostnames to bypass the interceptor.

    JavaScripthttpjavascriptmock
    在 GitHub 上查看↗13,103
上一个1234…5下一个
  1. Home
  2. Security & Cryptography
  3. Network Access Control

探索子标签

  • Agent Sandboxing PoliciesMechanisms for isolating agent execution environments using containerization and network restrictions. **Distinct from Network Access Control:** Distinct from general network access control: specifically focuses on sandboxing and resource isolation for AI agent processes.
  • Identity-Aware ProxiesProxies that grant access to private services based on identity without requiring a VPN. **Distinct from Network Access Control:** Specifically refers to the identity-aware proxying mechanism rather than general network traffic filtering
  • Request AuthenticationsMechanisms for verifying identity using security schemes during HTTP request transmission. **Distinct from Network Access Control:** Focuses on credential-based request authentication rather than network-level traffic filtering
  • Topology Visualizers2 个子标签Graphical interfaces for mapping and verifying network connections and access control policies. **Distinct from Network Access Control:** Distinct from Network Access Control: focuses on the visualization of the network topology rather than the enforcement of access policies.
  • Unprivileged Network BindingsCapabilities allowing containers to bind to restricted ports or perform diagnostics without elevated privileges. **Distinct from Network Access Control:** Distinct from general network access control: focuses on unprivileged port binding and diagnostic capabilities.