lldap is a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. It integrates with many backends, from KeyCloak to Authelia to Nextcloud and more!

It comes with a frontend that makes user management easy, and allows users to edit their own details or reset their password by email.

The goal is not to provide a full LDAP server; if you're interested in that, check out OpenLDAP. This server is a user management system that is:

- simple to setup (no messing around with slapd),
- simple to manage (friendly web UI),
- low resources,
- opinionated with basic defaults so you don't have to understand the subtleties of LDAP.

It mostly targets self-hosting servers, with open-source components like Nextcloud, Airsonic and so on that only support LDAP as a source of external authentication.

For more features (OAuth/OpenID support, reverse proxy, ...) you can install other components (KeyCloak, Authelia, ...) using this server as the source of truth for users, via LDAP.

By default, the data is stored in SQLite, but you can swap the backend with MySQL/MariaDB or PostgreSQL.

HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom

Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.

k6 is a modern load-testing tool, built on our years of experience in the performance and testing industries. It's built to be powerful, extensible, and full-featured. The key design goal is to provide the best developer experience.

Its core features are:

- Configurable load generation. Even lower-end machines can simulate lots of traffic.
- Tests as code. Reuse scripts, modularize logic, version control, and integrate tests with your CI.
- A full-featured API. The scripting API is packed with features that help you simulate real application traffic.
- An embedded JavaScript engine. The performance of Go, the scripting familiarity of JavaScript.
- Multiple Protocol support. HTTP, WebSockets, gRPC, Browser, and more.
- Large extension ecosystem. You can extend k6 to support your needs. And many people have already shared their extensions with the community!
- Flexible metrics storage and visualization. Summary statistics or granular metrics, exported to the service of your choice.
- Native integration with Grafana cloud. SaaS solution for test execution, metrics correlation, data analysis, and more.

This is what load testing looks like in the 21st century.

Let's Encrypt/ACME client and library written in Go

Termscp is a feature rich terminal file transfer and explorer, with support for SCP/SFTP/FTP/Kube/S3/WebDAV. So basically is a terminal utility with an TUI to connect to a remote server to retrieve and upload files and to interact with the local file system. It is Linux, MacOS, FreeBSD, NetBSD and Windows compatible.

Tailscale tray menu and UI for Plasma Desktop

Features

- Control your Tailscale connection from the tray
- Show IPs
- Show current connection status of your devices
- Overview of your network and network status
- Set and change your Tailscale exit node
- Proper multi account handling
- Tail drive support - Working with davfs2 support + additional help setting up davfs2 and mounting etc
- Send files to any device on your Tailnet directly from the tray menu
- Get notified and receive files from any device on your Tailnet to a pre-defined location on disk

Various security tools that don't need their own subproject.

Please have a look at the Subprojects, listed at the 'Subprojects' tab for more tools.

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), it uses Grok patterns to parse
logs and YAML scenarios to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM-based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers
(firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone's security.

Crowdsec bouncer written in golang for firewalls.

crowdsec-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add them in a blocklist used by supported firewalls.

The official CLI tool for working with [Falco](https://github.com/falcosecurity/falco) and its ecosystem components.

Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

OPA is proud to be a graduated project in the [Cloud Native Computing Foundation](https://cncf.io) (CNCF) landscape.

OpenBao exists to provide a software solution to manage, store, and distribute
sensitive data including secrets, certificates, and keys. The OpenBao community
intends to provide this software under an OSI-approved open-source license, led
by a community run under open governance principles.

A modern system requires access to a multitude of secrets: database
credentials, API keys for external services, credentials for service-oriented
architecture communication, etc. Understanding who is accessing what secrets is
already very difficult and platform-specific. Adding on key rolling, secure
storage, and detailed audit logs is almost impossible without a custom
solution. This is where OpenBao steps in.

The key features of OpenBao are:

- Secure Secret Storage: Arbitrary key/value secrets can be stored in OpenBao.
OpenBao encrypts these secrets prior to writing them to persistent storage,
so gaining access to the raw storage isn't enough to access your secrets.
OpenBao can write to disk, Consul, and more.
- Dynamic Secrets: OpenBao can generate secrets on-demand for some systems,
such as AWS or SQL databases. For example, when an application needs to
access an S3 bucket, it asks OpenBao for credentials, and OpenBao will generate
an AWS keypair with valid permissions on demand. After creating these dynamic
secrets, OpenBao will also automatically revoke them after the lease is up.
- Data Encryption: OpenBao can encrypt and decrypt data without storing it.
This allows security teams to define encryption parameters and developers to
store encrypted data in a location such as a SQL database without having to
design their own encryption methods.
- Leasing and Renewal: All secrets in OpenBao have a lease associated with
them. At the end of the lease, OpenBao will automatically revoke that secret.
Clients are able to renew leases via built-in renew APIs.
- Revocation: OpenBao has built-in support for secret revocation. OpenBao can
revoke not only single secrets, but a tree of secrets, for example, all
secrets read by a specific user, or all secrets of a particular type.
Revocation assists in key rolling as well as locking down systems in the case
of an intrusion.