sysadmin
Simple way to manage your remote machines and SSH keys.
Bare metal servers are awesome. They let you pick where to run your software and how to deploy it. You get full control to make the most of the server's resources. No limits, no compromises. That's real freedom.
Viking makes it easier to work with them.
Manage Kubernetes in style.
JET Pilot is an open-source Kubernetes desktop client that focuses on less clutter, speed and good looks.
Cronicle is a multi-server task scheduler and runner, with a web based front-end UI.
It handles both scheduled, repeating and on-demand jobs, targeting any number of slave servers, with real-time stats and live log viewer.
Your entire server infrastructure at your fingertips. Manage all your servers from your local desktop. No remote setup required.
XPipe is a new type of shell connection hub and remote file manager that allows you to access your entire server infrastructure from your local machine. It works on top of your installed command-line programs and does not require any setup on your remote systems. So if you normally use CLI tools like ssh, docker, kubectl, etc. to connect to your servers, you can just use XPipe on top of that.
Command Line S3 Client and S3 Backup for Windows, Linux: s3cmd, s3express.
S3cmd is a free command line tool and client for uploading, retrieving and managing data in Amazon S3 and other cloud storage service providers that use the S3 protocol, such as Google Cloud Storage or DreamHost DreamObjects. It is best suited for power users who are familiar with command line programs. It is also ideal for batch scripts and automated backup to S3, triggered from cron, etc.
🖧🔍 WIFI / LAN intruder detector. Scans for devices connected to your network and alerts you if new and unknown devices are found.
Get visibility of what's going on on your WIFI/LAN network. Schedule scans for devices, port changes and get alerts if unknown devices or changes are found. Write your own Plugins with auto-generated UI and in-build notification system. Build out and easily maintain your network source of truth (NSoT).
Related contents:
This module provides an easy way to cleanup Active Directory from dead/old objects based on various criteria. It can also disable, move or delete objects. It can utilize Azure AD, Intune and Jamf to get additional information about objects before deleting them.
CleanupMonster is a PowerShell module to that helps you clean up Active Directory. It's a complete solution that allows you to remove stale Computer (Users will be added in future) objects from Active Directory. It's a very advanced module with many options and you can easily customize it to your needs. Please make sure to run this module with proper permissions or you may get wrong results. By default Active Directory domain allows a standard user to read LastLogonDate and LastPasswordSet attributes. If you have changed those settings you may need to run the module with elevated permissions even for reporting needs.
Related contents
Lightweight network IP scanner. Can be used to notify about new hosts and monitor host online/offline history
This project is specifically made for brand new directories and ease their creation with all security rules in place:
- Remove legacy protocols/setup used by Microsoft for compliance purposes
- Enforce the use of modern alogrithm for cyphering and authentication
- Enforce LDAPS when a client requests a connection to your DC
- Enforce the default password strategy to match with modern expectation
- Add other Domain Controllers to your secured domain
Related contents:
Like Prometheus, but for logs.
Grafana Loki is a set of open source components that can be composed into a fully featured logging stack. A small index and highly compressed chunks simplifies the operation and significantly lowers the cost of Loki.
Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream.
A Firecracker micro VM management tool. Run Docker images as micro VMs.
Squirrel Servers Manager (SSM). A user-friendly, UI/UX focused server & configuration management tool.
Powered by Ansible & Docker.
An Open Source DNS Server For Privacy & Security. Block ads & malware at DNS level for your entire network!
Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. It works out-of-the-box with no or minimal configuration and provides a user friendly web console accessible using any modern web browser.
Related contents:
NetBox - The Premier Network Source of Truth.
NetBox is the source of truth for everything on your network, from physical components like power systems and cabling to virtual assets like IP addresses and VLANs. Network automation and observability tools depend on NetBox’s authoritative data to roll out configurations, monitor changes, and accelerate operations across the enterprise.
Self-hosted - Docker compose.yaml - Stack-oriented Manager.
Related contents:
chrony is a versatile implementation of the Network Time Protocol (NTP). It can synchronise the system clock with NTP servers, reference clocks (e.g. GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network.
Docker Image Update Notifier is a CLI application written in Go and delivered as a single executable (and a Docker image) to receive notifications when a Docker image is updated on a Docker registry.
Automated Encryption Framework
Clevis is a pluggable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes.
- Clevis/Tang: unattended boot of an encrypted NixOS system @ FOSDEM.
- Clevis & Tang on NixOS.
- Safe automatic decryption of LUKS partition using TPM2 @ 221b.
- Automatic LUKS 2 disk decryption with TPM 2 on Fedora @ kowalski7cc.
- Automatically decrypt your disk using TPM2 @ fedora Magazine.
- Use systemd-cryptenroll with FIDO U2F or TPM2 to decrypt your disk @ fedora Magazine.
- Episode 572: Data Security Only a Maniac Could Love @ Linux Unplugged.
Tools for managing DNS across multiple providers.
In the vein of infrastructure as code octoDNS provides a set of tools & patterns that make it easy to manage your DNS records across multiple providers. The resulting config can live in a repository and be deployed just like the rest of your code, maintaining a clear history and using your existing review & workflow.
Related contents:
Linux & DevOps Troubleshooting Interviews.
Troubleshoot and make a sad server happy! "Like LeetCode for Linux"
Capture The Flag challenges. Train and prove your debugging skills. Practice for your next SRE/DevOps interview. Get a full remote Linux server with a problem and fix it.
Web Dashboard and Reporting. A Web Dashbord for Nmap XML Report.
Open Source Asset Management System.
This is a FOSS project for asset management in IT Operations. Knowing who has which laptop, when it was purchased in order to depreciate it correctly, handling software licenses, etc.
Remote Access VPN & Software Defined Networking. A Fast, Affordable, Remote Access VPN. IT Administrators trust Netmaker to provide secure access between remote networks, systems, and users.
Netmaker is a platform that uses Software Defined Networking (SDN) to build a powerful remote access VPN. Securely connect and manage a complex network with ease.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
A network diagnostic tool.
Trippy combines the functionality of traceroute and ping and is designed to assist with the analysis of networking issues.
A free open-source network computer cloning and management solution.
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. FOG can be used to image Windows XP, Vista, Windows 7, Window 8/8.1, and Windows 10, Windows 11 PCs using PXE, PartClone, and a Web GUI to tie it together. Includes features like memory and disk test, disk wipe, av scan, task scheduling, inventory management, remote deployment of OS's, and remote installation of software packages. Features can be triggered through the web GUI, once the client machine has been registered with FOG.
OliveTin gives safe and simple access to predefined shell commands from a web interface.
Related contents:
Logdy a web viewer for logs. Supercharge terminal logs with web browser UI and low-code. Save 90% of time searching and browsing logs.
Web based real-time log viewer. Stream ANY content to a web UI with autogenerated filters. Parse any format with TypeScript.
End-of-life (EOL) and support information is often hard to track, or very badly presented. endoflife.date documents EOL dates and support lifecycles for various products.
endoflife.date aggregates data from various sources and presents it in an understandable and succinct manner. It also makes the data available using an easily accessible API and has iCalendar support.
Secure and fast microVMs for serverless computing.
Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services.
Related contents:
This tool can lead to password exposure.
Non-interactive ssh password auth download.
Sshpass is a tool for non-interactivly performing password authentication with SSH's so called "interactive keyboard password authentication". Most user should use SSH's more secure public key authentiaction instead.
Terraform wrapper. DRY and maintainable Terraform code.
Terragrunt is a thin wrapper that provides extra tools for keeping your configurations DRY, working with multiple Terraform modules, and managing remote state.
Related contents:
Bird’s-eye view for Kubernetes. Seabird is the native desktop app that simplifies working with Kubernetes. Native Kubernetes desktop client.
Seabird is a native cross-platform Kubernetes desktop client that makes it super easy to explore your cluster's resources. We aim to visualize all common resource types in a simple, bloat-free user interface.
🌀 A log file highlighter.
tailspin works by reading through a log file line by line, running a series of regexes against each line. The regexes recognize patterns you expect to find in a logfile, like dates, numbers, severity keywords and more.
tailspin does not make any assumptions on the format or position of the items it wants to highlight. For this reason, it requires no configuration and the highlighting will work consistently across different logfiles.
SSH3: faster and rich secure shell using HTTP/3.
SSH3 is a complete revisit of the SSH protocol, mapping its semantics on top of the HTTP mechanisms. In a nutshell, SSH3 uses QUIC+TLS1.3 for secure channel establishment and the HTTP Authorization mechanisms for user authentication.
etckeeper is a collection of tools to let /etc be stored in a git, mercurial, bazaar or darcs repository. This lets you use git to review or revert changes that were made to /etc. Or even push the repository elsewhere for backups or cherry-picking configuration changes.
Exploitation Framework for Embedded Devices. It consists of various modules that aid penetration testing operations.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Squest is a self-service portal that works on top of Red Hat Ansible Automation Platform/AWX.
KubeSkoop is a kubernetes networking diagnose tool for different CNI plug-ins and IAAS providers. KubeSkoop automatic construct network traffic graph of Pod in the Kubernetes cluster, monitoring and analysis of the kernel's critical path by eBPF, to resolve most of Kubernetes cluster network problems.
Simple, Pythonic remote execution and deployment.
Fabric is a high level Python (2.7, 3.4+) library designed to execute shell commands remotely over SSH, yielding useful Python objects in return. It builds on top of Invoke (subprocess command execution and command-line features) and Paramiko (SSH protocol implementation), extending their APIs to complement one another and provide additional functionality.
Related contents:
The Ultimate Server Management Tool.
Vito is a self-hosted web application that helps you to manage your servers and deploy your PHP applications into production servers without a hassle.
Terminal bandwidth utilization tool.
This is a CLI utility for displaying current network utilization by process, connection and remote IP/hostname
All of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool. Input a domain name or IP Address or Host Name. Links in the results will guide you to other relevant tools and information. And you'll have a chronological history of your results.
DMARC, SPF, DKIM, BIMI checker.
Instantly test your domain to verify your DMARC, SPF, DKIM, BIMI configurations The Merox solution helps you implement DMARC and many other DNS security protocols and standards.
the most popular DMARC tools on the market, covering every aspect of DIY domain protection.
AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker.
It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (see below) that are used to check the integrity of the file. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions. See the manual pages within the distribution for further info.
Collaboratively transforming network infrastructure by leveraging: Open Source Software, Cloud-Native and SDN Technologies, Disaggregation and White Box Hardware.
Programming Protocol-independent Packet Processors (P4) is a domain-specific language for network devices, specifying how data plane devices (switches, NICs, routers, filters, etc.) process packets.
An Instant Virtual Network on Your Laptop (or Other PC).
Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native), in seconds, with a single command.
Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware's vNetwork distributed vswitch or Cisco's Nexus 1000V.
Related contents:
PersistenceSniper is a Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. It is also available on Powershell Gallery and it is digitally signed with a valid code signing certificate. The tool is under active development with new releases coming out by the week, so make sure to use the up-to-date version. Official Twitter/X account @PersistSniper.
An Open Source Network Security Monitoring Tool Zeek (formerly Bro) is the world’s leading platform for network security monitoring.
Flexible, open source, and powered by defenders.
OpenDaylight (ODL) is a modular open platform for customizing and automating networks of any size and scale.
The OpenDaylight project is an open source platform for Software Defined Networking (SDN) that uses open protocols to provide centralized, programmatic control and network device monitoring.
Much as your operating system provides an interface for the devices that comprise your computer, OpenDaylight provides an interface that allows you to control and manage network devices.
Making the Network Visible.
sFlow® is an industry standard technology for monitoring high speed switched networks. It gives complete visibility into the use of networks enabling performance optimization, accounting/billing for usage, and defense against security threats.
DFIQ is a collection of Digital Forensics Investigative Questions and the approaches to answering them. The goal of the project is to build a comprehensive catalog of investigative knowledge to help drive consistent, thorough, and explainable investigations.
An open-source tool for controlling IPMI-enabled systems.
ipmitool is a utility for managing and configuring devices that support the Intelligent Platform Management Interface. IPMI is an open standard for monitoring, logging, recovery, inventory, and control of hardware that is implemented independent of the main CPU, BIOS, and OS.
FusionInventory is a software can help you to inventory your IT assets and do software deployment.
Open Source Network Management System.
OpenWISP is a modular network management system built on top of OpenWRT (but designed to allow supporting multiple embedded operating systems) that allows managing and automating several aspects of IT network deployment, monitoring and management.
Two-Factor Authentication for SSH with PAM Support (pam_duo).
Duo Unix includes a PAM module or alternatively a stand alone executable that can be used to protect programs such as SSH or Sudo.
Duo can be easily added to any Unix system to protect remote (SSH) or local logins with the addition of a simple pam_duo PAM module. It has been tested on Linux (RedHat, Fedora, CentOS, Debian, Ubuntu, Amazon Linux), BSD (FreeBSD, NetBSD, OpenBSD), Solaris, and AIX.