the-bastion
smokescreen
the-bastion | smokescreen | |
---|---|---|
5 | 12 | |
1,424 | 1,035 | |
2.0% | 2.8% | |
8.7 | 6.5 | |
15 days ago | 9 days ago | |
Perl | Go | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
the-bastion
-
SSH With SSO
My company developed its own open source solution for that: https://github.com/ovh/the-bastion
-
Best jumphost software?
GitHub: https://ovh.github.io/the-bastion/
-
Internet access control and logging for each user on a multiuser remote access linux server
You can setup something like The Bastion https://github.com/ovh/the-bastion on some intermediate host. And your untrusted users will be connecting through it to your server. You will have their full tty session logged.
- Show HN: Automatic proxy setup for SSH'able boxes that have no network access
-
OVH NetSec Setup
I don’t know if that would fall into what you’re looking for: https://github.com/ovh/the-bastion
smokescreen
-
Show HN: Lockbox: forward proxy for making third party API calls
Also from Stripe
https://github.com/stripe/smokescreen
Smokescreen is a HTTP CONNECT proxy. It proxies most traffic from Stripe to the external world (e.g., webhooks).
Smokescreen restricts which URLs it connects to:
It uses a pre-configured hostname ACL to only allow requests addressed to certain allow-listed hostnames, to ensure that no malicious code is attempting to make requests to unexpected services.
-
Launched SSRF Proxy, Access insecure URLs from your server.
It is built on Elixir/Phoenix with live view and uses https://github.com/stripe/smokescreen and nextdns in the background.
-
Show HN: ssrfproxy.com – Simple SSRF Protection
I often need to make a HTTP request to a user supplied URL, but I then need to protect myself from SSRF attacks, such as users supplying URL's to "localhost:3000/protected-thing" etc. SSRF Proxy is hopefully the simplest and quickest way to get protection. Currently there is just a Node SDK but I will generate other languages soon.
It is built on Elixir/Phoenix with live view and uses https://github.com/stripe/smokescreen and nextdns in the background.
-
Convoy (v0.8) - Open Source Webhooks Proxy - Subscriptions Filtering, Static IPs, Portal Links, and much more! 🥳 🎉
Sometimes, webhooks consumers require providers to send webhooks from predefined IP addresses. In this release, Convoy ships with an HTTP connect proxy support to route webhooks traffic through a dedicated egress. With this, we can maintain the IP address of our cluster across all requests. To configure, we deploy mole(our fork of smokescreen) and configure convoy to use this proxy with this environment variable - HTTP_PROXY
- A Server Side Request Forgery protection library for Golang
-
If you embed zero trust into your app, vulnerabilities like Spring4Shell are far less scary
Nice. Looking more at it, looks like its a mix of wireguard and smokescreen maybe?
- stripe/smokescreen: A simple HTTP proxy that fogs over naughty URLs
- Show HN: Automatic proxy setup for SSH'able boxes that have no network access
-
Introduction to OWASP Top
> "https://github.com/stripe/smokescreen"
I don't understand why they built this.
The problem described here is solved by using a firewall. What else is there to it?
- Smokescreen: A simple HTTP proxy that fogs over naughty URLs (anti-SSRF)
What are some alternatives?
Gravitational Teleport - The easiest, and most secure way to access and protect all of your infrastructure.
baserunner - A tool for exploring Firebase datastores.
sshportal - :tophat: simple, fun and transparent SSH (and telnet) bastion server
convoy - The Cloud Native Webhooks Gateway
bless - Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
mole - Mole is an HTTP connect tunnel powered by smokescreen
fwknop - Single Packet Authorization > Port Knocking
ngx_http_ziti_module-
postgresqltuner - Simple script to analyse your PostgreSQL database configuration, and give tuning advice
smokescreen - An example of deploying Smokescreen on Fly.io
Cluster SSH - Cluster SSH - Cluster Admin Via SSH
warpgate - Smart SSH, HTTPS and MySQL bastion that requires no additional client-side software