Open-Source Cybersecurity Tools: Perimeter / Zero Trust Security

← Back to Open-Source Cybersecurity Tools Hub | Full Open Source Catalog | Main Atlas

This category contains 7 documented tools. It focuses on capabilities used for policy-based access control, segmentation, and egress monitoring. Use this section when building shortlists, comparing operational tradeoffs, and mapping controls to detection/response ownership.

Category Evaluation Checklist

  • Coverage depth against your highest-priority threats and compliance obligations.
  • Operational overhead for deployment, tuning, and long-term maintenance.
  • Signal quality versus analyst workload and false-positive pressure.
  • Integration fit with SIEM, ticketing, identity, cloud, and engineering workflows.
  • Governance readiness including auditability, ownership clarity, and change control.

Jump by Name

A | I | L | O | T | W

Letter A

This letter section contains 1 tools.

acra

  • Website: https://github.com/cossacklabs/acra
  • Model: Open Source
  • Category: Perimeter / Zero Trust Security
  • Source Lists: Awesome Security, Awesome Web Security

What it does: acra is used in perimeter / zero trust security programs to support policy-based access control, segmentation, and egress monitoring. Source summaries describe it as: Database security suite: proxy for data protection with transparent "on the fly" data encryption, data masking and tokenization, SQL firewall (SQL injections prevention), intrusion detection system.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Web Security > Tools > Preventing.

Back to Name Jump

Letter I

This letter section contains 1 tools.

IPsec VPN Server Auto Setup Scripts

  • Website: https://github.com/hwdsl2/setup-ipsec-vpn
  • Model: Open Source
  • Category: Perimeter / Zero Trust Security
  • Source Lists: Awesome Cybersecurity Blue Team

What it does: IPsec VPN Server Auto Setup Scripts is used in perimeter / zero trust security programs to support policy-based access control, segmentation, and egress monitoring. Source summaries describe it as: Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > Transport-layer defenses > Overlay and Virtual Private Networks (VPNs).

Back to Name Jump

Letter L

This letter section contains 1 tools.

LuLu

  • Website: https://objective-see.com/products/lulu.html
  • Model: Open Source
  • Category: Perimeter / Zero Trust Security
  • Source Lists: Awesome Cybersecurity Blue Team

What it does: LuLu is used in perimeter / zero trust security programs to support policy-based access control, segmentation, and egress monitoring. Source summaries describe it as: Free macOS firewall.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > macOS-based defenses.

Back to Name Jump

Letter O

This letter section contains 1 tools.

OWASP ZAP

  • Website: https://www.owasp.org/index.php/Projects/OWASP_Zed_Attack_Proxy_Project
  • Model: Open Source
  • Category: Perimeter / Zero Trust Security
  • Source Lists: Awesome CTF

What it does: OWASP ZAP is used in perimeter / zero trust security programs to support policy-based access control, segmentation, and egress monitoring. Source summaries describe it as: Intercepting proxy to replay, debug, and fuzz HTTP requests and responses.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Web.

Back to Name Jump

Letter T

This letter section contains 2 tools.

Tailscale

  • Website: https://tailscale.com/
  • Model: Open Source
  • Category: Perimeter / Zero Trust Security
  • Source Lists: Awesome Cybersecurity Blue Team

What it does: Tailscale is used in perimeter / zero trust security programs to support policy-based access control, segmentation, and egress monitoring. Source summaries describe it as: Managed freemium mesh VPN service built on top of WireGuard.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > Transport-layer defenses > Overlay and Virtual Private Networks (VPNs).

Back to Name Jump

Threat Hunting Techniques - AV, Proxy, DNS and HTTP Logs

  • Website: https://www.cyberhuntz.com/2016/08/threat-hunting-techniques-av-proxy-dns.html
  • Model: Open Source
  • Category: Perimeter / Zero Trust Security
  • Source Lists: Awesome Threat Detection

What it does: Threat Hunting Techniques - AV, Proxy, DNS and HTTP Logs is used in perimeter / zero trust security programs to support policy-based access control, segmentation, and egress monitoring. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Threat Detection and Hunting > Resources.

Back to Name Jump

Letter W

This letter section contains 1 tools.

WireGuard

  • Website: https://www.wireguard.com/
  • Model: Open Source
  • Category: Perimeter / Zero Trust Security
  • Source Lists: Awesome Cybersecurity Blue Team

What it does: WireGuard is used in perimeter / zero trust security programs to support policy-based access control, segmentation, and egress monitoring. Source summaries describe it as: Extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Cybersecurity Blue Team > Transport-layer defenses > Overlay and Virtual Private Networks (VPNs).

Back to Name Jump