243 applications
mCaptcha screenshot thumbnail

mCaptcha

The CAPTCHA bargain - annoy your users and feed their behavior to Google - gets replaced with economics by mCaptcha. Instead of image puzzles, it uses SHA256 proof-of-work: every visitor's browser silently solves a small computational challenge (via a WebAssembly library) before submitting a form. Humans never notice the milliseconds; bots hammering your site must burn more compute sending requests than your server spends answering them, which makes attacks more expensive than defense - the property that also makes mCaptcha genuine DoS protection, not just bot filtering. Written in Rust, the system is fully automated: difficulty scales with traffic, so challenges stay trivial in normal conditions and harden under attack. The privacy and accessibility wins are structural rather than promised: no tracking, no profiling, no user-pattern data collection, and no visual puzzles that exclude users with visual or cognitive impairments - the design was published in Communications of the ACM. Rate limiting is IP-independent, so users behind NATs, VPNs, or Tor get the same experience instead of endless challenge loops, and proofs resist replay attacks, neutering captcha farms. Migration is deliberately easy: the API is compatible with reCAPTCHA and hCaptcha, making it a drop-in replacement. AGPL-licensed core with proprietary-friendly client libraries.

Deploy
Keila screenshot thumbnail

Keila

Among open-source Mailchimp alternatives, Keila has the most modern UI - built in Germany on Elixir and Phoenix (the PETAL stack), with GDPR-conscious defaults including an optional no-tracking mode, and 100% open source with no proprietary premium tier. Campaign authoring is flexible three ways: a visual block editor with multi-column layouts, Markdown with or without WYSIWYG for hybrid HTML-plus-plain- text sends, and raw MJML for hand-coded designs. The personalization system is unusually clean - every contact carries custom data as a single JSON object (populated from sign-up form fields or pushed from your CMS/CRM), and Shopify's Liquid template language renders it into fully dynamic emails. Targeting uses a visual segment editor backed by a powerful segment language for complex logic over tags, language preferences, and any custom field. Sign-up forms with custom fields grow your lists; open and click tracking measures campaigns; scheduled sending handles timing. Delivery pipes through your own SMTP or first-class integrations with AWS SES (including automated bounce handling), SendGrid, Mailgun, and Postmark. A full REST API manages contacts, campaigns, and segments, with Erlang/OTP reliability underneath. Comfortable at 100K+ subscribers. AGPL-licensed, EU-hosted project, actively developed.

Deploy
PowerDNS-Admin screenshot thumbnail

PowerDNS-Admin

Raw zone files and API calls become something a whole team can operate safely once PowerDNS-Admin puts its web interface in front of a PowerDNS authoritative server. It's a Python/Flask application covering full forward and reverse zone management, with the touches that matter in daily DNS work: zone templates for stamping out consistent new domains, easy IPv6 PTR record editing (reverse zones by hand are misery), full IDN/Punycode support for internationalized domains, and DynDNS 2 protocol support so routers and scripts can update records the way they would against a commercial dynamic-DNS service. Access control is enterprise-grade: local users, LDAP against OpenLDAP or Active Directory, SAML, and OAuth via Google, GitHub, Azure, or OpenID Connect, hardened with TOTP two-factor authentication. Role-based permissions extend to zone-specific access control - hand a developer their project's zone without exposing the rest of your namespace - and activity logging records who changed which record when, the audit trail bare PowerDNS never gives you. The dashboard monitors PDNS service configuration and statistics, and its own API exposes zone and record management for automation on top of the UI. Runs against MySQL/MariaDB or PostgreSQL, talking to PowerDNS through its REST API. MIT-licensed.

Deploy
Carbone screenshot thumbnail

Carbone

Document-generation code is the worst kind of code in your backlog - Carbone kills it. Its insight is separating design from data - templates are ordinary office documents (DOCX, ODT, XLSX, PPTX, HTML, even custom XML) built in LibreOffice, Microsoft Office, or Google Docs, with mustache-like markers such as {d.companyName} typed directly into the text. Send a template plus JSON from your existing APIs to the HTTP API, and Carbone returns the finished document - exported as-is or converted to PDF, XLSX, CSV, HTML, PNG, EPUB, and more via its integrated LibreOffice converter (Chromium and OnlyOffice engines are also supported for HTML-fidelity and office-format conversions). The template language goes well beyond substitution: loops over arrays render dynamic table rows, filters and aggregations run inside the document, and built-in formatters handle dates, numbers, currencies, timezones, and locales, with custom JavaScript formatters when needed. One template serves multiple languages through translation markers with auto-maintained translation files. The XML-agnostic engine means anything your document editor can design - pagination, headers, footers, nested tables, charts - survives generation intact, and Carbone guarantees no breaking changes in template syntax. Node.js-based, fast via multi-threaded LibreOffice conversion. The invoices, contracts, and reports your product owes its users become template edits, not sprints.

Deploy
PsiTransfer screenshot thumbnail

PsiTransfer

Upload files, get a share link, let it expire: PsiTransfer is a self-hosted WeTransfer with no accounts, no logins, and no third-party cloud with size caps and metadata harvesting. The engineering focus is large files over imperfect networks. Uploads use the tus.io resumable protocol, so a dropped connection on a multi-gigabyte video resumes exactly where it stopped once you're back online; downloads support HTTP range headers for the same resilience, and everything streams, so file size is bounded by your disk rather than memory. Files organize into upload buckets with retention you control: expire after a set time (up to weeks) or after a one-time download, with automatic cleanup when links lapse. Recipients need nothing installed - they open the link, preview files in modal views, and grab everything as a zip or tar.gz archive with one click. Buckets can be password-protected (AES-encrypted download lists), and security-through-obscurity is done properly: bucket URLs use hashed UUID tokens and stored filenames are replaced with UUIDs. An optional admin page (enabled by setting an admin password) lists bucket information and storage. The Vue.js frontend ships under 100 KB gzipped and is fully responsive. Honest caveat from the author: no end-to-end payload encryption yet. BSD-licensed, Docker-ready.

Deploy
Monetr screenshot thumbnail

Monetr

After the bills are covered, how much is actually safe to spend? monetr organizes an entire budgeting application around that one question. Inspired by the defunct Simple bank, it budgets paycheck by paycheck rather than month by month. Funding schedules encode when you get paid - including multiple schedules per account and a weekend-exclusion option for deposits that land early - and every expense or savings goal is tied to one. monetr then calculates how much of each recurring obligation (rent, car payment, subscriptions, on any repeat interval) to set aside from each paycheck, so a large bill never has to come out of a single check. What remains after allocations is surfaced as Free-To-Use, and a forecasting timeline projects contributions, due dates, and leftover funds forward so low-balance periods are visible before they happen. Transactions arrive either as OFX uploads from your bank or automatically through a Plaid connection using your own API credentials, keeping balances and transactions synced without manual entry. The app is mobile-friendly and installable as a PWA on desktop or phone. Self-hosting via Docker Compose is completely free, with all source code public and your financial data on your own hardware.

Deploy
Lingva Translate screenshot thumbnail

Lingva Translate

What Nitter was to Twitter and Invidious is to YouTube, Lingva Translate is to Google Translate: a privacy front-end delivering the service's full capability while cutting Google out of the loop between you and your text. Built on Next.js with TypeScript and Chakra UI, it uses the purpose-built Lingva Scraper to fetch translations from Google Translate without your browser ever touching a Google-related service - no cookies, no tracking, no account, while retaining what makes Google Translate hard to give up: 100+ languages with the translation quality of Google's production models, unlike offline engines that trade privacy for accuracy. The clean interface covers automatic source-language detection, text-to-speech audio playback for pronunciations, definitions and examples, and light/dark themes. For developers, every instance doubles as a translation API: a RESTful endpoint at /api/v1/:source/:target/:query returns JSON translations, an audio endpoint serves TTS buffers, and a full GraphQL API at /api/graphql exposes translations, audio, and language lists for richer integrations - all unmetered on your own instance. Deployment is a single stateless container with one environment variable for the site domain; defaults for theme and language pair are configurable. GPL-licensed, and popular as the translation backend for privacy-respecting apps.

Deploy
Hammond screenshot thumbnail

Hammond

When Clarkson, the once-popular fuel logger, stopped receiving updates, Hammond stepped in as its logical successor - a self-hosted vehicle expense tracker. Written in Go with a Vue.js interface and SQLite storage - a single lightweight container, no external database - it tracks every cost your vehicles generate: fuel fill-ups with cost, volume, and odometer readings; maintenance and repairs; and arbitrary other expenses, each attachable with photos and documents stored against the vehicle. The multi-user, multi-vehicle design is what sets it apart from phone apps: a household or small business adds all its vehicles and all its drivers, shares vehicles across users, and every fill-up lands in one ledger no matter who was driving. The Quick Entries feature respects how expenses actually happen - snap a photo of the receipt or pump screen at the gas station, then complete the structured entry later when you have a minute. Reporting works at both the vehicle level (cost per distance, fuel economy trends) and across the whole fleet. Migration matters here: importers for Clarkson, Fuelly, and Drivvo bring years of fill-up history along, so switching does not mean starting your data over.

Deploy
Ties screenshot thumbnail

Ties

A federated bookmark manager written in Rust: Ties (formerly linkblocks) is your own small corner of the web for saving, organizing, and sharing good pages, connected to the fediverse over ActivityPub. Instead of rigid folders, bookmarks live in arbitrarily nested lists that link together into a knowledge graph. Saved pages are fetched, converted to a readable archived version, and stored in the database, so full-text search covers titles, URLs, and the actual page text - and the content survives if the original disappears. The federation model is deliberately anti-viral: there is no global timeline and no algorithmic feed. You publish public lists for anyone, follow users whose taste you trust, and mark trusted users whose bookmarks become part of your search range - extendable to trusted-users-of-trusted-users for a wider net. Public bookmarks post to Mastodon timelines, and WebFinger lookup makes your handle discoverable across fediverse platforms. Operationally it is about as light as web software gets: a single binary with all assets baked in, integrated TLS so it can run without a reverse proxy, PostgreSQL as the only dependency, OIDC single sign-on, and a bookmarklet for one-click saves. Note the project is alpha: single-user instances only, and all data should be considered public. AGPL-3.0 licensed, built with Rust and htmx.

Deploy
Freescout screenshot thumbnail

Freescout

Unlimited agents, unlimited tickets, unlimited mailboxes, forever, on a $4 VPS - FreeScout's pricing inversion is why it became the most popular self-hosted Help Scout alternative, a PHP/Laravel help desk and shared inbox developed from scratch over eight years. The inbox deliberately behaves like Gmail or Outlook, so new support agents need close to zero training. The email-support core is genuinely complete: seamless IMAP/SMTP integration including modern Microsoft Exchange authentication, collision detection that warns when two agents open the same conversation, canned responses, auto-replies, internal notes, open tracking, starring, forwarding, merging, and moving conversations between mailboxes, phone-call logging, push notifications, and an auto-refreshing conversation list - plus screenshot pasting straight from the clipboard into replies. It's 100% mobile-friendly, fully screen-reader accessible, and translated into 28 languages. Beyond the core, an ecosystem of 100+ modules (mostly one-time $12-20 purchases) adds knowledge base, workflows with Gmail-filter-style automation rules, satisfaction ratings, time tracking, tags, custom fields, LDAP, Slack, WhatsApp and Telegram channels, and an API with webhooks - pay only for what your team needs. Web installer and updater included. AGPL-licensed.

Deploy
ClassicPress screenshot thumbnail

ClassicPress

WordPress without Gutenberg: ClassicPress, the community-led fork, keeps the TinyMCE classic editor as the default and strips the block editor and Full Site Editing out of core entirely. The result is roughly half WordPress's size - obsolete libraries like jQueryUI, Thickbox, and Flash support are gone, replaced by native HTML5 elements and modern alternatives like SortableJS - which translates to a measurably faster admin and a leaner attack surface. Forked from WordPress 6.2, it remains compatible with the vast plugin and theme ecosystem targeting that lineage (anything not requiring blocks generally works, helped by a blocks-compatibility mode), and the PHP-first WordPress API developers have used for over a decade works unchanged - no React required to extend your CMS. The fork adds its own improvements: built-in media categories and tags with bulk editing, revision management that lets you prune database bloat, native HTML5 dialogs for accessible touch-friendly menus, and recent releases bring APCu object-cache support, vanilla-JS core widgets, and performant translations. Governance is democratic and community-driven rather than corporate. For content sites, business sites, and blogs where the classic editing workflow is the feature, ClassicPress is stability as a philosophy.

Deploy
Fireshare screenshot thumbnail

Fireshare

The moment after ShadowPlay saves a great clip is what Fireshare was built for: your friends see it now, not after a YouTube upload, processing queue, and platform terms review. Drop videos into a watched folder and this Flask/React application generates a unique shareable URL for each one, complete with Open Graph metadata - so pasting the link into Discord, Twitter, or Slack produces a proper embed with title, description, and video thumbnail instead of a raw URL. Viewers need no account and no app. Visibility is per-file: public (browseable on your feed), private (unlisted, reachable only by direct link), or password protected. For game clips specifically, Fireshare organizes automatically - clips sort by game with cover art pulled from SteamGridDB, no manual tagging - while tags and full-library search cover everything else. Optional transcoding (CPU or GPU) creates lower-quality renditions so viewers on weak connections get automatic quality adaptation, and video cropping trims clips in place. The extras round out a genuinely finished tool: view counters, timestamped share links, a shuffle button, restrictable uploads, Discord notifications for new videos, an RSS feed of the public feed, mobile support, and LDAP for multi-user setups. No storage limits, no watermarks, no platform deciding what stays up. GPL-licensed.

Deploy
Chief-Onboarding screenshot thumbnail

Chief-Onboarding

New hires fail from information overload and IT bottlenecks, not lack of goodwill - the observation behind ChiefOnboarding, a free, open-source employee onboarding platform (Django, Celery, PostgreSQL, Redis). Its answer is sequences - drag-and-drop timelines that drip-feed to-do items, resources, courses, forms, and badges to each new hire, triggered by dates or by completing a previous item, so nobody faces everything at once. Onboarding starts before day one: preboarding pages welcome hires early, and colleagues can leave personal messages that appear there. The account provisioning module creates the new hire's Slack, Google, Asana, and other accounts automatically on the scheduled day via a library of integrations plus custom webhooks - the IT ticket queue never gets involved. Everything works through two equivalent interfaces: a full web dashboard and a Slack bot, either usable standalone. Slack can even auto-create new hire accounts when someone joins the workspace and assign default sequences with zero manual action. Colleague tasks with comments and collaboration, a searchable people directory, scheduled introductions, and per-hire timezone awareness (no 3 a.m. notifications) round it out. No trackers, no phoning home - third-party credentials sit in encrypted fields on your server.

Deploy
HumHub screenshot thumbnail

HumHub

Workplace and Yammer's pattern on your own server, with GDPR compliance by construction rather than contract: HumHub is an open-source enterprise social network from Germany. Built in PHP on Yii2, it organizes everything around four concepts. Users get rich profiles with follows and interactions. Spaces are the structural unit - rooms for departments, projects, events, or clubs, with per-Space permissions, notification settings, and email summaries, and operators can auto-map users into the right Spaces. Content covers posts, wiki pages, photos and video, events, and tasks, with multi-level comments, versioning, archiving, moderation reporting, and filterable full-text search across everything. Modules make it a platform: roughly 80 install-and-activate extensions including Calendar, Wiki, Polls, Tasks, Gallery, News, direct-message Mail, OnlyOffice document editing, Advanced LDAP, SAML and JWT SSO, a RESTful API, mass user import, Translation Manager, and a Theme Builder with custom pages - every one optional and toggleable at runtime. That module economy is why HumHub serves such varied deployments: corporate intranets, city governments, universities, political parties, and nonprofits all configure the same core differently. Requirements are a plain LAMP stack - PHP 8.1+ and MySQL/MariaDB - making it one of the easiest community platforms to operate long-term.

Deploy
Countly screenshot thumbnail

Countly

Mixpanel, OneSignal, and Crashlytics in one self-hosted stack - Countly is an all-in-one product analytics and engagement platform where every byte of first-party data stays on your server. A Node.js application over MongoDB, it collects through ten battle-tested SDKs spanning iOS, Android, web JavaScript, React Native, Flutter, Unity, and desktop (plus a data write API for anything else), and has powered tens of thousands of mobile, web, and desktop apps since 2012. The analytics core covers sessions, custom events, views, user profiles, and real-time dashboards, with exploration tools built for product managers as much as analysts. What separates Countly from pure analytics tools is acting on the data without third parties: built-in push notifications send automated, transactional, and personalized messages to iOS (APNs), Android (Firebase), and Huawei devices, with the SDK handling token retrieval and permission flows automatically; crash reporting captures symbolicated native crashes on iOS and Android plus JavaScript errors, correlated with the same user and session data. Email reports keep stakeholders updated, and the plugin-based architecture means features load as modules. For GDPR-sensitive products, engagement without piping user data to advertising companies is the entire point. AGPL-licensed server, installable in minutes.

Deploy
Papercups screenshot thumbnail

Papercups

Companies with privacy and security concerns about piping customer conversations through Intercom or Zendesk run Papercups - open-source live customer chat. The stack is a deliberate strength: an Elixir/Phoenix API over PostgreSQL, with real-time messaging powered by Phoenix Channels and Presence - the same BEAM foundation trusted by Discord and PagerDuty for fault-tolerant, low-latency messaging. Customers see a customizable chat widget that embeds in any site as an HTML snippet, a React component, or even inside React Native apps, with configurable colors, greetings, and away messages. Your team sees a dashboard for managing conversations - close, assign, and prioritize - with Markdown and emoji in replies. The killer workflow is the reply-channel integration: connect Slack or Mattermost and every customer conversation becomes a synced thread your team answers without leaving the tool they already live in, with two-way message syncing handled by webhooks. Email and SMS channels extend intake beyond the widget, an analytics dashboard tracks communication patterns, and the Storytime feature adds real-time screen sharing to watch users navigate while you help them. A documented API supports fully custom chat UIs in Svelte, Flutter, or Vue. MIT-licensed and GDPR-conscious - customer data stays in your PostgreSQL.

Deploy
Upvote RSS screenshot thumbnail

Upvote RSS

The antidote to doomscrolling: Upvote RSS turns Reddit, Hacker News, Lemmy, Lobsters, PieFed, Mbin, and trending GitHub repositories into calm, filtered RSS feeds. The MIT-licensed PHP app's killer feature is intelligent filtering: beyond simple score thresholds, the "posts per day" filter analyzes a community's recent history and computes the score cutoff that yields your target volume - say, exactly three r/technology posts daily - while a percentage-based threshold mode stays consistent as communities grow. Feeds are rich, not bare links: parsed full-article content via Readability (with optional Readability.js, Mercury, or Browserless for JavaScript-heavy pages), embedded videos and image galleries, top-voted comments with pinned-moderator filtering, scores, reading-time estimates, and optional AI summaries through Ollama, OpenAI, Gemini, Anthropic, Mistral, DeepSeek, or any OpenAI-compatible endpoint - with automatic provider fallback. A web UI builds the feed URL interactively with live preview; paste the result into any RSS reader. Reddit support includes custom domains like old.reddit.com plus NSFW filtering and blurring. Caching via filesystem, Redis, or APCu keeps repeated fetches cheap and avoids re-running paid summarizations.

Deploy
phpMyAdmin screenshot thumbnail

phpMyAdmin

Since 1998, phpMyAdmin has been the standard web interface for MySQL and MariaDB - the tool millions of developers, DBAs, and hosting companies reach for when a database needs inspecting, fixing, or migrating. Written in PHP, it covers effectively the entire administration surface: create, browse, alter, and drop databases, tables, views, columns, and indexes; insert and edit rows through a tabular editor; manage user accounts and granular privileges; and maintain stored procedures, triggers, and events - all without touching a command line. The SQL editor executes arbitrary queries with syntax highlighting, autocompletion, history, and bookmarkable statements, including batch queries. Import/export is a migration workhorse: read SQL, CSV, XML, and OpenDocument spreadsheets in; write out to SQL dumps, CSV, JSON, XML, PDF, Word, LaTeX, and more - the fastest path for moving a WordPress database or handing a schema to a colleague. The Designer view renders your schema as an interactive ER diagram with drag-and-drop relationship editing, and data transformations display BLOBs as images or download links inline. Server maintenance views surface configuration suggestions. Multi-server support, dark mode, and translations into 72 languages round out a tool that earns its ubiquity. GPL-licensed.

Deploy