Skip to content

0x101-Cyber-Security/NetLock-RMM

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

210 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

NetLock RMM Logo

NetLock RMM

Open-Core Remote Monitoring & Management for MSPs and IT Teams

Website Documentation Live Demo Pricing Discord GitHub Roadmap Security License


⏸️ Public commits are currently paused β€” but NetLock RMM is actively developed

Development has not stopped β€” quite the opposite. NetLock RMM is being actively built and shipped every day; we have simply paused public commits to this repository while we curate what we publish under our open-core model. New releases, features and fixes keep coming. This decision follows repeated license violations β€” startups copying the project and using AI to re-implement it to sidestep the AGPL. Read the full background in our πŸ”“ Open Core statement below and the founder's story.


⭐ If NetLock RMM is useful to you, please star this repo β€” it helps others discover the project!

What is NetLock RMM?

NetLock RMM is an open-core Remote Monitoring & Management platform built for Managed Service Providers and internal IT teams, with a strong focus on cybersecurity. Lightweight cross-platform agents stream telemetry to a self-hostable server so you can monitor, manage and remotely support your entire fleet from a single web console.

Whether you run NetLock RMM in the cloud, on-premises, in Docker / Kubernetes, or in fully isolated / air-gapped environments β€” and whether you manage ten endpoints or ten thousand β€” NetLock RMM gives you the visibility, automation and remote tooling that modern IT operations demand, without per-seat license fees.

Built on C# / .NET, Blazor, ASP.NET Core and SignalR for performance, scalability and a native cross-platform agent experience.


🧭 Our Story & Philosophy

NetLock RMM is not a "vibe-coded" weekend project and it is definitely not AI slop.

  • 2021 β€” The very first NetLock RMM prototype was built as a proof of concept.
  • Early 2022 β€” Full-scale development of NetLock RMM officially started.
  • End of 2024 β€” The current open-source version of NetLock RMM was publicly released.

Years of real engineering, real architectural decisions and real production usage went into this platform long before the current AI hype cycle. We are aware that AI will permanently change how software is built, and we do adopt it where it sensibly accelerates our work β€” but every security-relevant and architectural decision in NetLock RMM is designed, reviewed and implemented by humans, by hand, without AI. That is a hard rule for us, and it is not negotiable.

πŸ”“ Open Core β€” and Why It Changed

We made NetLock RMM open for one simple reason: maximum transparency and trust. An RMM agent runs with high privileges on every endpoint it touches β€” you should never have to take a vendor's word for what that agent does. With NetLock RMM you can read the source of the core, audit the network traffic, verify that there is no hidden telemetry, and convince yourself (and your customers, and your auditors) that the platform behaves exactly the way it claims to.

NetLock RMM originally launched fully under the AGPL, because transparency matters to us. Over time, though, we watched startups copy the project outright β€” and increasingly use AI to re-implement its logic in another language to sidestep the license entirely, profiting from the work without giving anything back.

So in 2026 we made a deliberate decision to move to an open-core model: the core stays open under the AGPL, but not every feature's source is published. Anyone who wants to can still build on the open core, and fair pricing stays central β€” with the v3 release, the cloud version actually became cheaper.

Want to audit the security of NetLock RMM against the full, current codebase? If you are a genuine security-audit / pentesting company or a government institution, we gladly invite you to perform audits on the complete and up-to-date codebase, on-site within our company. Transparency does not stop at the open core β€” it extends to giving qualified auditors real, verifiable access to everything that matters.

Practically, this means we now publish selected parts of the codebase to this public repository β€” and further parts on request β€” rather than mirroring everything in real time. Our internal codebase has evolved very significantly since the early open-source days, and curating what we publish lets us harden security while still giving the community, customers and auditors a real, verifiable view into how NetLock RMM works.

None of this changes our mission: we want to be the fairest and still most transparent RMM vendor on the market β€” with very fair, very low pricing, solid engineering, first-class support, and all of it built and run from Germany πŸ‡©πŸ‡ͺ.

Transparency is still how we earn β€” and keep β€” your trust.

πŸ“– Read the full reasoning behind this decision in the founder's story: netlockrmm.com/company/about


✨ Features at a Glance

350+ ready-made sensors Β β€’Β  85+ features Β β€’Β  100+ granular permissions Β β€’Β  53 report templates Β β€’Β  9 console languages Β β€’Β  3 platforms Β β€’Β  0 hidden telemetry

NetLock RMM is a full-stack platform β€” monitoring, automation, remote access, patching, software deployment, ticketing, reporting and security tooling all in one console. Here's the high-level map:

Category What You Can Do
πŸ–₯️ Cross-Platform Agents Code-signed one-click installer for Windows (7 β†’ 11 / Server 2012 β†’ 2025), Linux (Ubuntu, Debian, RHEL, CentOS Stream, Fedora, Proxmox) and macOS (Ventura β†’ Sequoia). Both x64 and ARM64. Agents auto-update and self-heal.
🧩 Multi-Tenancy Unlimited tenants, locations and groups with full isolation β€” no per-tenant fees. Perfect for MSPs juggling many customers from one console, with unified cross-tenant reporting.
πŸ‘₯ Users, Roles & SSO 100+ granular permission settings, importable role templates, two-factor authentication (TOTP) and Single Sign-On (SAML & OIDC) via Keycloak, Entra ID, Auth0 or Okta. Per-user auth modes (password / SSO / both / enforced 2FA).
πŸ›‘οΈ Flexible & Scalable Architecture Run everything on a single box, or split the 8 server roles (Comm, Update, Trust, Remote, Notification, File, LLM, Relay) across machines for HA. Fallback servers per role and full reverse-proxy support. A 2-core / 8 GB server handles 5,000+ devices.
πŸš€ Streamlined Setup Server and Web Console ship as a standalone Kestrel-based binary β€” no Apache, no IIS, no fuss. Run it on bare metal, in Docker or in Kubernetes, with a custom 1-click Install Builder (GPO / Intune / MDM scripts).
πŸ› οΈ Powerful Remote Tools Real-time remote shell (PowerShell / Bash / Zsh / Python3, classic + VT100/ANSI, run-as-user, bulk execution), file browser, task manager, service manager, remote registry, Windows Event Log viewer, Wake-on-LAN and instant shutdown / reboot.
πŸ–±οΈ Remote Screen Control TeamViewer-grade remote control for Windows & Linux. H.264 adaptive streaming, multi-monitor & virtual-display switching, multi-operator session switching (incl. RDP/RDS), unattended + attended access, user chat, Ctrl+Alt+Del, session recording, keystroke injection β€” with an optional 2FA gate on remote actions.
πŸ”— E2E-Encrypted Relay Tunnel RDP, SSH, MySQL, VNC or any TCP service through the Relay App β€” no port forwarding, no exposed ports. Use your own tools (DBeaver, native RDP, PuTTY) or reach internal web apps and LAN devices through a jump host.
🎧 Custom User Tray Icon & Chat Deploy a white-label tray icon with custom logo, interface texts and action buttons (open URL / run command), a built-in support chat, and an optional end-to-end-encrypted end-user AI chat.
🧾 Inventory & Hardware Monitoring Software & hardware inventory, CPU, RAM, drives, network adapters, drivers, services, scheduled tasks, logon history and more β€” across Windows, Linux and macOS.
πŸ“‘ Monitoring & Sensors 350+ ready-made sensors plus custom RegEx script sensors (PowerShell / Bash / Zsh / Python3). Utilization, process, service, ping, Windows Event Log, SNMP (v1 / v2c / v3) and port-scanner sensors, with counter-based triggers, spam-prevention and auto-reset. 28 monitored vendors out of the box.
🌐 Website & Uptime Monitoring Server-side HTTP/HTTPS checks with SSL-expiry (30/14/7/3-day) alerts, DNS record monitoring, content & defacement detection, response-time history (24h / 7d / 30d) and a full incident timeline with smart root-cause detection.
βš™οΈ Automation & Jobs Jobs for scheduled PowerShell, Bash, Zsh and Python scripts with retry logic, timeouts and a shared script library. Attach scripts to sensors for self-healing and escalation. Import community scripts.
πŸ“œ Policy Management Auto-assign policies by tenant, location, group, domain, IP or device name with a clear most-specific-wins hierarchy. Define and enforce antivirus, notification, sensor, patch and job policies.
🩹 Patch Management Patch Windows, Linux, macOS & Docker β€” plus third-party apps via winget, Chocolatey & Flatpak. Approval workflows, severity-based SLA windows, deployment rings, Patch-Tuesday-relative scheduling, smart maintenance windows, reboot handling and automatic rollback on failure-rate thresholds.
πŸ“¦ Software Deployment & App Hub Deploy from a catalogue sourced from Winget, Flathub, Chocolatey or custom scripts. A 4-step wizard targets devices/groups/locations/tenants with run modes, scheduling, retries and per-device status & attempt history.
πŸ›‘οΈ Application Control (Windows) In-house default-deny allowlisting engine matching path, version info, SHA256/SHA512 hashes and certificate details β€” approve pending apps straight into allow rules.
πŸ”Œ USB Device Control (Windows) Allowlist devices by vendor ID, product ID, serial or device class, with approval scopes from a single device up to global, across 10 recognised device classes.
πŸ›‘οΈ Antivirus & Firewall Manage Microsoft Defender Antivirus, monitor firewall status, and drive the Linux UFW Firewall Manager (policy-based with drift re-apply) β€” all enforced through policies.
🎫 Ticketing, Helpdesk & CRM Optional helpdesk module with multi-department IMAP/SMTP, SLA engine, time tracking (auto + manual, billable rounding), labels, templates, per-department webhooks, a native CRM with tenant linkage and a statistics dashboard.
πŸ“‘ Reports 53 pre-built templates plus a visual query builder and raw-SQL "God Mode". Metric / chart / table / text widgets, brand templates, 6 schedule frequencies and export to PDF, HTML, CSV or JSON via download, email or webhook.
🧩 Custom Fields & Dashboards Build whole device-page tabs from manual input, job results (RegEx-parsed) or SQL β€” with action buttons. Per-user custom dashboards with drag-and-resize chart & table panels on a 12-column grid.
πŸ“Š Dashboards & Event Viewer Centralised dashboards with statistics, unread events and a powerful event browser with severity-based filtering.
πŸ•΅οΈ Auditing Append-only, immutable audit log covering 10 action categories across 18 entity types with severity levels, tenant scoping, rich filters and JSON/CSV export.
πŸ€– NetLock AI OpenAI-API-compatible LLM connector (OpenAI, Claude or self-hosted models) wired into the script editor, remote shell, event-log viewer, ticketing and auditing β€” with file attachments, streaming markdown and per-tenant token budgets.
πŸ”” Event Notifications Get alerted via Email, Microsoft Teams, ntfy.sh, Telegram or custom webhooks with templated variables and priority-based routing.
πŸ“ Integrated File Server Host your favourite scripts and tools directly inside NetLock RMM and reference them from your jobs, with 1-click custom installers per platform.
πŸ—ΊοΈ Device World Map Visualise your whole fleet on a map using bundled, offline GeoIP β€” no third-party lookups.
🎨 White-Label Branding Theme every colour, logo and title; brand the tray icon, support chat and screen-control prompts; set a custom login background (image/video) β€” and share signed white-label themes with the community.
πŸ› οΈ Maintenance Mode Manual or scheduled weekly maintenance windows that suppress notifications while you work.
πŸ” Code Signing Every edition β€” including Community β€” ships code-signed Windows agents and installers (x64 & ARM64): SmartScreen-safe, verified-publisher, tamper-evident.
πŸ” Security by Design Agent handshake so only authorised agents talk to your server, Trust Server supply-chain hash verification, RAM-based encrypted package delivery, Web Console & backend IP restriction, outbound-only agents, full data sovereignty through self-hosting and end-to-end encryption for relay connections. No hidden telemetry β€” verify it yourself in the source.

Looking for the full feature list? Head over to netlockrmm.com/docs/features.


πŸ—οΈ Architecture

NetLock RMM is built on a modular role-based architecture so you can scale individual components independently.

Component Technology
Web Console Blazor Server + MudBlazor
Server ASP.NET Core (Kestrel) + SignalR
Agents C# / .NET β€” Windows, Linux, macOS (x64 & ARM64)
Realtime Transport SignalR over WebSockets
Database MySQL
Relay Standalone end-to-end encrypted tunnel app
flowchart LR
    A[Browser / Admin UI] -- HTTPS --> B[Reverse Proxy]
    B -- HTTP --> C[NetLock Web Console - Blazor]
    B -- HTTP --> S[NetLock Server Roles]
    C -- TCP --> D[(MySQL)]
    S -- TCP --> D
    E[Agents - Windows / Linux / macOS] -- HTTPS / SignalR --> B
    R[Relay App] <-- E2E Encrypted --> B
Loading

🎟️ Editions & Members Portal

NetLock RMM is built for enterprises, MSPs, MSP startups and any organisation that takes a secure, professional platform seriously. To serve everyone β€” from a homelab tinkerer to a fully managed service provider running thousands of endpoints β€” we offer NetLock RMM in three editions, all managed through our Members Portal:

Edition Hosting Who it's for Device limit
πŸ†“ Community Edition Self-hosted Homelabs, evaluators, small teams, anyone who wants to try or run NetLock RMM for free. The open-core platform, all core features, no per-seat fees. Community support via Discord and GitHub Issues. Up to 25 devices
πŸ’Ό Self-Hosted Paid Self-hosted Enterprises, MSPs and businesses that want to run NetLock RMM in their own infrastructure but need an SLA-backed professional partner. Includes professional support directly from the maintainers and prioritised handling. Unlimited β€” no device cap
☁️ Cloud-Hosted Edition Hosted by us Organisations that want NetLock RMM up and running without managing any infrastructure. We handle provisioning, updates, backups, scaling and uptime β€” you focus on managing your fleet. Per-package limit β€” pick the tier that fits your fleet

πŸ‘‰ See the full plan comparison and pricing at netlockrmm.com/pricing

Why a Members Portal?

The Members Portal is the professional interface between the NetLock RMM community, the businesses that depend on the platform, and us as the maintainers. It's where you manage your subscription and licence, access professional support, run the live demo, and interact with the team in a structured way that scales beyond a Discord channel β€” without ever locking the open core behind a paywall.

The core stays open under the AGPL. The portal exists so that the people who need a professional vendor relationship can have one.

⚑ The Cloud-Hosted Edition is by far the easiest way to deploy and maintain NetLock RMM. Provisioning, updates, backups and infrastructure are all handled for you β€” no Docker, no reverse proxy, no maintenance windows. Just sign up and start enrolling agents. See netlockrmm.com/docs/install for the full installation guide and all available deployment paths.


πŸš€ Get Started

Option 1 β€” Try the Live Demo

Want to play with NetLock RMM before installing anything? Spin up an instant demo session:

πŸ‘‰ members.netlockrmm.com/demo

Option 2 β€” Cloud-Hosted Edition (easiest)

The fastest, most reliable way to get a production-ready NetLock RMM up and running. We host and maintain the platform for you β€” provisioning, updates, backups, scaling and uptime are all taken care of, so you can focus on managing your fleet instead of the tooling behind it. Pick the package that matches your device count and you're live in minutes.

πŸ‘‰ See plans at netlockrmm.com/pricing

Option 3 β€” Self-Host It

Prefer to run everything yourself? NetLock RMM can be self-hosted via Docker, on bare metal or in fully air-gapped environments. The full step-by-step installation guide covers every supported deployment path:

πŸ‘‰ Installation Guide β€” netlockrmm.com/docs/install

Common deployment paths:

  • Docker / Docker Compose β€” quickest way to self-host
  • Air-gapped / offline β€” fully supported for isolated environments

After installation, open your console URL in the browser and follow the first-time admin setup.


πŸ“š Documentation

Full documentation β€” including installation guides, agent management, policies, sensors, jobs lives at:

πŸ‘‰ netlockrmm.com/docs


πŸ’¬ Community & Support


πŸ—ΊοΈ Roadmap

We publish our roadmap publicly so you can follow what's next:

πŸ‘‰ netlockrmm.com/roadmap


πŸ’‘ Feature Requests & Contributions

We love hearing from the people who actually use NetLock RMM β€” your feedback shapes the roadmap. There are two great ways to suggest a new feature, report a bug or share an idea:

  • πŸ› GitHub Issues β€” open an issue for bug reports and feature requests
  • πŸ’¬ Discord Wishlist β€” drop your idea in the #wishlist channel on our Discord server

A Note on Code Contributions

We do not accept external code contributions (Pull Requests) at this time.

This is a deliberate, considered decision β€” not laziness and not gatekeeping:

  • NetLock RMM follows a strict internal development plan and tightly controlled architecture. Drive-by PRs make that plan very hard to keep coherent.
  • Every line of code that runs on customer endpoints with elevated privileges has to meet our security and quality bar. Reviewing the current flood of AI-generated, low-context "AI slop" PRs would consume more time than it saves.
  • All security-relevant and architectural code is written and reviewed by us personally, by hand, without AI β€” and we want to keep that promise honest.

If you have an idea, please open an issue or post in the Discord wishlist. We read every single one, and many features in NetLock RMM today started exactly that way.

πŸ“– Read the full policy in CONTRIBUTING.md β€” including how to write a great bug report, how to suggest features, and the detailed reasoning behind the no-PR policy.

Repository Layout

Folder What lives there
NetLock-RMM-Web-Console/ Blazor Server admin UI (MudBlazor)
NetLock-RMM-Server/ ASP.NET Core / Kestrel server roles
NetLock RMM Agent Comm/ Cross-platform agent β€” communication core
NetLock RMM Agent Health/ Agent health watchdog
NetLock RMM Agent Remote/ Remote control / remote screen agent
NetLock RMM Agent Installer/ Agent installer (CLI)
NetLock RMM Agent Installer GUI/ Agent installer (GUI)
NetLock RMM Tray Icon/ White-label end-user tray icon & chat
NetLock-RMM-User-Process/ User-context companion process
NetLock RMM Relay App/ End-to-end encrypted relay tunnel app
Community Events Games/ Community challenges & events

πŸ“œ License

See LICENSE for details.


Built with ❀️ for the open-source IT community.

If NetLock RMM helps you secure or run your infrastructure, please consider starring the repo β€” it really does help others find the project.

Website Discord GitHub Documentation

Happy monitoring! πŸ₯³

About

The open-core RMM from Germany

Resources

License

Security policy

Stars

363 stars

Watchers

10 watching

Forks

Contributors