Top 23 Java Security Projects

tink

2 10,960 9.6 Java

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Latest mention: Building a Secure Signed JWT | reddit.com/r/programming | 2021-01-15

appears to be focused on cryptography and not token signing. Maybe more of a complement? I did see a section about digital signing: https://github.com/google/tink/blob/master/docs/PRIMITIVES.md#digital-signatures and don't see any reason you couldn't integrate tink to sign JWTs.
zaproxy

0 8,136 8.7 Java

The OWASP ZAP core project
keycloak

0 7,967 9.5 Java

Open Source Identity and Access Management For Modern Applications and Services
jjwt

1 7,143 5.5 Java

Java JWT: JSON Web Token for Java and Android

Latest mention: JWT authentication in Spring Security and Angular | dev.to | 2020-09-14

There are many open-source JWT implementations available for all languages. In this blog post, we use Java jjwt library in this blog post.
spring-security

0 5,588 9.5 Java

Spring Security
graylog2-server

0 5,587 9.9 Java

Free and open source log management
cryptomator

1 4,957 9.3 Java

Multi-platform transparent client-side encryption of your files in the cloud

Latest mention: Cryptopmator vs Veracrypt using with Resilio Sync | reddit.com/r/Cryptomator | 2021-01-04

Why does Cryptomator (GPL-3.0 License) have to be replaced with VeraCrypt to be completely open source?
shiro

0 3,325 7.4 Java

Apache Shiro
DependencyCheck

1 2,750 9.5 Java

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Latest mention: Weekly Developer Roundup #16 - Sun Oct 04 2020 | dev.to | 2020-10-03

jeremylong/DependencyCheck (Java): OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
keywhiz

0 2,341 8.3 Java

A system for distributing and managing secrets
MifareClassicTool

1 2,221 9.1 Java

An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.

Latest mention: Store NFC-cards in app | reddit.com/r/fossdroid | 2020-12-21

Do you know what types of cards they are? Can you read them with https://github.com/ikarus23/MifareClassicTool/ ? What does https://play.google.com/store/apps/details?id=com.nxp.taginfolite&hl=en&gl=US say about them?
pac4j

0 1,949 9.2 Java

Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
supertokens-core

0 1,829 0.0 Java

Open source alternative to Auth0 / Firebase Auth / AWS Cognito
libsignal-protocol-java

0 1,440 0.0 Java

Signal Protocol library for Java/Android
bc-java

1 1,337 9.4 Java

Bouncy Castle Java Distribution (Mirror)

Latest mention: Dozens sue Amazon's Ring after camera hack leads to threats and racial slurs | reddit.com/r/technology | 2020-12-23

Recently there was a constant time enhancement in bouncy castle that added a comparison using indexOf instead of charAt. Fairly easy to overlook, although glaring in hindsight, if there are no negative tests covering the functionality.
jcasbin

0 1,276 6.4 Java

An authorization library that supports access control models like ACL, RBAC, ABAC in Java
nzyme

1 503 3.8 Java

Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

Latest mention: My Inlaws Wifi Is Being Spoofed By Their | reddit.com/r/techsupport | 2020-12-31
play-pac4j

0 373 7.5 Java

Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
NMapGUI

1 307 0.6 Java

Advanced Graphical User Interface for NMap

Latest mention: Network Scan | reddit.com/r/msp | 2021-01-06

With nmap scan results, it's up to you to convert the data to anything other than text. Zenmap is a GUI frontend for the scanner, and can do a bit of graphic mapping, but it's really showing its age. https://github.com/danicuestasuarez/NMapGUI might be a better use of your time.
AuthMeReloaded

1 285 7.3 Java

The best authentication plugin for the Bukkit/Spigot API!

Latest mention: Online mode = false // Any way to configure it to allow Premium skins? | reddit.com/r/admincraft | 2021-01-19

AuthMe Reloaded has this option if I remember correctly. Link: https://github.com/AuthMe/AuthMeReloaded
apg

0 238 0.0 Java

OpenPGP for Android
kalium

0 204 0.0 Java

Java binding to the Networking and Cryptography (NaCl) library with the awesomeness of libsodium
nbvcxz

0 198 4.1 Java

Password strength estimator

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-01-19.

Index

What are some of the best open-source Security projects in Java? This list will help you:

	Project	Stars
1	tink	10,960
2	zaproxy	8,136
3	keycloak	7,967
4	jjwt	7,143
5	spring-security	5,588
6	graylog2-server	5,587
7	cryptomator	4,957
8	shiro	3,325
9	DependencyCheck	2,750
10	keywhiz	2,341
11	MifareClassicTool	2,221
12	pac4j	1,949
13	supertokens-core	1,829
14	libsignal-protocol-java	1,440
15	bc-java	1,337
16	jcasbin	1,276
17	nzyme	503
18	play-pac4j	373
19	NMapGUI	307
20	AuthMeReloaded	285
21	apg	238
22	kalium	204
23	nbvcxz	198