A static analysis tool that extracts cryptographic parameters from codebases. It identifies crypto API calls and attempts to resolve parameter values through static analysis.
cargo build --releaseThe binary will be at target/release/crypto-extractor.
Analyze a single file:
crypto-extractor --path path/to/file.go --language goAnalyze a directory:
crypto-extractor --path path/to/project --language go--path <PATH>- Path to file or directory to analyze (required)--language <LANGUAGE>- Language (go, python, rust, javascript, typescript). Auto-detected for single files.--include-deps- Include dependencies (vendor/, node_modules/, etc.)--output <FORMAT>- Output format: json or cbom (default: json)-v, --verbose- Increase verbosity (-v info, -vv debug, -vvv trace)-q, --quiet- Suppress all output except errors
Analyze a Go project with dependencies:
crypto-extractor --path ./my-project --language go --include-depsAnalyze a Python file:
crypto-extractor --path src/crypto.py --language pythonSave output to file:
crypto-extractor --path ./project --language go > findings.jsonThe tool outputs JSON with the following structure:
{
"files_scanned": 217,
"total_calls": 518,
"total_configs": 36,
"findings": [
{
"file": "/path/to/file.go",
"line": 11,
"column": 10,
"function": "Sum",
"package": "md5",
"import_path": "crypto/md5",
"full_name": "md5.Sum",
"algorithm": "MD5",
"finding_type": "hash",
"operation": "hash",
"primitive": "hash",
"arguments": [
{
"index": 0,
"resolved": false,
"value": {
"unresolved": "not_implemented"
}
}
],
"raw_text": "md5.Sum([]byte(infraID))"
}
],
"configs": [
{
"file": "/path/to/config.go",
"line": 42,
"column": 5,
"struct_type": "TLSConfig",
"full_type": "crypto/tls.Config",
"package": "tls",
"import_path": "crypto/tls",
"fields": [
{
"field_name": "MinVersion",
"resolved": true,
"value": 771,
"classification_key": "tls_version"
}
],
"raw_text": "&tls.Config{MinVersion: tls.VersionTLS12}"
}
]
}files_scanned- Number of files analyzedtotal_calls- Total cryptographic function calls foundtotal_configs- Total crypto configuration structs foundfindings- Array of cryptographic function call findingsconfigs- Array of crypto configuration struct findings
file- Full path to the source fileline- Line number where the call occurscolumn- Column number where the call occursfunction- Function namepackage- Package nameimport_path- Full import pathalgorithm- Cryptographic algorithm identifiedfinding_type- Type of finding (hash, cipher, kdf, etc.)operation- Operation type (hash, encrypt, decrypt, etc.)primitive- Cryptographic primitivearguments- Array of function arguments with resolution statusraw_text- Original source code text
Arguments can be:
- Resolved:
{"resolved": true, "value": 2048}- Actual value extracted - Unresolved:
{"resolved": false, "value": {"unresolved": "reason"}}- Could not resolve - Partial:
{"resolved": false, "value": {"expression": "BASE + 1000", "partial": true}}- Expression extracted
- Go
- Python
- Rust
- JavaScript/TypeScript
The tool uses Tree-sitter to parse source code into ASTs, then applies resolution strategies to extract cryptographic parameters:
- Literal values - Direct constants
- Variable resolution - Finds variable declarations
- Function calls - Traces return values
- Binary expressions - Evaluates arithmetic operations
- Field access - Resolves struct/object fields
- Array/index access - Resolves array and map lookups
The tool uses API mappings to identify cryptographic functions and classify them by algorithm and operation type.