- Original path:
profiles/base/crypto.toml
# Cryptography Profile
# Detects cryptographic operations and weak crypto patterns
decode = ["base64", "hex"]
[[patterns]]
name = "MD5 Hash Usage"
pattern = "(?:MessageDigest\\.getInstance\\(\\s*[\"']MD5[\"']\\s*\\)|md5|MD5|hashlib\\.md5)"
type = "regex"
[[patterns]]
name = "SHA1 Hash Usage"
pattern = "(?:MessageDigest\\.getInstance\\(\\s*[\"']SHA-?1[\"']\\s*\\)|sha1|SHA1|hashlib\\.sha1)"
type = "regex"
[[patterns]]
name = "SHA256 Hash Usage"
pattern = "(?:MessageDigest\\.getInstance\\(\\s*[\"']SHA-?256[\"']\\s*\\)|sha256|SHA256|hashlib\\.sha256)"
type = "regex"
[[patterns]]
name = "AES Encryption"
pattern = "(?:getInstance\\([\"']AES[\"']\\)|AES|Cipher\\.getInstance\\([\"']AES)"
case-insensitive = true
type = "regex"
[[patterns]]
name = "DES Encryption (Weak)"
pattern = "(?:getInstance\\([\"']DES[\"']\\)|\\bDES\\b|Cipher\\.getInstance\\([\"']DES)"
type = "regex"
[[patterns]]
name = "3DES Encryption"
pattern = "(?:getInstance\\([\"']DESede[\"']\\)|3DES|TripleDES)"
case-insensitive = true
type = "regex"
[[patterns]]
name = "RSA Encryption"
pattern = "(?:getInstance\\([\"']RSA[\"']\\)|RSA|Cipher\\.getInstance\\([\"']RSA)"
type = "regex"
[[patterns]]
name = "SecretKeySpec"
pattern = "new\\s+SecretKeySpec\\("
type = "regex"
[[patterns]]
name = "KeyGenerator"
pattern = "KeyGenerator\\.getInstance\\("
type = "regex"
[[patterns]]
name = "Cipher getInstance"
pattern = "Cipher\\.getInstance\\("
type = "regex"
[[patterns]]
name = "ECB Mode (Insecure)"
pattern = "/ECB/"
type = "string"
[[patterns]]
name = "CBC Mode"
pattern = "/CBC/"
type = "string"
[[patterns]]
name = "GCM Mode"
pattern = "/GCM/"
type = "string"
[[patterns]]
name = "Random Number Generator"
pattern = "(?:SecureRandom|Random|random\\.randint|Math\\.random)"
type = "regex"
[[patterns]]
name = "Hardcoded Encryption Key"
pattern = "(?:key|secret)\\s*=\\s*[\"'][a-zA-Z0-9+/=]{16,}[\"']"
case-insensitive = true
type = "regex"
[[patterns]]
name = "Hardcoded IV"
pattern = "(?:iv|init.?vector)\\s*=\\s*[\"'][a-zA-Z0-9+/=]{16,}[\"']"
case-insensitive = true
type = "regex"
[[patterns]]
name = "PBKDF2"
pattern = "PBKDF2|PBEKeySpec"
type = "regex"
[[patterns]]
name = "BCrypt"
pattern = "bcrypt|BCrypt"
type = "regex"
[[patterns]]
name = "SCrypt"
pattern = "scrypt|SCrypt"
type = "regex"
[[patterns]]
name = "Argon2"
pattern = "argon2|Argon2"
type = "regex"
[[patterns]]
name = "Certificate File"
pattern = "-----BEGIN CERTIFICATE-----"
type = "string"
[[patterns]]
name = "SSL Context"
pattern = "SSLContext\\.getInstance\\("
type = "regex"
[[patterns]]
name = "TrustManager"
pattern = "TrustManager|X509TrustManager"
type = "regex"
[[patterns]]
name = "Signature Verification"
pattern = "Signature\\.getInstance\\("
type = "regex"
[[signatures]]
name = "Files Using Weak Crypto"
query = "SELECT DISTINCT sha256 FROM pattern_matches WHERE pattern_name IN ('MD5 Hash Usage', 'SHA1 Hash Usage', 'DES Encryption (Weak)', 'ECB Mode (Insecure)')"
[[signatures]]
name = "Files with Hardcoded Crypto Keys"
query = "SELECT sha256 FROM pattern_matches WHERE pattern_name LIKE 'Hardcoded%'"