Your crypto is broken.
CryptoLint finds it.

Find weak algorithms, hardcoded keys, insecure encryption modes, bad RNGs, timing vulnerabilities, and TLS misconfigs — before they reach production.

Get Started Free Get Pro
$ clawhub install cryptolint click to copy
cryptolint scan
$ cryptolint scan ./src
🔐 CryptoLint v1.0.0
 
Scanning 96 files across 5 directories...
 
  auth/hash.js:23
    ✗ [CRITICAL] WA-001: MD5 used for password hashing
    → Use bcrypt, scrypt, or Argon2 for password hashing
 
  config/crypto.ts:8
    ⚠ [HIGH] KM-003: Hardcoded encryption key in source code
    → Move keys to environment variables or a key management service
 
  services/encrypt.js:45
    ⚠ [HIGH] EM-002: ECB mode used for AES encryption
    → Switch to AES-GCM or AES-CBC with HMAC authentication
 
  utils/token.ts:12
    ● [MEDIUM] RN-001: Math.random() used for security token
    → Use crypto.randomBytes() or crypto.getRandomValues()
 
  middleware/auth.js:67
    ○ [LOW] TC-005: String comparison for HMAC verification
    → Use crypto.timingSafeEqual() for constant-time comparison
 
  ────────────────────────────────────────────────
  Files scanned: 96  |  Issues: 1 critical  2 high  1 medium  1 low
  Score: 58/100 (Grade: F)
 
  Run cryptolint scan --fix to apply auto-fixes, or cryptolint report for full HTML report.

Weak crypto doesn't just fail — it leaks everything.

MD5 for password hashing. Hardcoded encryption keys. ECB mode everywhere. Math.random() for tokens. When the breach hits, it starts here. CryptoLint scans your entire codebase for cryptographic anti-patterns and vulnerabilities so your secrets stay secret.

90
Detection checks
6
Check categories
All
Languages supported
100%
Local — zero telemetry

What CryptoLint Catches

90 checks across 6 categories, covering every aspect of cryptographic security and best practices.

WA
🚫

Weak Algorithms

Detects MD5, SHA-1, DES, 3DES, RC4, Blowfish, weak PBKDF2 iterations, deprecated TLS cipher suites, and any broken cryptographic primitives still lurking in your codebase.

15 checks
KM
🔑

Key Management

Finds hardcoded encryption keys, static IVs and salts, short key lengths, keys committed to source code, zero IVs, and missing key rotation mechanisms across your project.

15 checks
EM
🔒

Encryption Modes

Catches ECB mode usage, CBC without authentication, raw RSA without padding, deprecated createCipher calls, nonce reuse, and unauthenticated encryption patterns.

15 checks
RN
🎲

Random Number Generation

Detects Math.random() for security contexts, java.util.Random for crypto, time-seeded RNGs, predictable seeds, insufficient entropy sources, and non-CSPRNG usage for tokens.

15 checks
TC

Timing & Comparison

Catches string equality for hash comparison, == for HMAC verification, non-constant-time comparisons, early-return timing leaks in authentication, and unsafe equality checks.

15 checks
CP
📜

Certificate & Protocol

Finds SSL/TLS verification disabled, hostname check bypassed, insecure protocol versions, HTTP in authentication flows, weak cipher suites, and certificate pinning issues.

15 checks

CryptoLint Free vs. Pro vs. Team

Choose the plan that matches your cryptographic security needs.

Feature Free Pro Team
Detection checks 30 60 90 (all)
Weak Algorithm checks
Key Management checks
Encryption Mode checks
Random Number Generation
Timing & Comparison
Certificate & Protocol
Terminal report
JSON report
HTML report
Category filtering
Verbose output
CI/CD integration
Custom rules
Support Community Email Priority

Simple, transparent pricing

Start scanning for free. Upgrade when your cryptography demands it.

Free
$0/mo
For solo developers who want basic crypto hygiene.
  • 30 detection checks
  • Weak Algorithm (WA) category
  • Key Management (KM) category
  • Terminal report output
  • Basic scoring & grading
  • Community support
Install Free
Pro
$19/mo
For developers shipping secure cryptography.
  • 60 detection checks
  • Everything in Free
  • Encryption Modes (EM) category
  • Random Number Gen (RN) category
  • JSON & HTML reports
  • Category filtering
  • Email support
Team
$39/mo
For teams enforcing cryptographic standards across repos.
  • All 90 detection checks
  • Everything in Pro
  • Timing & Comparison (TC) category
  • Certificate & Protocol (CP) category
  • CI/CD integration
  • Custom rule definitions
  • Priority support

Get notified about updates

No spam. One email per week max. Unsubscribe anytime.

Your crypto is your first line of defense

Install CryptoLint in 30 seconds. Find every weak algorithm, hardcoded key, and insecure mode before attackers find them for you.

$ clawhub install cryptolint click to copy