Enhanced CLI UI, CSV export, and roadmap update

thebenignhacker · thebenignhacker · commit 4b0bfec726ee · 2025-12-25T11:55:43.000-07:00
CLI Enhancements:
- Professional ASCII art banner with CRYPTOSCAN branding
- CSNP mission statement prominently displayed
- Improved scan results with visual severity indicators (bars)
- Better organized findings with numbered entries
- Footer with CSNP mission and links

New Features:
- CSV export format (--format csv) for spreadsheet analysis
- All 21 columns including priority score for sorting
- Easy import into Excel, Google Sheets, pandas

Documentation:
- Updated README with CSNP mission
- Added comprehensive roadmap section
- Cloud scanning (AWS/Azure/GCP) added to future releases
- QRAMM toolkit overview with planned tools
- Updated feature list (50+ patterns, dependency scanning)
diff --git a/README.md b/README.md
@@ -5,22 +5,33 @@
 
 **CryptoScan** is a powerful command-line tool for discovering cryptographic algorithms, key sizes, and quantum-vulnerable patterns in codebases. Part of the [QRAMM](https://qramm.org) (Quantum Readiness Assessment Maturity Model) toolkit by [CSNP](https://csnp.org).
 
+## CSNP Mission
+
+*Advancing cybersecurity through education, research, and open-source tools that empower organizations worldwide.*
+
 ## Features
 
 - **Quantum Risk Assessment**: Identifies cryptographic implementations vulnerable to quantum computing attacks
-- **Comprehensive Detection**: Scans for 30+ cryptographic patterns including:
+- **Comprehensive Detection**: Scans for 50+ cryptographic patterns including:
   - Asymmetric algorithms: RSA, ECDSA, DSA, DH, ECDH, Ed25519
   - Symmetric algorithms: AES, DES, 3DES, RC4, Blowfish, ChaCha20
   - Hash functions: MD5, SHA-1, SHA-2 family, SHA-3
   - TLS/SSL configurations and cipher suites
   - Crypto library imports (Python, Java, Go, Node.js, OpenSSL)
-  - Private keys and certificates in source code
+  - Private keys and certificates (RSA, EC, DSA, SSH, PGP, PKCS#8)
+  - Cloud KMS references (AWS KMS, Azure Key Vault, GCP KMS, HashiCorp Vault)
+  - JWT secrets, HMAC keys, and hardcoded encryption keys
+  - Weak key derivation (PBKDF with low iterations)
+- **Dependency Scanning**: Detects crypto libraries in 20+ dependency manifest formats
+- **Context-Aware Analysis**: Adjusts confidence based on file type, language, and code context
 - **Multiple Output Formats**:
-  - Text (human-readable with color)
+  - Text (professional CLI with visual indicators)
   - JSON (for programmatic processing)
+  - **CSV** (for spreadsheet analysis and reporting)
   - SARIF (for security tool integration)
   - CBOM (Cryptographic Bill of Materials - CycloneDX format)
 - **Flexible Scanning**: Include/exclude patterns, severity filtering, directory depth limits
+- **Actionable Remediation**: Each finding includes NIST PQC migration guidance
 
 ## Installation
 
@@ -110,7 +121,7 @@ Structured JSON output for integration with other tools:
 cryptoscan scan [path] [flags]
 
 Flags:
-  -f, --format string       Output format: text, json, sarif, cbom (default "text")
+  -f, --format string       Output format: text, json, csv, sarif, cbom (default "text")
   -o, --output string       Output file (default: stdout)
   -i, --include string      File patterns to include (comma-separated)
   -e, --exclude string      File patterns to exclude (comma-separated)
@@ -122,6 +133,15 @@ Flags:
       --git-history         Scan Git history (coming soon)
 ```
 
+### Export to CSV
+
+```bash
+# Export findings to CSV for spreadsheet analysis
+cryptoscan scan . --format csv --output crypto-findings.csv
+
+# Open in Excel, Google Sheets, or use with pandas
+```
+
 ## Examples
 
 ### CI/CD Integration
@@ -163,10 +183,44 @@ Contributions are welcome! Please see our [Contributing Guidelines](CONTRIBUTING
 
 Apache License 2.0 - see [LICENSE](LICENSE) for details.
 
+## Roadmap
+
+### Current Release (v1.0)
+- Local codebase scanning
+- 50+ crypto patterns with quantum risk classification
+- Multiple export formats (text, JSON, CSV, SARIF, CBOM)
+- Context-aware analysis
+- Dependency scanning
+
+### Coming Soon
+- **Git History Scanning**: Detect crypto in historical commits
+- **Remote Repository Scanning**: Direct GitHub/GitLab URL scanning
+
+### Future Releases
+- **Cloud Environment Scanning**:
+  - AWS: Scan KMS keys, ACM certificates, Secrets Manager, Parameter Store
+  - Azure: Key Vault keys/secrets, App Configuration
+  - GCP: Cloud KMS, Secret Manager, Certificate Authority Service
+- **Infrastructure-as-Code Analysis**: Terraform, CloudFormation, Pulumi crypto configs
+- **Container Image Scanning**: Detect crypto in Docker images
+- **API Discovery**: Find crypto endpoints in OpenAPI/Swagger specs
+
 ## About QRAMM
 
 The Quantum Readiness Assessment Maturity Model (QRAMM) is a comprehensive framework developed by [CSNP](https://csnp.org) to help organizations prepare for post-quantum cryptography. Learn more at [qramm.org](https://qramm.org).
 
+### QRAMM Toolkit
+
+CryptoScan is part of a planned suite of open-source quantum readiness tools:
+
+| Tool | Purpose | Status |
+|------|---------|--------|
+| **CryptoScan** | Cryptographic discovery in codebases | Available |
+| **CryptoCBOM** | Cryptographic Bill of Materials generator | Planned |
+| **TLS-Analyzer** | TLS/SSL configuration analysis | Planned |
+| **KeyRotate** | Key rotation automation | Planned |
+| **QRAMM-CLI** | Assessment and planning interface | Planned |
+
 ## Related Resources
 
 - [NIST Post-Quantum Cryptography Standards](https://csrc.nist.gov/projects/post-quantum-cryptography)
diff --git a/internal/cli/scan.go b/internal/cli/scan.go
@@ -58,7 +58,7 @@ Examples:
 }
 
 func init() {
-	scanCmd.Flags().StringVarP(&outputFormat, "format", "f", "text", "Output format: text, json, sarif, cbom")
+	scanCmd.Flags().StringVarP(&outputFormat, "format", "f", "text", "Output format: text, json, csv, sarif, cbom")
 	scanCmd.Flags().StringVarP(&outputFile, "output", "o", "", "Output file (default: stdout)")
 	scanCmd.Flags().StringVarP(&includeGlobs, "include", "i", "", "File patterns to include (comma-separated)")
 	scanCmd.Flags().StringVarP(&excludeGlobs, "exclude", "e", "", "File patterns to exclude (comma-separated)")
@@ -138,6 +138,8 @@ func runScan(cmd *cobra.Command, args []string) error {
 	switch outputFormat {
 	case "json":
 		rep = reporter.NewJSONReporter(jsonPretty)
+	case "csv":
+		rep = reporter.NewCSVReporter()
 	case "sarif":
 		rep = reporter.NewSARIFReporter()
 	case "cbom":
@@ -178,16 +180,44 @@ func runScan(cmd *cobra.Command, args []string) error {
 }
 
 func printBanner() {
-	fmt.Println("\033[36m")
-	fmt.Println("   ____                  _        ____")
-	fmt.Println("  / ___|_ __ _   _ _ __ | |_ ___ / ___|  ___ __ _ _ __")
-	fmt.Println(" | |   | '__| | | | '_ \\| __/ _ \\\\___ \\ / __/ _` | '_ \\")
-	fmt.Println(" | |___| |  | |_| | |_) | || (_) |___) | (_| (_| | | | |")
-	fmt.Println("  \\____|_|   \\__, | .__/ \\__\\___/|____/ \\___\\__,_|_| |_|")
-	fmt.Println("             |___/|_|")
-	fmt.Println("\033[0m")
-	fmt.Println(" QRAMM Cryptographic Scanner - https://qramm.org")
-	fmt.Println(" Copyright 2025 CSNP")
+	const (
+		colorCyan   = "\033[36m"
+		colorBlue   = "\033[34m"
+		colorGreen  = "\033[32m"
+		colorYellow = "\033[33m"
+		colorReset  = "\033[0m"
+		colorBold   = "\033[1m"
+		colorDim    = "\033[2m"
+	)
+
+	fmt.Println()
+	fmt.Println(colorCyan + colorBold + "  ╔═══════════════════════════════════════════════════════════════╗")
+	fmt.Println("  ║                                                                 ║")
+	fmt.Println("  ║   ██████╗██████╗ ██╗   ██╗██████╗ ████████╗ ██████╗ ███████╗   ║")
+	fmt.Println("  ║  ██╔════╝██╔══██╗╚██╗ ██╔╝██╔══██╗╚══██╔══╝██╔═══██╗██╔════╝   ║")
+	fmt.Println("  ║  ██║     ██████╔╝ ╚████╔╝ ██████╔╝   ██║   ██║   ██║███████╗   ║")
+	fmt.Println("  ║  ██║     ██╔══██╗  ╚██╔╝  ██╔═══╝    ██║   ██║   ██║╚════██║   ║")
+	fmt.Println("  ║  ╚██████╗██║  ██║   ██║   ██║        ██║   ╚██████╔╝███████║   ║")
+	fmt.Println("  ║   ╚═════╝╚═╝  ╚═╝   ╚═╝   ╚═╝        ╚═╝    ╚═════╝ ╚══════╝   ║")
+	fmt.Println("  ║                     ███████╗ ██████╗ █████╗ ███╗   ██╗         ║")
+	fmt.Println("  ║                     ██╔════╝██╔════╝██╔══██╗████╗  ██║         ║")
+	fmt.Println("  ║                     ███████╗██║     ███████║██╔██╗ ██║         ║")
+	fmt.Println("  ║                     ╚════██║██║     ██╔══██║██║╚██╗██║         ║")
+	fmt.Println("  ║                     ███████║╚██████╗██║  ██║██║ ╚████║         ║")
+	fmt.Println("  ║                     ╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝         ║")
+	fmt.Println("  ║                                                                 ║")
+	fmt.Println("  ╚═══════════════════════════════════════════════════════════════╝" + colorReset)
+	fmt.Println()
+	fmt.Println(colorBlue + "  QRAMM Cryptographic Discovery Scanner" + colorReset)
+	fmt.Println(colorDim + "  Quantum Readiness Assessment & Migration Tool" + colorReset)
+	fmt.Println()
+	fmt.Println(colorGreen + "  ┌─────────────────────────────────────────────────────────────┐")
+	fmt.Println("  │" + colorReset + colorBold + "  CSNP Mission:" + colorReset + colorGreen + "                                               │")
+	fmt.Println("  │" + colorReset + "  Advancing cybersecurity through education, research, and    " + colorGreen + "│")
+	fmt.Println("  │" + colorReset + "  open-source tools that empower organizations worldwide.     " + colorGreen + "│")
+	fmt.Println("  └─────────────────────────────────────────────────────────────┘" + colorReset)
+	fmt.Println()
+	fmt.Println(colorDim + "  https://qramm.org  •  https://csnp.org  •  Apache-2.0 License" + colorReset)
 	fmt.Println()
 }
 
diff --git a/pkg/reporter/csv.go b/pkg/reporter/csv.go
@@ -0,0 +1,99 @@
+// Copyright 2025 Cyber Security Non-Profit (CSNP)
+// SPDX-License-Identifier: Apache-2.0
+
+package reporter
+
+import (
+	"encoding/csv"
+	"strconv"
+	"strings"
+
+	"github.com/csnp/qramm-cryptoscan/pkg/scanner"
+)
+
+// CSVReporter generates CSV output for easy import into spreadsheets
+type CSVReporter struct{}
+
+// NewCSVReporter creates a new CSV reporter
+func NewCSVReporter() *CSVReporter {
+	return &CSVReporter{}
+}
+
+// Generate creates the CSV report
+func (r *CSVReporter) Generate(results *scanner.Results) (string, error) {
+	var b strings.Builder
+	w := csv.NewWriter(&b)
+
+	// Write header row
+	header := []string{
+		"ID",
+		"Severity",
+		"Type",
+		"Category",
+		"Algorithm",
+		"Key Size",
+		"Quantum Risk",
+		"Confidence",
+		"File",
+		"Line",
+		"Column",
+		"Match",
+		"Language",
+		"File Type",
+		"Purpose",
+		"Description",
+		"Remediation",
+		"Impact",
+		"Effort",
+		"Tags",
+		"Priority Score",
+	}
+	if err := w.Write(header); err != nil {
+		return "", err
+	}
+
+	// Write findings
+	for _, f := range results.Findings {
+		row := []string{
+			f.ID,
+			f.Severity.String(),
+			f.Type,
+			f.Category,
+			f.Algorithm,
+			intToStr(f.KeySize),
+			string(f.Quantum),
+			string(f.Confidence),
+			f.File,
+			strconv.Itoa(f.Line),
+			intToStr(f.Column),
+			f.Match,
+			f.Language,
+			f.FileType,
+			f.Purpose,
+			f.Description,
+			f.Remediation,
+			f.Impact,
+			f.Effort,
+			strings.Join(f.Tags, "; "),
+			strconv.Itoa(f.Priority()),
+		}
+		if err := w.Write(row); err != nil {
+			return "", err
+		}
+	}
+
+	w.Flush()
+	if err := w.Error(); err != nil {
+		return "", err
+	}
+
+	return b.String(), nil
+}
+
+// intToStr converts int to string, returning empty string for zero
+func intToStr(n int) string {
+	if n == 0 {
+		return ""
+	}
+	return strconv.Itoa(n)
+}
diff --git a/pkg/reporter/text.go b/pkg/reporter/text.go
