script3r
diff --git a/‎README.md‎
Lines changed: 23 additions & 1 deletion b/‎README.md‎
Lines changed: 23 additions & 1 deletion
diff --git a/‎crates/cli/src/main.rs‎
Lines changed: 6 additions & 2 deletions b/‎crates/cli/src/main.rs‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎crates/cli/tests/integration.rs‎
Lines changed: 6 additions & 0 deletions b/‎crates/cli/tests/integration.rs‎
Lines changed: 6 additions & 0 deletions
@@ -1,6 +1,6 @@
 ## cryptofind
 
-Fast, low-false-positive static scanner that finds third-party cryptographic libraries and call sites across Go, Java, C, C++, Rust, Python, and PHP codebases.
+Fast, low-false-positive static scanner that finds third-party cryptographic libraries and call sites across Go, Java, C, C++, Rust, Python, PHP, Swift, Objective-C, and Kotlin codebases.
 
 ### Install & Run
 
@@ -20,6 +20,7 @@ Key flags:
 - `--min-confidence 0.9`: filter low-confidence hits
 - `--threads N`: set thread pool size
 - `--max-file-size MB`: skip large files (default 2)
+- `--patterns PATH`: specify patterns file (default: `patterns.toml`)
 - `--include-glob GLOB` / `--exclude-glob GLOB`
 - `--allow LIB` / `--deny LIB`
 - `--deterministic`: stable output ordering
@@ -55,6 +56,27 @@ SARIF snippet:
 
 Patterns are loaded from `patterns.toml` (and optional `patterns.local.toml`, if you add it). The schema supports per-language `include`/`import`/`namespace`/`apis` anchored regexes. The engine strips comments and avoids string literals to reduce false positives.
 
+#### Supported Languages & File Extensions
+
+The scanner automatically detects and processes files with these extensions:
+
+- **C/C++**: `.c`, `.h`, `.cc`, `.cpp`, `.cxx`, `.c++`, `.hpp`, `.hxx`, `.h++`, `.hh`
+- **Java**: `.java`
+- **Go**: `.go`
+- **Rust**: `.rs`
+- **Python**: `.py`, `.pyw`, `.pyi`
+- **PHP**: `.php`, `.phtml`, `.php3`, `.php4`, `.php5`, `.phps`
+- **Swift**: `.swift`
+- **Objective-C**: `.m`, `.mm`, `.M`
+- **Kotlin**: `.kt`, `.kts`
+
+#### Performance Optimizations
+
+- **Default Glob Filtering**: Only processes source files, skipping documentation, images, and binaries
+- **Pattern Caching**: Compiled patterns are cached per language for faster lookups
+- **Aho-Corasick Prefiltering**: Fast substring matching before expensive regex operations
+- **Parallel Processing**: Multi-threaded file scanning using Rayon
+
 ### Extending Detectors
 
 Detectors are plugin-like. Add a new crate under `crates/` implementing the `Detector` trait, or extend the `patterns.toml` to cover additional libraries. See `crates/scanner-core/src/lib.rs` for the trait and pattern-driven detector.
 
@@ -64,6 +64,10 @@ struct Args {
     /// Dry-run: list files that would be scanned
     #[arg(long, action = ArgAction::SetTrue)]
     dry_run: bool,
+
+    /// Path to patterns file
+    #[arg(long, value_name = "FILE", default_value = "patterns.toml")]
+    patterns: PathBuf,
 }
 
 fn main() -> Result<()> {
@@ -75,8 +79,8 @@ fn main() -> Result<()> {
             .ok();
     }
 
-    // Load patterns: patterns.toml + optional patterns.local.toml
-    let base = fs::read_to_string("patterns.toml").context("read patterns.toml")?;
+    // Load patterns from specified file
+    let base = fs::read_to_string(&args.patterns).with_context(|| format!("read patterns file: {}", args.patterns.display()))?;
     let reg = PatternRegistry::load(&base)?;
     let reg = Arc::new(reg);
 
 
@@ -50,6 +50,12 @@ fn scan_fixtures() {
     let fixtures = workspace.join("fixtures");
     let findings = scanner.run(&[fixtures.clone()]).unwrap();
 
+    // Debug: print all findings
+    println!("Found {} findings:", findings.len());
+    for f in &findings {
+        println!("  {:?} | {} | {}:{}", f.language, f.library, f.file.display(), f.span.line);
+    }
+
     // Expect at least one hit per language category in positive fixtures
     let has_rust = findings
         .iter()