Detecting security vulnerabilities in existing applications is a hard task. Tools to accomplish this task are not only rare but often proprietary, expensive, and not always efficient. Moreover, many of the existing tools fail to discover security vulnerabilities inside applications integrating cryptographic functionalities, since it is difficult for the inspecting software to surmount the barriers of cryptographic keys, primitives and algorithms. It is particularly tedious to cope with cryptographic protocols that may be implemented inside the inspected application. In this paper, we introduce a new tool—SinCRY—designed to inspect Java applications that implement cryptographic protocols and modules. First, we present this tool. Then, we carry out a full inspection of a legacy-like test application using this tool along with SinJAR, another static tool for inspecting Java applications through their Jar files.