diff --git a/lib/brakeman/tracker/controller.rb b/lib/brakeman/tracker/controller.rb
index 5fee87900..61ddd0361 100644
--- a/lib/brakeman/tracker/controller.rb
+++ b/lib/brakeman/tracker/controller.rb
@@ -120,16 +120,20 @@ def before_filter_to_hash processor, args
         filter[:methods] << a[1] if a.node_type == :lit
       end
 
-      if args[-1].node_type == :hash
-        option = args[-1][1][1]
-        value = args[-1][2]
-        case value.node_type
-        when :array
-          filter[option] = value.sexp_body.map {|v| v[1] }
-        when :lit, :str
-          filter[option] = value[1]
-        else
-          Brakeman.debug "[Notice] Unknown before_filter value: #{option} => #{value}"
+      options = args.last
+
+      if hash? options
+        # Probably only one option,
+        # but this also avoids issues with kwsplats
+        hash_iterate(options) do |option, value|
+          case value.node_type
+          when :array
+            filter[option.value] = value.sexp_body.map {|v| v[1] }
+          when :lit, :str
+            filter[option.value] = value[1]
+          else
+            Brakeman.debug "[Notice] Unknown before_filter value: #{option} => #{value}"
+          end
         end
       else
         filter[:all] = true
diff --git a/test/apps/rails7/app/controllers/admin_controller.rb b/test/apps/rails7/app/controllers/admin_controller.rb
index 747b2e152..2fde80c10 100644
--- a/test/apps/rails7/app/controllers/admin_controller.rb
+++ b/test/apps/rails7/app/controllers/admin_controller.rb
@@ -3,4 +3,9 @@ def search_users
     # Medium warning because it's probably an admin interface
     User.ransack(params[:q])
   end
+
+  # Test kwsplats in filter options
+  before_filter(**options) do |c|
+    x
+  end
 end