Quit Emailing Yourself

GitHub - cyberjez/PQC-Scanner: The PQC Network Scanner is a quantum‑focused network assessment tool that scans TLS/SSL certificates across enterprise environments to identify systems vulnerable to future quantum attacks. It’s available as both a Windows executable and a Python script, making it easy to deploy in a wide range of networks.

1 min read | Saved February 14, 2026 | Copied!

pqc 🤖 cryptography 🤖 tls 🤖 security 🤖 assessment 🤖

Do you care about this?

The PQC Network Scanner evaluates an organization's cryptographic exposure as it prepares for post-quantum security. It analyzes TLS endpoints for both classical and emerging quantum-safe algorithms, helping teams identify vulnerabilities and improve their security posture. The tool also provides detailed reports on endpoint configurations and offers guidance on migration to new standards.

If you do, here's more

The PQC Network Scanner is a specialized tool designed for organizations transitioning to post-quantum security. Unlike traditional TLS scanners, which focus on certificate validity and classical cryptographic strength, this scanner assesses cryptographic exposure with a quantum perspective. It evaluates endpoints by inspecting RSA and elliptic-curve keys, along with identifying post-quantum algorithms and hybrid deployments. This functionality is crucial for organizations concerned about threats from adversaries who might harvest data now and decrypt it later.

At its core, the scanner conducts a thorough inspection of TLS endpoints within an internal network. It retrieves full certificate chains, analyzes key types and sizes, and detects PQC-related object identifiers (OIDs). The tool can identify hybrid key-exchange mechanisms, such as X25519 combined with Kyber, and reviews TLS protocol versions and cipher suites to check for Perfect Forward Secrecy (PFS). This comprehensive evaluation provides insights into both classical and quantum-era cryptographic resilience.

In addition to cryptographic assessment, the scanner offers intelligent device identification by correlating certificate metadata with DNS information and naming conventions. This allows it to classify various endpoints like routers, firewalls, and web servers, helping security teams pinpoint where specific cryptographic measures are deployed. The output report is detailed, assessing each endpoint for quantum vulnerability, PQC readiness, and TLS posture. It highlights configurations at risk and provides guidance for migration aligned with new standards, such as ML-DSA and ML-KEM.

Version 2.0 of the scanner is tailored for enterprise networks, particularly in environments where intrusion detection or prevention systems (IDS/IPS) may complicate operations. It slows and randomizes scan traffic to prevent triggering these systems, applying pacing to both port checks and TLS handshakes. This approach is recommended for production or monitored networks to ensure smooth operation without raising alarms.

Questions about this article

No questions yet.