CryptoScan is a free open source tool that scans source code for quantum-vulnerable cryptographic patterns like RSA, ECDSA, and ECDH. It supports multiple languages and outputs SARIF reports compatible with GitHub Security.

How do I check if my encryption is quantum safe?

Use QRAMM's free tools: CryptoScan analyzes source code for vulnerable cryptography, TLS Analyzer checks your server configurations, and CryptoDeps audits your project dependencies. Together they provide comprehensive quantum readiness assessment.

What is a Cryptographic Bill of Materials (CBOM)?

A CBOM is an inventory of all cryptographic assets in your software, including algorithms, key sizes, and libraries used. CryptoDeps generates CBOMs automatically by scanning your project dependencies.

Free Quantum Security Tools | CryptoScan, TLS Analyzer, CryptoDeps, PQC-Bench, QBOM

CryptoScan

Available Now

Discover and inventory cryptographic assets in your codebase. CryptoScan scans source code, configurations, and dependencies to identify cryptographic implementations vulnerable to quantum attacks.

Key Features

Detects RSA, ECDSA, AES, MD5, SHA-1 and more
Classifies findings by quantum vulnerability level
SARIF output for GitHub Security integration
Generates CycloneDX Cryptographic BOM (CBOM)
CI/CD pipeline integration ready

View on GitHub Read Guide

TLS Analyzer

Available Now

Analyze TLS/SSL configurations across your infrastructure for quantum readiness. Evaluates cipher suites, protocols, and certificates against CNSA 2.0 compliance timelines.

Key Features

Scans TLS configurations and certificates
CNSA 2.0 compliance timeline assessment
Generates detailed HTML security reports
CycloneDX CBOM output for compliance
Bulk endpoint scanning capability

View on GitHub Read Guide

CryptoDeps

Available Now

Identify quantum-vulnerable cryptographic algorithms hiding in your software dependencies. Analyzes Go, npm, Python, and Maven packages for cryptographic usage and quantum risk exposure.

Key Features

Scans Go, npm, Python, and Maven dependencies
Quantum risk classification (VULNERABLE, PARTIAL, SAFE)
CycloneDX CBOM and SARIF output formats
Workspace & monorepo support (npm, pnpm, Go)
Direct GitHub repository scanning
CI/CD pipeline integration ready

View on GitHub Read Guide

CryptoServe

Available Now

Enterprise cryptography as a service. CryptoServe provides a unified API for encryption, signatures, and key management with built-in support for NIST post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA).

Key Features

275+ cryptographic API endpoints
NIST PQC: ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205)
FIPS 140-2/3 validated cryptography
Hybrid classical + post-quantum modes
Automated key rotation and audit logging
Cryptographic Bill of Materials (CBOM) generation

View on GitHub Documentation

PQC-Bench

Available Now

"What post-quantum crypto should I use?" Finally, there's a tool for that. Get natural language recommendations for NIST algorithms with sector-specific guidance and SNDL threat assessment.

Key Features

Natural language algorithm queries
7 critical infrastructure sector guides
SNDL (Store Now, Decrypt Later) threat assessment
Library production-readiness checks
Protocol impact analysis (TLS, certificates)
Compliance guidance (CNSA 2.0, FIPS 140-3)

View on GitHub Read Guide

QBOM

Available Now

Invisible provenance capture for quantum computing experiments. One import for complete reproducibility with zero code changes. Automatically captures environment, circuit, transpilation, hardware, and results.

Key Features

Zero code changes required
Qiskit, Cirq, PennyLane support
Reproducibility scoring (0-100)
Calibration & drift analysis
CycloneDX/SPDX SBOM export
Paper statement generation

View on GitHub Read Guide

Tool Comparison

Choose the right tool based on your assessment needs

Feature	CryptoScan	TLS Analyzer	CryptoDeps	CryptoServe	PQC-Bench	QBOM
Primary Use	Source code and configuration scanning	Network endpoint and certificate analysis	Dependency and package scanning	Cryptography API service	PQC algorithm recommendations	Quantum experiment reproducibility
Scan Target	Codebases, repositories, config files	TLS endpoints, SSL certificates	Go, npm, Python, Maven dependencies	Application integration (REST API)	Natural language queries, use cases	Qiskit, Cirq, PennyLane experiments
Output Formats	SARIF, CycloneDX CBOM, JSON, CSV	HTML reports, CycloneDX CBOM, JSON	SARIF, CycloneDX CBOM, JSON	JSON API, CBOM, Audit logs	CLI output, sector guides	JSON, CycloneDX, SPDX, YAML
CI/CD Integration	GitHub Actions, GitLab CI, Jenkins	Any CI/CD pipeline	GitHub Actions, any CI/CD pipeline	REST API, Python SDK	CLI tool, scriptable	Python import hook, CLI
Compliance Mapping	NIST PQC, CNSA 2.0	CNSA 2.0 timelines	NIST PQC, quantum risk levels	FIPS 140-2/3, NIST PQC (FIPS 203/204/205)	CNSA 2.0, FIPS 140-3, SNDL threat model	Reproducibility scoring, provenance capture

Open Source Tools

CryptoScan

Key Features

TLS Analyzer

Key Features

CryptoDeps

Key Features

CryptoServe

Key Features

PQC-Bench

Key Features

QBOM

Key Features

Tool Comparison

Ready to Assess Your Quantum Readiness?