Skip to content
/ pqc-discovery Public

The PQC discovery tool helps organizations to scan and find old "locks" (encryption methods), test if those locks would be vulnerable by quantum computers and provide a report showing what needs to be upgraded

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rheacisa/pqc-discovery

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
configs
configs
 
 
docs
docs
 
 
schema
schema
 
 
scripts
scripts
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

pqc-discovery

pqc-discovery is a cryptographic discovery and inventory toolkit that helps organizations identify quantum-vulnerable cryptographic dependencies across their infrastructure.

This project focuses on automated discovery, classification, and reporting of cryptographic assets to support post-quantum cryptography (PQC) readiness planning.

What this project does

  • Discovers cryptographic usage across systems and services
  • Identifies quantum-vulnerable public-key cryptography (RSA, ECC, DH)
  • Scans TLS endpoints and certificate stores
  • Generates structured inventory reports
  • Provides actionable findings for remediation planning

What this project does not do

  • Implement or enforce PQC algorithms
  • Perform vulnerability exploitation or aggressive scanning
  • Replace vendor cryptographic roadmaps
  • Make predictions about quantum computing timelines

This project treats quantum readiness as a discovery and dependency mapping problem first.

Quick Start

TLS Endpoint Scanning

Scan public TLS endpoints to collect certificate and cipher suite information:

python3 scripts/python/scan_tls.py \
  --targets configs/tls_targets.example.json \
  --out reports/tls_scan.json

Windows Cryptographic Inventory (PowerShell)

Run the full inventory collection on Windows systems:

.\scripts\pwsh\Invoke-CryptoInventory.ps1 `
  -TargetsConfig configs\targets.example.yml `
  -ScoringConfig configs\scoring.example.yml `
  -OutputPath reports\

Generate Reports

Create an HTML report from collected data:

python3 scripts/python/build_report.py \
  --inventory reports/crypto_inventory.json \
  --tls-scan reports/tls_scan.json \
  --findings reports/findings.csv \
  --out-dir reports/

Project Structure

pqc-discovery/
├── configs/           # Configuration templates
├── docs/              # Documentation and methodology
├── reports/           # Output directory for scan results
├── samples/           # Sample outputs for reference
├── schema/            # JSON schemas for data validation
└── scripts/
    ├── python/        # TLS scanning and report generation
    └── pwsh/          # Windows inventory collectors

Documentation

  • See docs/ for methodology and implementation guidance
  • Review samples/sample_outputs/ for example report formats
  • Check configs/ for configuration templates

Project Status

This project is active and under development.

Current capabilities are stable for TLS discovery and Windows certificate inventory. Future enhancements may include:

  • Linux/macOS cryptographic inventory
  • Active Directory Certificate Services (AD CS) discovery
  • SSH key and configuration analysis
  • Enhanced vendor roadmap tracking

License

See LICENSE for details.

Acknowledgments

Inspired by the pqc-readiness-kit project.

About

The PQC discovery tool helps organizations to scan and find old "locks" (encryption methods), test if those locks would be vulnerable by quantum computers and provide a report showing what needs to be upgraded

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages