Patent Pending · U.S. Application #63/999,796

Know your
quantum risk
before it knows you.

PQCAT scans your infrastructure for quantum-vulnerable cryptography, scores your compliance against CNSA 2.0, NIST SP 800-131A, and 11 regulatory frameworks — then proves it with evidence your auditors will accept.

Linux curl -sSL https://install.pqcat.io | sh
Windows irm https://install.pqcat.io/windows | iex
Download View Source
9
Scanner Modules
11
Frameworks
0
Dependencies*
0
Outbound Calls†
Capabilities

Nine ways to find what's quantum-vulnerable.

Every scan module produces a normalized 0–100 compliance score, CBOM inventory, and actionable remediation plan.

TLS & Certificate Chain

Deep inspection of every certificate in the chain. Identifies RSA, ECDSA, and Ed25519 keys vulnerable to Shor's algorithm.

Source Code Analysis

Regex + AST scanning across 40+ languages. Finds hardcoded keys, weak algorithms, and deprecated crypto patterns in your repos.

SBOM & Supply Chain

Parses CycloneDX and SPDX BOMs. Cross-references 2,400+ library signatures against known quantum-vulnerable dependencies.

Network & CIDR Discovery

Scans entire subnets. Discovers SSH, TLS, IPsec, and DNS endpoints. Maps every cryptographic asset on your network perimeter.

SSH Key Audit

Inventories authorized_keys, server host keys, and key exchange algorithms. Flags DSA, RSA-1024, and ECDSA keys for rotation.

PKI & X.509 Estate

Crawls certificate stores, Java keystores, and PEM directories. Full chain validation with quantum-risk classification per asset.

Regulatory Coverage

Eleven frameworks. One normalized score.

Every scan maps findings to your regulatory obligations. One command, one score, one report your auditor signs off on.

CNSA 2.0 NIST SP 800-131A NSM-10 FISMA FedRAMP PCI DSS 4.0 SOX HIPAA NYDFS 500 SWIFT CSP CMMC
Editions

Two editions. Zero compromises.

Both are single static binaries. No Docker, no Java, no Python runtime, no shared libraries. Copy it, run it.

Enclave
Air-Gapped Scanner
For SCIFs, classified networks, and any environment where zero outbound traffic is mandatory.
  • All 9 scanner modules
  • PDF, HTML, JSON, CBOM reports
  • Compliance scoring (all 11 frameworks)
  • TUI dashboard (terminal-based)
  • Q-Day risk simulation
  • Zero CGO — pure static binary
  • Zero outbound network code compiled in
Free & open source / Apache 2.0
Install Enclave
Pro
Enterprise Platform
REST API, web dashboard, multi-user RBAC, SIEM forwarding, and executive reporting for SOC teams.
  • Everything in Enclave, plus:
  • Web dashboard with 4 persona views
  • REST API (22 endpoints)
  • Multi-user RBAC (admin / auditor / viewer)
  • SIEM integration (Splunk, Sentinel, syslog)
  • Continuous drift monitoring with webhooks
  • Executive briefing PDF with cover page
  • Scan comparison and trend analysis
  • Prometheus /metrics endpoint
  • Section 508 / WCAG 2.1 AA accessible
Licensed / ML-DSA-65 signed
Request License