Patent Pending · U.S. Application #63/999,796

Know your
quantum risk
before it knows you.

PQCAT scans your infrastructure for quantum-vulnerable cryptography, scores your compliance against CNSA 2.0, NIST SP 800-131A, and 11 regulatory frameworks — then proves it with evidence your auditors will accept.

Linux curl -sSL https://install.pqcat.io | sh
Windows irm https://install.pqcat.io/windows | iex
Download View Source
9
Scanner Modules
11
Frameworks
0
Dependencies*
0
Outbound Calls†
Capabilities

Nine ways to find what's quantum-vulnerable.

Every scan module produces a normalized 0–100 compliance score, CBOM inventory, and actionable remediation plan.

TLS Deep Scan

SSL Labs-grade assessment: full cipher suite enumeration, protocol probing (TLS 1.0–1.3, SSLv3, SSLv2), certificate chain analysis, ML-KEM detection, and quantum-risk classification — 90× faster.

Source Code Analysis

Regex + AST scanning across 40+ languages. Finds hardcoded keys, weak algorithms, and deprecated crypto patterns in your repos.

SBOM & Supply Chain

Parses CycloneDX and SPDX BOMs. Cross-references 183 library signatures against known quantum-vulnerable dependencies.

Network & CIDR Discovery

Scans entire subnets. Discovers SSH, TLS, IPsec, and DNS endpoints. Maps every cryptographic asset on your network perimeter.

Config Analysis

Scans nginx, Apache, OpenSSL, and SSH configuration files for weak cipher selections, deprecated protocols, and non-compliant crypto settings.

SSH Key Audit

Inventories authorized_keys, server host keys, and key exchange algorithms. Flags DSA, RSA-1024, and ECDSA keys for rotation.

PKI & X.509 Estate

Crawls certificate stores, Java keystores, and PEM directories. Full chain validation with quantum-risk classification per asset.

SCAP Compliance

Ingests SCAP/XCCDF benchmark results and cross-references crypto policy findings against quantum readiness requirements.

Container Image

Scans Docker and OCI container images for embedded cryptographic libraries, certificates, and key material with quantum-vulnerability classification.

Regulatory Coverage

Eleven frameworks. One normalized score.

Every scan maps findings to your regulatory obligations. One command, one score, one report your auditor signs off on.

CNSA 2.0 NIST SP 800-131A NSM-10 FISMA FedRAMP PCI DSS 4.0 SOX HIPAA NYDFS 500 SWIFT CSP CMMC
Editions

Three editions. Zero compromises.

Single static binaries. No Docker, no Java, no Python runtime, no shared libraries. Copy it, run it.

Enclave
Air-Gapped Scanner
For SCIFs, classified networks, and any environment where zero outbound traffic is mandatory.
  • All 9 scanner modules
  • PDF, HTML, JSON, CBOM reports
  • Compliance scoring (all 11 frameworks)
  • TUI dashboard (terminal-based)
  • Q-Day risk simulation
  • Zero CGO — pure static binary
  • Zero outbound network code compiled in
Free & open source / Apache 2.0
Download Latest Release
Pro
Team Compliance Platform
REST API, web dashboard, multi-user RBAC, SIEM forwarding, and executive reporting for SOC teams.
  • Everything in Enclave, plus:
  • Web dashboard with 4 persona views
  • REST API (22 endpoints)
  • Multi-user RBAC (admin / auditor / viewer)
  • SIEM integration (Splunk, Sentinel, syslog)
  • Continuous drift monitoring with webhooks
  • Executive briefing PDF with cover page
  • Scan comparison and trend analysis
  • Prometheus /metrics endpoint
  • Section 508 / WCAG 2.1 AA accessible
Licensed / ML-DSA-65 signed
View Pricing & Purchase
Coming Soon
Cloud
GovCloud & CSP Scanner
Scan AWS GovCloud, Azure Government, and cloud-native cryptographic assets — KMS keys, ACM certificates, ALB/AppGW TLS policies.
  • Everything in Pro, plus:
  • AWS KMS, ACM, ELB, S3, Route 53 scanning
  • Azure Key Vault, App Gateway, Front Door
  • Auto-detect CSP via IAM / managed identity
  • Cloud-native quantum risk classification
  • HNDL exposure per cloud resource
  • AWS Marketplace AMI deployment
  • Multi-account scanning (up to 5 accounts)
$24,990/year
Request Early Access