Blockchain & Web3
Detects secp256k1, Ed25519 and smart contract signatures used by Ethereum, Bitcoin, Solana and DeFi protocols. Scans ethers.js, web3.js, Solidity .sol files and HD wallet libraries.
Scan your GitHub repositories for cryptography vulnerable to quantum attacks. Your code is processed in memory — never stored, never logged. Use it free and help us perfect detection.
Built for every ecosystem
QuantumScan detects quantum-vulnerable cryptography across every type of project — from DeFi protocols to banking infrastructure.
Detects secp256k1, Ed25519 and smart contract signatures used by Ethereum, Bitcoin, Solana and DeFi protocols. Scans ethers.js, web3.js, Solidity .sol files and HD wallet libraries.
Identifies RSA, ECDSA and weak TLS configurations inside payment systems, APIs and financial infrastructure. Maps findings to DORA and NIS2 requirements.
Export CBOM (CycloneDX 1.7) and DORA/NIS2 PDF reports. Know your quantum risk before regulators ask — deadline 2030.
Audit NPM packages, Python libraries and shared frameworks that millions of applications depend on. Already scanned Bitcoin, python-ecdsa and bc-java.
Privacy by architecture
Privacy is not a promise — it's a right. It's an architecture you can audit. Four layers, all verifiable.
Your code is loaded into RAM, scanned for cryptographic patterns, and immediately purged. Zero bytes of source code reach our database or disk. Only findings — file path, line number, algorithm — are stored.
Enterprise customers will run the scanner inside their own CI runner. Code never leaves their infrastructure — we receive only structured findings. Tracked on GitHub.
Scanner core is MIT-licensed on GitHub with reproducible builds. Compile it yourself and verify the hash matches what we run.
Every internal access generates an audit entry visible to you. You see who looked at your findings, when, and why — with cryptographic hashes.
Quantum readiness index · live
Cryptographically relevant quantum computers projected this decade.
Maximum penalty for non-compliance under DORA Article 50.
Of EU enterprises lack a cryptographic bill of materials.
The clock is ticking
Quantum computers capable of breaking RSA-2048 are expected by 2030–2033. Regulatory deadlines are already set. Migration takes 2–5 years.
Based on NIST FIPS 203/204/205 transition timeline and IBM Quantum roadmap estimates.
Scan your codebase nowHow it works
We scan, classify and certify. You ship the report.
Paste your repo URL or upload a ZIP. We process your code in memory on isolated infrastructure — zero bytes of source code stored or logged.
We detect RSA, ECC, weak hashes and outdated TLS across 15 languages including C# (.NET), Java, Go, Python and Rust. Every finding maps to ML-KEM, ML-DSA, or SLH-DSA.
CycloneDX 1.7 CBOM, executive PDF and DORA / NIS2 / ISO 27001 mapping — ready for your auditor.
Why now
The quantum threat is not theoretical anymore. It is on the audit calendar.
Adversaries already capture encrypted traffic today, betting on quantum decryption before 2030. Long-lived secrets need PQC now.
DORA, NIS2 and BSI TR-02102 require cryptographic inventories and migration plans. Audits begin Q3 2026.
Refactoring TLS, KMS and signing pipelines is multi-year work. Inventory is the first deliverable — start before the audit.
Live demo preview
| File | Algorithm | Severity |
|---|---|---|
| auth/jwt.ts:47 | RSA-2048 | high |
| Security/CryptoService.cs:83 | RSACryptoServiceProvider | high |
| crypto/legacy.py:89 | SHA-1 | critical |
| Auth/TokenSigner.cs:31 | CipherMode.ECB | critical |
| kms/sign.rs:64 | Ed25519 | medium |
QuantumScan for Education
Free access for universities, coding bootcamps and online CS programs. Real PQC scanning — not simulations.
Free
For courses up to 50 students
Free
For departments up to 500 students
Free
For OSS security research labs
GitHub Classroom Integration
Add one YAML file to your GitHub Classroom template. QuantumScan runs on every student push and posts the risk score as a PR check — no setup per student, no manual grading.
Institution badge
Institutions that adopt QuantumScan in their security curriculum receive a verified digital badge to display on their website and course catalog.
Design partners program
We are in Phase 1: building the LATAM crypto-inventory dataset, not chasing MRR. You scan free. We learn from anonymized patterns. Everyone wins.
You scan. We publish anonymized aggregates. Zero bytes of source code stored.