pqcscan: Free Open-Source Post-Quantum Crypto Scanner

July 15, 2025Last Updated: July 15, 2025

1 minute read

PQCScan: An open-source post-quantum cryptography scanner, depicted as a metallic device on a gridded, futuristic background.

▼ Summary

– pqcscan is an open-source tool that scans SSH and TLS servers to identify supported Post-Quantum Cryptography (PQC) algorithms and saves results in JSON or HTML reports.
– Governments like the EU, US, and UK are setting deadlines for PQC compliance, but legacy algorithms like SHA-1 and MD5 still persist in many systems.
– Unlike general-purpose scanners, pqcscan is specialized for PQC algorithm detection, offering a focused solution without unnecessary features.
– Future updates may include better output formats, smarter algorithm selection, and companion tools to analyze PQC usage in encrypted traffic via pcap files.
– pqcscan is freely available on GitHub and helps organizations assess PQC readiness ahead of regulatory deadlines.

Post-quantum cryptography is becoming a critical security priority as organizations prepare for upcoming government mandates. A new open-source tool called pqcscan helps security teams quickly assess which systems support these next-generation encryption algorithms before regulatory deadlines take effect.

Developed by Vincent Berg, CTO at Anvil Secure, pqcscan specializes in scanning SSH and TLS servers to identify supported post-quantum cryptographic (PQC) methods. Unlike multipurpose security scanners, it focuses solely on this task, generating JSON reports that can be converted into browser-friendly HTML summaries. Berg created the tool in response to growing industry and government pressure to transition away from vulnerable classical encryption.

Governments worldwide are accelerating PQC adoption with strict compliance timelines. The EU, US, and UK have all established deadlines for implementing quantum-resistant algorithms. However, outdated cryptography remains stubbornly persistent, security teams still encounter obsolete protocols like SHA-1 and MD5 in production environments. “This transition won’t be easy,” Berg admits. “Tools like pqcscan help prioritize remediation by showing exactly which services meet PQC standards.”

The scanner stands out for its simplicity. While general-purpose tools like nmap may eventually incorporate similar functionality, pqcscan delivers immediate visibility without complex configuration. Future updates aim to improve usability, including streamlined output formats and selective algorithm scanning. Berg also plans companion utilities for analyzing network traffic captures, helping organizations track PQC adoption across their infrastructure.

For enterprises preparing for quantum-resistant security requirements, pqcscan offers a lightweight way to audit cryptographic readiness. Available on GitHub, the tool provides actionable data without commercial licensing barriers, a practical solution as the industry races toward a post-quantum future.

(Source: HelpNet Security)