Hey r/netsec,

I built an open-source tool called crypto-scanner that scans codebases for cryptographic usage and flags algorithms vulnerable to quantum computing attacks.

What it does:

• Scans source code (Python, JS/TS, Java, Go, Rust, C/C++, and more)
• Parses X.509 certificates and config files (YAML, JSON, ENV, INI)
• 4-tier risk classification: Critical (quantum-vulnerable), High (deprecated), Medium (monitor), Low (adequate)
• Outputs JSON for CI/CD automation or styled HTML reports
• Works as a pre-commit hook or GitHub Action

Why I built it:

NIST finalized post-quantum cryptography standards in 2024, and organizations need to start inventorying their cryptographic assets before migrating. Most teams have no idea what algorithms are actually running in their codebases. This tool gives you that visibility.

Install:

pip install crypto-scanner crypto-scanner scan /path/to/project --html --output report.html 

GitHub: https://github.com/mbennett-labs/crypto-scanner PyPI: https://pypi.org/project/crypto-scanner/

MIT licensed. Python 3.10+. Feedback and contributions welcome.

Would love to hear what you find when you run it on your projects.