Free tool

Free PQC scan of your public-facing cryptography

A scoped CipherScout™ discovery of the crypto on your public surface: TLS, certificates, key exchange and signature algorithms, returned as a Cryptographic Bill of Materials (CBOM) plus a quantum-risk summary you can act on.

Free · public surface only

What it scans

Your public-facing crypto, mapped

The free scan points CipherScout at the crypto you expose to the internet on the domain you submit. It detects and inventories what you run, mapping your posture rather than exploiting it.

Protocols & TLS

What is on the wire

TLS versions and cipher suites negotiated on your public endpoints, plus the security headers your site returns.

Certificates

Your public certificates

Leaf and chain certificates, key types and sizes, validity windows and revocation signals (OCSP / stapling) on the domain you submit.

Key exchange

How keys are agreed

The key-exchange groups and named curves your endpoints offer, flagged where they rely on classical hardness that a quantum computer would undermine.

Signatures & deprecated

Signatures & weak ciphers

Signature algorithms on your certificates and any deprecated or weak ciphers still offered, the items most likely to need a swap.

What you get

A report you keep, not just a score

The scan hands back structured artefacts for the public surface in scope: an inventory, a risk read and the control references to take to your team.

Inventory

A Cryptographic Bill of Materials (CBOM)

A CycloneDX 1.7-aligned Cryptographic Bill of Materials for the public crypto found, a structured inventory you keep, whether or not you go further.

Risk

A quantum-risk summary

Each finding is severity-scored for quantum risk, so you can see where deprecated and quantum-vulnerable cryptography concentrates on your public surface.

References

NIST control references

Findings carry NIST control references, so the summary lines up with the frameworks your security team already works to.

Cryptographic Bill of Materials (CBOM) Severity-scored findings NIST control references ML-KEM / ML-DSA context

How it works

Three steps to your report

The free scan is deliberately simple. You give us a domain, we run a scoped pass against its public surface and you get the report back.

01 · Submit

Submit your domain

Enter your work email and the domain you want checked and confirm you are authorised to have it scanned.

02 · Scan

We run a scoped scan

CipherScout runs a scoped pass against the public surface of that domain, posture detection only, bound to the target you submit.

03 · Report

You get the report

We send back the Cryptographic Bill of Materials (CBOM) and the quantum-risk summary, with NIST control references, for the surface in scope.

Run a free scan

Start with your public surface

Tell us the domain you want scanned and we’ll return a scoped CBOM and quantum-risk summary of your public-facing endpoints. No obligation to continue.

Scope

What the free scan covers

The free scan is an educational read on your external posture. It is genuinely useful and deliberately scoped to your public surface.

Public surface only

This is a scoped scan of your public-facing surface. It does not reach inside your network, your applications or your data layer. Deeper internal, on-premises or air-gapped discovery is available through the EQCore platform, where CipherScout runs inside your boundary and your data stays within your environment.

Want discovery across your whole estate? Request a trial

See your whole estate, not just the edge

The free scan reads your public surface. A trial runs CipherScout against a scope you define, inside your boundary, and hands back a CBOM, a crypto-posture view and a sample prioritised remediation plan.