Scan codebases for quantum-vulnerable cryptography and get NIST PQC migration guidance

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Quipo from gravatar.com Quipo

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Qorex
  • Tags cryptography , post-quantum , pqc , security , nist , compliance
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

Qorex

Scan your codebase for quantum-vulnerable cryptography and get NIST PQC migration guidance.

PyPI version License: MIT

Government mandates (CNSA 2.0, CMMC) require organizations to migrate away from quantum-vulnerable cryptography by 2030. Qorex finds the vulnerable code for you and tells you exactly what to replace it with.

Install

pip install qorex

Usage

# Scan a directory
qorex scan ./my-project

# Scan current directory
qorex scan

# Export full JSON report with migration guidance
qorex scan ./my-project --report json --output report.json

What it detects

Algorithm Risk Threat Replacement (NIST)
RSA CRITICAL Shor's algorithm ML-KEM / ML-DSA (FIPS 203/204)
ECDH CRITICAL Shor's algorithm ML-KEM (FIPS 203)
ECDSA CRITICAL Shor's algorithm ML-DSA / SLH-DSA (FIPS 204/205)
DSA CRITICAL Shor's algorithm ML-DSA (FIPS 204)
DH / DHE CRITICAL Shor's algorithm ML-KEM (FIPS 203)
AES-128 HIGH Grover's algorithm AES-256 (CNSA 2.0)
SHA-256 HIGH Grover's algorithm SHA-384 / SHA-512 (CNSA 2.0)

Languages supported: Python, C, C++, Go, Java

Example output

qorex — scanned ./my-project

 Risk       Algorithm   File                          Line   Match
 ────────── ─────────── ───────────────────────────── ────── ──────────────────────
 CRITICAL   RSA         src/auth/keys.py               12    rsa.generate_private_key
 CRITICAL   ECDSA       src/crypto/sign.go             34    ecdsa.Sign
 HIGH       SHA-256     src/utils/hash.java            8     SHA-256

3 finding(s) — run with --report json for full details and migration guidance.

JSON report

qorex scan . --report json --output report.json

Each finding includes the file, line, algorithm, risk level, plain-English explanation, NIST replacement algorithm, and migration guidance.

Roadmap

  • CBOM (Cryptographic Bill of Materials) export
  • CNSA 2.0 / CMMC compliance reports
  • CI/CD integrations (GitHub Actions, GitLab CI)
  • Tree-sitter AST scanning for C/C++

Contributing

Issues and PRs welcome. See CONTRIBUTING.md for guidelines.

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Quipo from gravatar.com Quipo

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Qorex
  • Tags cryptography , post-quantum , pqc , security , nist , compliance
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

qorex-0.0.1.tar.gz (9.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

qorex-0.0.1-py3-none-any.whl (13.5 kB view details)

Uploaded Python 3

File details

Details for the file qorex-0.0.1.tar.gz.

File metadata

  • Download URL: qorex-0.0.1.tar.gz
  • Upload date:
  • Size: 9.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for qorex-0.0.1.tar.gz
Algorithm Hash digest
SHA256 7f7b9e0e69d98fd7362cb358a6d242f5443d65c5b6e5dc4af8b321491eed4f77
MD5 5c6fd6b2e0649de017568498b69afde1
BLAKE2b-256 e818b512833dd1ef40fbf8271e6292bfdfb3c0565ea69e2cf60186897348b5fe

See more details on using hashes here.

Provenance

The following attestation bundles were made for qorex-0.0.1.tar.gz:

Publisher: publish.yml on quip0/qorex

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file qorex-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: qorex-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 13.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for qorex-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 e515676a43049255704c682378ef8fb9846890cdf353cbf8844c21b3a2027fe9
MD5 9cadc690f2fe59190cd38ef9714774d8
BLAKE2b-256 4a1519e6bc16816e1e714f89da265580b4db21df3e9d614741521a4259603c52

See more details on using hashes here.

Provenance

The following attestation bundles were made for qorex-0.0.1-py3-none-any.whl:

Publisher: publish.yml on quip0/qorex

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page