DEV Community

QVS Quantum Vulnerability Scanner
QVS Quantum Vulnerability Scanner

Posted on

I built a quantum vulnerability scanner in 2 weeks — here's what I learned

#cybersecurity #security #webdev

When I was a kid, I played tabletop RPGs with a guy who was always ten times smarter than the rest of us — and always chose the evil side. Years later, he became a nuclear physicist. Now he's reportedly working on quantum computers at the bleeding edge.

If he's building the weapons, maybe I should build the walls.

That's why I built QVS.

NIST has set 2030 as the deadline for organizations to migrate away from quantum-vulnerable cryptography. RSA, ECC, SHA-1 — algorithms we rely on every day — will be broken by quantum computers running Shor's algorithm. Most organizations have no idea where they stand.

I wanted to fix that, so I built QVS — a free web tool that scans your URLs, files, and code for quantum-vulnerable cryptography in seconds.

What it does

You enter a URL, upload a file, or paste code (Python, JS, Java, Go, C#). QVS checks for:

  • RSA key exchange in TLS
  • ECDSA/ECDH with non-post-quantum curves
  • SHA-1 in certificates
  • AES-128 (reduced to 64-bit security by Grover's algorithm)
  • Weak cipher suites

You get a Quantum Readiness Score from 0-100 with a letter grade and specific findings with remediation recommendations.

Tech stack

  • Backend: Python 3.11, FastAPI, Uvicorn
  • Frontend: Vanilla HTML/CSS/JS (no React, no framework)
  • Scanner: 46 regex detection patterns + pyca/cryptography + stdlib ssl
  • PDF reports: ReportLab
  • Payments: Stripe Checkout
  • Deploy: Docker on Render.com

Total build time: about 2 weeks.

What I learned

Keep it simple. I almost reached for React. Glad I didn't. Vanilla JS made the frontend trivially fast to iterate on.

Regex gets you surprisingly far. Pattern matching isn't a deep cryptographic analysis, and I'm upfront about that. But for a quick surface-level audit, it catches the most common issues that matter for post-quantum readiness.

Ship before it's perfect. The scanner doesn't cover everything. But it covers enough to be useful, and real user feedback will tell me what to add next.

Try it

Free scan, no signup: https://qvs.app

There's an optional $49 premium report with executive summary, compliance timeline, and remediation roadmap if you need something to hand to your CTO.

I'd love feedback — what patterns or checks would you want to see added?

Top comments (0)