Skip to content

n40y/Qsentinel

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

124 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Qsentinel

Python License

Post-Quantum Cryptographic Audit Tool

Qsentinel scans live TLS/SSH endpoints and tells you, in concrete numbers, how long it would actually take to break them — once with classical computing, once with a quantum computer running Shor's or Grover's algorithm.

Why this tool exists

Most cryptographic audit tools tell you what algorithm a server uses (RSA-2048, AES-128, SHA-256...) and flag it as "weak" or "strong" based on static rules. That's useful, but it doesn't really answer the question that matters: weak against what, and for how long?

RSA-2048 is effectively unbreakable classically — the estimate is tens of trillions of years. The same key, attacked with a sufficiently large fault-tolerant quantum computer running Shor's algorithm, falls in a matter of hours. That gap — from "longer than the age of the universe" to "before lunch" — is the entire point of post-quantum cryptography, and it's very hard to internalize from a spec sheet.

Qsentinel exists to make that gap visible. It runs the real estimations (classical factorization complexity, Grover's quadratic speedup against symmetric ciphers, Shor's algorithm against RSA/ECC), benchmarks them, and produces a report that shows — side by side — what "secure" currently means and what it will stop meaning once quantum hardware catches up. The goal isn't to predict exactly when that happens; it's to show why migrating to post-quantum algorithms (Kyber, Dilithium, and the rest of the NIST PQC suite) isn't a theoretical precaution but a measurable, quantifiable necessity.

What it does

  • Live TLS/SSH scanning of a target host (sslyze, paramiko) — TLS versions, cipher suites, certificate key type and size.
  • Classical cracking time estimation for the detected algorithms (RSA factorization via GNFS complexity, ECC via Pollard's rho / BSGS).
  • Quantum cracking time estimation by simulating the relevant algorithms with Qiskit — Shor's algorithm against RSA/ECC, Grover's algorithm against symmetric keys and hashes.
  • Side-by-side comparison of classical vs. quantum attack time, with the resulting speedup factor.
  • Post-quantum recommendations mapped to NIST PQC standards (e.g. Kyber for key exchange, Dilithium for signatures).
  • Robustness score (0–100) summarizing the target's overall posture against both classical and quantum threats.
  • Benchmark suite measuring the actual runtime of each estimation/simulation routine (BSGS, RSA factorization, Shor, Grover, Kyber, Dilithium).
  • HTML report generation with all of the above, ready to share or archive.

Installation

It's strongly recommended to run Qsentinel inside a virtual environment, since it depends on qiskit, liboqs, sslyze, and paramiko.

Option A — using venv (standard library)

Linux / macOS

git clone https://github.com/n40y/Qsentinel.git
cd Qsentinel
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Windows (PowerShell)

git clone https://github.com/n40y/Qsentinel.git
cd Qsentinel
python -m venv venv
.\venv\Scripts\Activate.ps1
pip install -r requirements.txt

Windows (cmd.exe)

git clone https://github.com/n40y/Qsentinel.git
cd Qsentinel
python -m venv venv
venv\Scripts\activate.bat
pip install -r requirements.txt

To leave the environment at any time: deactivate.

Option B — using uv (faster, recommended)

uv handles the virtual environment and dependency installation in one step, on Linux, macOS, and Windows alike.

git clone https://github.com/n40y/Qsentinel.git
cd Qsentinel
uv venv

Then activate it the same way as a standard venv:

# Linux / macOS
source .venv/bin/activate

# Windows PowerShell
.venv\Scripts\Activate.ps1

Install dependencies:

uv pip install -r requirements.txt

Or, without activating the environment at all, run commands directly through uv:

uv run main.py -t google.com -p 443 -v --benchmark

If you don't have uv installed yet:

# Linux / macOS
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows PowerShell
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

Usage

python main.py -t <target> -p <port> -v --benchmark
Option Description
-t, --target Target host to scan (e.g. google.com)
-p, --port Target port (default: 443)
-v, --verbose Verbose output
--benchmark Run and display the algorithm benchmark suite

The scan produces a console summary and an HTML report (report.html) containing the TLS configuration, the classical/quantum comparison, the post-quantum recommendations, and the robustness score.

Example: CLI run

Qsentinel CLI scan in progress

Example: generated report

Qsentinel HTML report

Tech stack

Python · sslyze · paramiko · Qiskit · liboqs

Disclaimer

Qsentinel only performs passive TLS/SSH handshake analysis and offline cryptographic estimation — it does not attempt to break or interfere with any target's cryptography. Always make sure you are authorized to scan a given host before doing so.

Author

n40y

About

L'outil analyse les flux réels pour cartographier le niveau de risque et estimer géométriquement les écarts de temps de cassage entre les superordinateurs classiques et les algorithmes quantiques de rupture (Shor et Grover).

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors