The same Decryption Blast Radius scanner, available as five surfaces. All free, no signup, no API key. Pick whichever fits your workflow.
Zero install. Run a scan from any terminal with Node 18+. Supports SARIF output, threshold gating, multi-domain bulk scans, QXM lockfile generation, history, and offline cert analysis.
npx pqcheck stripe.com
Drop into any GitHub workflow to fail PRs that regress the score. Built-in SARIF upload to Code Scanning, sticky PR comments, lockfile diff for vendor-risk gating.
uses: cipherwake-io/pqcheck/action@main
Toolbar badge showing the Decryption Blast Radius grade for every HTTPS site you visit. Click for the full report. DEPENDENCIES tab scans every third-party script/iframe on the active page for HNDL risk.
Install from Chrome Web Store →
The same endpoint every surface above calls. GET /api/scan?domain=<domain> returns the full scan JSON. Anonymous, rate-limited to 60/hr per IP. Build your own integration.
curl cipherwake.io/api/scan?domain=...
Every scoring component, weight, threshold, and edge case is documented. Per-tool methodology pages (Decryption Blast Radius core, Score components, Cert anomaly, Browser extension, QXM lockfile, post-mortems).
10 published methodology pages
Every surface above is a wrapper around the same public GET /api/scan endpoint. The CLI gives you scripting + CI integration. The Action gives you PR-level gating + Code Scanning. The extension gives you per-tab visibility. Slack gives you team-level posture conversations. The API gives you arbitrary integration.
For continuous monitoring (verified daily scans + signed embeddable badge + 90-day history + alerts), see Verified Monitoring — $9.99/mo founding price for the first 25 customers.