Open-source Essential Eight compliance scanner for Australian organisations
Project description
🛡️ E8Mate — Open Source Essential Eight Compliance Scanner
Automated assessment of your organisation's cybersecurity posture against Australia's ASD Essential Eight framework.
Why E8Mate?
The Essential Eight is Australia's baseline cybersecurity framework — mandatory for Commonwealth agencies, increasingly required by cyber insurers and government supply chains.
The problem: No open-source tool to automatically assess Essential Eight compliance. Existing options are expensive commercial products or manual Excel checklists.
E8Mate fixes this. Free, open-source, and supports three frameworks:
- 🇦🇺 Essential Eight — ASD Maturity Model (Australia)
- 🇸🇬 Cyber Essentials — CSA SS 712:2025 (Singapore)
- 🌏 CIS Controls v8 — Global best practices
Who this is for:
- Australian SMEs and not-for-profits without budget for Tenable or Qualys, who still need to demonstrate Essential Eight progress
- MSPs and consultants serving Australian and Singaporean SMBs who want a defensible self-assessment baseline before a formal audit
- In-house IT and compliance teams preparing for a CSA Cyber Essentials or ASD-approved E8 assessment
Quick Start
# Install from PyPI
pip install e8mate
# Scan the local Windows machine
e8mate scan
# Generate HTML audit report
e8mate scan --format html --output report.html
# Scan with mock data (for testing on Linux/macOS)
e8mate scan --transport mock --scenario partial
Web Scanner
Try it now at security8.work — free external scan of any domain against all three frameworks. No signup required.
Essential Eight Controls
All 8 controls implemented at Maturity Level 1 with 30 checks:
| # | Control | Checks | Status |
|---|---|---|---|
| 1 | Application Control | 4 | ✅ |
| 2 | Patch Applications | 3 | ✅ |
| 3 | Configure MS Office Macros | 3 | ✅ |
| 4 | User Application Hardening | 4 | ✅ |
| 5 | Restrict Admin Privileges | 4 | ✅ |
| 6 | Patch Operating Systems | 5 | ✅ |
| 7 | Multi-Factor Authentication | 3 | ✅ |
| 8 | Regular Backups | 4 | ✅ |
How It Works
Collectors (28 checks) --> Scoring (ML0-ML3) --> Reporters (JSON/HTML)
|
Transport Layer
+-- LocalPS Windows PowerShell (direct)
+-- WinRM Remote Windows scanning
+-- Mock Dev/demo (3 scenarios)
SaaS Dashboard
Multi-tenant MSP dashboard at security8.work/dashboard:
- Client management with per-org framework selection
- One-click external scans with grade tracking
- Branded printable reports (PDF via print)
- Scheduled scans (daily/weekly/monthly)
- Remediation tracker with auto-resolve on re-scan
- User management and audit logging
Nuclei Templates
Companion Nuclei templates for Essential Eight:
nuclei -t nuclei-templates/ -u https://target.example.com -tags essential-eight
Development
git clone https://github.com/boonchuan/e8mate.git
cd e8mate
pip install -e ".[dev]"
pytest
ruff check .
Roadmap
- v0.1 — All 8 controls at ML1, 30 checks, JSON/HTML reports
- v0.1 — Web scanner at security8.work (14 external checks)
- v0.1 — Multi-framework support (AU/SG/Global)
- v0.1 — SaaS dashboard for MSPs
- v0.1 — Published on PyPI
- v0.2 — ML2/ML3 rule definitions
- v0.3 — Microsoft Graph API (MFA, Conditional Access)
- v0.4 — Branded PDF report generation
- v0.5 — Client portal (client-facing login)
Open Source Contributions
E8Mate's author actively contributes Essential Eight and security-tooling content back to the broader ecosystem:
- Wazuh — PR #35645: ACSC Essential Eight (ML1+ML2) SCA policy for Windows 10/11
- Lynis — PR #1731: Nitrux Linux OS detection
- Lynis — PR #1733: Kylin Linux Advanced Server detection
- Prowler: prior merged contributions to AWS compliance checks
- Nuclei Templates: prior merged contributions
If you use the tools above and find Essential Eight content useful, please consider starring this repo too — it helps surface E8Mate to others looking for the same.
Disclaimer
E8Mate is an assessment tool, not a certification body. Only ASD-approved assessors can formally certify Essential Eight maturity levels.
Contributing
Contributions welcome! Priority areas: ML2/ML3 rule definitions, Nuclei templates, test coverage, documentation.
License
MIT License — see LICENSE for details.
Built with 🇦🇺🤝🇸🇬 by Boon for the Australian and Singaporean cybersecurity community.
security8.work · PyPI · GitHub
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file e8mate-0.2.3.tar.gz.
File metadata
- Download URL: e8mate-0.2.3.tar.gz
- Upload date:
- Size: 69.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cff3877868e1bc072666d00439db4da9f2bb62a1786afe02d7a30a4840ee12ca
|
|
| MD5 |
4d1de674ecb36d96d7f9d632cd59e439
|
|
| BLAKE2b-256 |
efff16be50b0006d6ff0defb34ae91b6fc4bb4126c72a12c362b82dcbe746fa7
|
File details
Details for the file e8mate-0.2.3-py3-none-any.whl.
File metadata
- Download URL: e8mate-0.2.3-py3-none-any.whl
- Upload date:
- Size: 67.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8b32084047ec36d4e1887deaa95bf62f1d96a00ac05f9290b3cc10501835d51e
|
|
| MD5 |
eb3fb17f5e9e47bda8600f9104339c50
|
|
| BLAKE2b-256 |
ef4aaddd950a5e3bd4ebc7e59320a20aa8a8708ea630b2522b2f01e8bfe9c183
|
