Cross-platform CLI tool to scan machine configuration against the ACSC Essential Eight mitigation strategies
Project description
e8scan
Cross-platform CLI tool that scans your machine's configuration against the Australian ACSC Essential Eight mitigation strategies and maps every check to official ISM (Information Security Manual) control IDs.
Why e8scan?
The Essential Eight is Australia's baseline cybersecurity framework developed by the Australian Cyber Security Centre (ACSC). Despite being widely referenced, there is a notable lack of open-source tooling that allows developers and sysadmins to self-assess their machines against it.
e8scan fills that gap: it runs real checks against your system configuration — registry keys, commands, files, services — and maps each finding to its ISM control ID and maturity level. Results can be exported as a rich terminal table, JSON, SARIF (for GitHub code scanning), or a self-contained HTML report.
DISCLAIMER: Results are indicative only and do not constitute a formal ASD/ACSC Essential Eight assessment. This tool is not affiliated with the Australian Government. Always engage an accredited assessor for compliance verification.
Install
pip install e8scan
Requires Python 3.10+. No heavy dependencies — just typer, rich, and PyYAML.
Quickstart
# Run all checks and display a rich terminal report
e8scan scan
# Filter to a single strategy
e8scan scan --strategy configure_office_macros
# Only ML1 checks
e8scan scan --maturity-level 1
# Export to HTML
e8scan scan --format html --output report.html
# Export to SARIF for GitHub code scanning
e8scan scan --format sarif --output results.sarif
# List all available checks
e8scan list-checks
# Explain a specific check
e8scan explain E8-OM-001
Example terminal output
e8scan — Essential Eight Configuration Scanner
Platform: Linux
Configure Office Macros
┌──────────────┬────┬────────┬─────────────────────────────────────────┬──────────────────────────────────┐
│ ID │ ML │ Status │ Title │ Actual / Note │
├──────────────┼────┼────────┼─────────────────────────────────────────┼──────────────────────────────────┤
│ E8-OM-001 │ 1 │ SKIP │ Office macros from the internet blocked │ Not applicable on [windows] │
...
Scan Summary
PASS 3
FAIL 2
ERROR 0
MANUAL 4
SKIPPED 12
TOTAL 21
Indicative Maturity Level: ML0
Per-strategy pass rate:
Configure Office Macros ░░░░░░░░░░░░░░░░░░░░ 0.0%
Patch Operating Systems ████████░░░░░░░░░░░░ 40.0%
...
Strategy coverage
| Strategy | Checks | ISM Controls |
|---|---|---|
| Configure Microsoft Office Macro Settings | 8 | ISM-1671, ISM-1488, ISM-1489, ISM-1705 |
| Patch Operating Systems | 5 | ISM-1694, ISM-1695 |
| Restrict Administrative Privileges | 4 | ISM-1507, ISM-1508, ISM-1684 |
| User Application Hardening | 5 | ISM-1621, ISM-1622, ISM-1623, ISM-1543, ISM-1486 |
| Multi-Factor Authentication | 2 | ISM-1401, ISM-1679 |
| Regular Backups | 3 | ISM-1511, ISM-1512, ISM-1515 |
| Application Control | 3 | ISM-1490, ISM-1491, ISM-1492 |
| Patch Applications | 3 | ISM-1493, ISM-1494 |
Writing custom checks
Add YAML files to any directory and pass it with --checks-dir:
e8scan scan --checks-dir ./my-checks/
See docs/check-schema.md for the full schema reference.
Contributing
See CONTRIBUTING.md. All contributions are welcome — new checks, new platforms, bug fixes.
Good first issues:
- Add ML2/ML3 macro checks
- Add Linux patch recency checks
- Add macOS backup agent detection
- Improve HTML report design
Security
See SECURITY.md for how to report vulnerabilities.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file e8scan-0.1.0.tar.gz.
File metadata
- Download URL: e8scan-0.1.0.tar.gz
- Upload date:
- Size: 35.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2358de9fb5a5ff6cceb062806b8164229a1973502289dba9874d91c3fe4451ae
|
|
| MD5 |
3ce66ad3b49f7b316e55568cd37a4ebd
|
|
| BLAKE2b-256 |
2cebfd782f5d16a051b65ed978034f117b76e7cbba3f5668eb65971e7eba2f15
|
File details
Details for the file e8scan-0.1.0-py3-none-any.whl.
File metadata
- Download URL: e8scan-0.1.0-py3-none-any.whl
- Upload date:
- Size: 47.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
beee5684c5ccb3f7be75b3561c8cb246f68248068d806afad327cea4a8091f91
|
|
| MD5 |
e08d13b8357f9c209dc86cdd1c911a9e
|
|
| BLAKE2b-256 |
457d0f8b715ca64b28042786528cb954de2940148e0e7b4e89b054870bebd9a9
|