HEXL
Catalog/security-secgroup-ports

Security

Security-group port exposure scorer API

Scores a PROVIDED list of ingress rules ({port|fromPort/toPort, protocol, cidr}) for risky internet exposure: flags sensitive ports open to 0.0.0.0/0 or ::/0 (SSH 22, RDP 3389, DB ports 3306/5432/1433/27017/6379/9200, Docker 2375, etcd, k8s API, SMB 445) and 'all ports' rules, returning findings + severity + remediation and a 0-100 exposure-resistance score; rules restricted to private CIDRs are ignored. Answers 'Is SSH open to the world?','Which firewall rules are risky?'.

Price$0.01per request
MethodPOST
Route/v1/security/secgroup-ports
StatusLive
MIME typeapplication/json
Rate limit120/minute
CacheNo cache
securityfirewallsecurity-groupportsnetworkawsexposurescoring
API URLhttps://x402.hexl.dev/v1/security/secgroup-ports
Integration docs
Example request
{
  "rules": [
    {
      "port": 22,
      "protocol": "tcp",
      "cidr": "0.0.0.0/0"
    },
    {
      "port": 5432,
      "protocol": "tcp",
      "cidr": "0.0.0.0/0"
    },
    {
      "port": 443,
      "protocol": "tcp",
      "cidr": "10.0.0.0/8"
    }
  ]
}
Example response
{
  "score": 40,
  "rulesAnalyzed": 3,
  "findingsCount": 2,
  "criticalFindings": 2,
  "worldExposed": true,
  "findings": [
    {
      "severity": "critical",
      "title": "Rule 0 exposes SSH (port 22/tcp) to the internet (0.0.0.0/0)",
      "remediation": "Restrict port 22 to a bastion/VPN CIDR or a private security group; never expose SSH to 0.0.0.0/0.",
      "ruleIndex": 0
    },
    {
      "severity": "critical",
      "title": "Rule 1 exposes PostgreSQL (port 5432/tcp) to the internet (0.0.0.0/0)",
      "remediation": "Restrict port 5432 to a bastion/VPN CIDR or a private security group; never expose PostgreSQL to 0.0.0.0/0.",
      "ruleIndex": 1
    }
  ]
}
Input schema
{
  "type": "object",
  "required": [
    "rules"
  ],
  "properties": {
    "rules": {
      "type": "array",
      "description": "Ingress rules.",
      "items": {
        "type": "object",
        "additionalProperties": true
      },
      "examples": [
        [
          {
            "port": 22,
            "protocol": "tcp",
            "cidr": "0.0.0.0/0"
          },
          {
            "port": 5432,
            "protocol": "tcp",
            "cidr": "0.0.0.0/0"
          },
          {
            "port": 443,
            "protocol": "tcp",
            "cidr": "10.0.0.0/8"
          }
        ]
      ]
    }
  }
}
Output schema
{
  "type": "object",
  "additionalProperties": true
}