Skip to main content
Glama
Bhavesh8890

AWS MCP Server

by Bhavesh8890
OverviewInspectSchemaRelated ServersScoreDiscussions
JavaScript
Remote

list_open_security_groups

Identify AWS security groups with open ports to the public internet. Check for ingress from 0.0.0.0/0 on specified ports to assess security exposure.

Instructions

Lists security groups that allow ingress from 0.0.0.0/0 on specified ports (default: 22, 3389).

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
portsNoList of ports to check (default: [22, 3389]).

Implementation Reference

  • src/index.ts:1620-1658 (handler)
    Handler function that lists EC2 security groups allowing ingress from 0.0.0.0/0 on specified ports (default checks for any, or specific ports like 22/3389). Filters using DescribeSecurityGroupsCommand with CIDR filter, then checks IpPermissions for open ranges.
    if (name === "list_open_security_groups") { const checkPorts = (args as any)?.ports; // If undefined, we check for ANY open port // If user specifically requests some ports, use them. If checksPorts is undefined/empty, means "any port". // But if user passes [], it might mean "any" or "none". Let's assume undefined means "any". const checkSpecificPorts = checkPorts && checkPorts.length > 0; const command = new DescribeSecurityGroupsCommand({ Filters: [{ Name: "ip-permission.cidr", Values: ["0.0.0.0/0"] }] }); const response = await ec2Client.send(command); const openSGs = response.SecurityGroups?.filter(sg => { return sg.IpPermissions?.some(perm => { const isGlobal = perm.IpRanges?.some(r => r.CidrIp === "0.0.0.0/0"); if (!isGlobal) return false; if (!checkSpecificPorts) return true; // If we aren't filtering by specific ports, then ANY 0.0.0.0/0 is a match. // Check if it overlaps with checked ports or is all traffic if (perm.IpProtocol === "-1") return true; // All traffic const fromPort = perm.FromPort || 0; const toPort = perm.ToPort || 65535; return checkPorts.some((p: number) => p >= fromPort && p <= toPort); }); }).map(sg => ({ GroupId: sg.GroupId, GroupName: sg.GroupName, Description: sg.Description, OpenPorts: sg.IpPermissions?.filter(perm => perm.IpRanges?.some(r => r.CidrIp === "0.0.0.0/0") && (!checkSpecificPorts || perm.IpProtocol === "-1" || checkPorts.some((p: number) => p >= (perm.FromPort || 0) && p <= (perm.ToPort || 65535))) ).map(p => p.IpProtocol === "-1" ? "All" : `${p.FromPort}-${p.ToPort}`) })) || []; return { content: [{ type: "text", text: JSON.stringify(openSGs, null, 2) }] }; }
  • src/index.ts:417-430 (registration)
    Tool registration in the ListToolsRequestSchema handler, including name, description, and input schema definition.
    { name: "list_open_security_groups", description: "Lists security groups that allow ingress from 0.0.0.0/0 on specified ports (default: 22, 3389).", inputSchema: { type: "object", properties: { ports: { type: "array", items: { type: "number" }, description: "List of ports to check (default: [22, 3389])." } } } },
  • src/index.ts:420-430 (schema)
    Input schema for the list_open_security_groups tool, defining optional ports array.
    inputSchema: { type: "object", properties: { ports: { type: "array", items: { type: "number" }, description: "List of ports to check (default: [22, 3389])." } } } },

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Bhavesh8890/MCP-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server