Description

Detects security groups with overly permissive inbound rules that allow unrestricted access from any IP address (0.0.0.0/0 for IPv4 or ::/0 for IPv6). Such configurations can expose AWS resources to unnecessary security risks by allowing access from any source IP address on the internet.

Detection Strategy

• Scans all security groups in the specified AWS region

• Analyzes each inbound rule (IpPermissions) in the security group

• Reports a vulnerability if any rule contains CIDR range '0.0.0.0/0' for IPv4 access

• Reports a vulnerability if any rule contains CIDR range '::/0' for IPv6 access

• Each finding includes the specific security group ID and the problematic rule configuration