Hasura Security Audit - Find Open Anonymous Roles (Nhost) Free
Pricing
Pay per usage
Hasura Security Audit - Find Open Anonymous Roles (Nhost) Free
Audit any Hasura instance (self-hosted or Nhost) for tables with anonymous-role permissions, missing column filters, and unprotected mutations. Live GraphQL probe confirms what's exposed. HTML report with paste-ready permission snippets. Free.
Pricing
Pay per usage
Rating
0.0
(0)
Developer
Renzo Madueno
Actor stats
0
Bookmarked
1
Total users
0
Monthly active users
2 minutes ago
Last modified
Categories
Share
Nhost / Hasura Security Auditor
If your Hasura instance has the anonymous role enabled with empty row filters on any table, the entire table is publicly readable via a single GraphQL query right now. This actor finds those leaks in 30 seconds.
Scan any Hasura instance (or Nhost project) for permissive role permissions and confirm leaks live with an anonymous GraphQL query.
Why
Hasura's permission model is powerful but easy to leave open: an anonymous role with an empty filter exposes the table to anyone, a user role without row-level filter lets every signed-up user touch every row, and public introspection lets attackers map the entire schema without auth.
Output
- HTML report (key
REPORT) — score, severity-ranked findings, fix snippet on each - Dataset — every finding as a row
- SUMMARY — counts + active-probe stats
Want a written report + Q&A support?
Free actor → you find leaks. $29 lite tier (top 3 critical fixes + written summary) or $99 full audit (every table's permissions across every role + 30-day Q&A + paste-ready bundle, 24h delivery). The CTA links inside the HTML report take you to Stripe.
Source
MIT — https://github.com/Perufitlife/nhost-security-skill
