Many startups use Supabase as a backend. I made this tool to enable to check anonymous access to tables using the anon key.
Just input your supabase entry point and your anon key to get an overview.
Fun fact, Supabase publishes the swagger of your db for anyone to see! (which is what makes this tool possible)
Excerpt of a sample output:
--- Table/View Test Summary --- [!] Potential RLS Leaks Found (Anonymous SELECT succeeded): - prices (19 rows accessible) Sample row: {"id": "price1", "product_id": "prod_QaZYMRtZiLaFiX", "active": true, "description": null, "unit_amount": 100, "currency": "usd", "type": "recurring", "interval": "month", "interval_count": 1, "trial_period_days": 0, "metadata": null} - products (19 rows accessible) Sample row: {"id": "price1", "active": false, "name": "One", "description": null, "image": null, "metadata": {}}
0