Free tools
Is my server exposed?
Check the public host across a small set of common admin and homelab ports. This is a bounded consented scan meant to answer one practical question: should this still be public?
This scan is capped to a short list of common ports and rate limited per network and target.
Why this matters
Reachable ports do not always mean a mistake, but they often mean a decision was made once and never revisited. If one of these ports fronts a real app, use named.network workspace setup to put the app behind identity instead of leaving the port on the open internet.