Get list of public DNS names for a tunnel + URI's or proactive report on which sites are publicly accessible

One of the gaps for me in Cloudflare access is that once a tunnel is created and brought up, it’s accessible by all. Only after creation of a subsequent application can you apply controls to that resource. My ask is, is there a way I can get all public URL’s with application URI’s so that I can programmatically check to see if they are open to the public vs. behind access control within a defined application? I did this manually using old config data, but I’ve subsequently moved to the web-based configuration. To do this manually, I went to Tunnels → Configure → Public Hostnames and created a file with hostname & URIs. I then fed this through a script that tried to access it from a non-authed machine/IP. Unfortunately, I found one open that I did not expect to be publicly open (it didn’t have a corresponding application entry), so I’m glad I went through the exercise.

# Sample contents of hosts:  
# hostname.domain.com/secure
# hostname2.domain.com
for i in `cat hosts`; do
	RUN=`curl -s -L $i | grep Sign 1>/dev/null 2>&1`
	RC=$?
	if [ ${RC} == 1 ]; then
		echo $i was accessible without auth
	fi
done

What would be nice would be the ability to dump out a list of hostnames and URI’s so I could run this on a regular basis. Either that or some visual way to show access customers which hostnames are open with no access policies applied at all.