Overview
Extend the existing Assets API module with comprehensive service enumeration capabilities for detailed service, web application, and database discovery on assets.
Scope
API Endpoints (to add to existing Assets API)
GET /api/3/assets/{id}/services - Get all services on assetGET /api/3/assets/{id}/services/{protocol}/{port} - Get specific serviceGET /api/3/assets/{id}/services/{protocol}/{port}/configurations - Get service configGET /api/3/assets/{id}/services/{protocol}/{port}/databases - Get databasesGET /api/3/assets/{id}/services/{protocol}/{port}/web_applications - Get web appsGET /api/3/assets/{id}/services/{protocol}/{port}/user_groups - Get user groupsGET /api/3/assets/{id}/users - Get enumerated users
Implementation Checklist
Key Features
- Service Details: Protocol, port, product, version, fingerprint
- Web Applications: Virtual hosts, paths, response codes
- Databases: Database names, instances, versions
- Configurations: Service-specific configuration properties
- User Enumeration: Local accounts, groups discovered
- Helper Methods:
get_http_services(), get_databases(), find_service_by_name()
Common Service Types
- HTTP/HTTPS web servers
- SSH remote access
- Database servers (MySQL, PostgreSQL, Oracle, SQL Server)
- File sharing (SMB, NFS, FTP)
- Directory services (LDAP, Active Directory)
- Email servers (SMTP, IMAP, POP3)
Estimated Size
~250-300 lines of code (addition to existing assets.py)
Definition of Done
- Service methods added to existing AssetAPI class
- All endpoints implemented and tested
- Documentation updated with service examples
- Memory Bank updated
- PR created and ready for review
Note
This extends the existing Assets API rather than creating a new module, as services are inherently tied to assets.
References
- Context7 API Documentation:
/riza/rapid7-insightvm-api-docs
- Existing Module:
src/rapid7/api/assets.py
- BaseAPI Pattern:
src/rapid7/api/base.py
Overview
Extend the existing Assets API module with comprehensive service enumeration capabilities for detailed service, web application, and database discovery on assets.
Scope
API Endpoints (to add to existing Assets API)
GET /api/3/assets/{id}/services- Get all services on assetGET /api/3/assets/{id}/services/{protocol}/{port}- Get specific serviceGET /api/3/assets/{id}/services/{protocol}/{port}/configurations- Get service configGET /api/3/assets/{id}/services/{protocol}/{port}/databases- Get databasesGET /api/3/assets/{id}/services/{protocol}/{port}/web_applications- Get web appsGET /api/3/assets/{id}/services/{protocol}/{port}/user_groups- Get user groupsGET /api/3/assets/{id}/users- Get enumerated usersImplementation Checklist
src/rapid7/api/assets.pywith service methodsdocs/ASSETS_API.mdfeature/issue-{number}-asset-services-extensionKey Features
get_http_services(),get_databases(),find_service_by_name()Common Service Types
Estimated Size
~250-300 lines of code (addition to existing assets.py)
Definition of Done
Note
This extends the existing Assets API rather than creating a new module, as services are inherently tied to assets.
References
/riza/rapid7-insightvm-api-docssrc/rapid7/api/assets.pysrc/rapid7/api/base.py