Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From runzero
Lists and filters RunZero-discovered services by port or protocol, identifies vulnerabilities, and audits exposed services across sites.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin runzeroHow this skill is triggered — by the user, by Claude, or both
Slash command
/runzero:servicesThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
RunZero discovers services running on every asset -- open ports, protocols, software versions, and TLS configurations. Service data is critical for vulnerability assessment, compliance auditing, and attack surface management. This skill covers listing, filtering, and analyzing discovered services.
Searches and browses RunZero asset inventory, inspects attributes like OS fingerprinting, hardware details, network interfaces, and classifications.
Maps internet-facing assets, ranks by exploitability risk, identifies exposed ports/services, public storage, and vulnerabilities from an attacker's perspective. Use for attack surface analysis.
Guides Shodan CLI setup, host reconnaissance, search queries, filters, and outputs for penetration testing asset discovery and vulnerability identification.
Share bugs, ideas, or general feedback.
RunZero discovers services running on every asset -- open ports, protocols, software versions, and TLS configurations. Service data is critical for vulnerability assessment, compliance auditing, and attack surface management. This skill covers listing, filtering, and analyzing discovered services.
Each discovered service includes:
| Attribute | Description |
|---|---|
port | TCP/UDP port number |
protocol | Application protocol (HTTP, SSH, RDP, etc.) |
transport | Transport layer (TCP, UDP) |
summary | Service banner or description |
software | Detected software and version |
tls | TLS/SSL configuration details |
asset_id | The asset this service runs on |
first_seen | When the service was first discovered |
last_seen | When the service was last observed |
| Protocol | Default Port | Risk Considerations |
|---|---|---|
ssh | 22 | Check for weak ciphers, old versions |
rdp | 3389 | High-risk if exposed externally |
http | 80 | Check for unencrypted admin panels |
https | 443 | Verify TLS version and certificate |
smb | 445 | Ransomware vector if exposed |
snmp | 161 | Check for default community strings |
telnet | 23 | Unencrypted; should be disabled |
ftp | 21 | Unencrypted; check for anonymous access |
RunZero flags services with security concerns:
runzero_services_list
Parameters:
site_id -- Filter by sitesearch -- RunZero query stringcount -- Results per pageoffset -- Pagination offsetExample response:
{
"services": [
{
"id": "svc-uuid-123",
"asset_id": "asset-uuid-456",
"port": 3389,
"transport": "tcp",
"protocol": "rdp",
"summary": "Microsoft Terminal Services",
"software": "Windows RDP 10.0",
"first_seen": "2026-01-15T10:00:00Z",
"last_seen": "2026-03-27T08:30:00Z"
}
]
}
runzero_services_get
Parameters:
service_id -- The specific service UUIDrunzero_services_export
Parameters:
search -- RunZero query to filter servicessite_id -- Filter by siteUse for bulk service data retrieval.
protocol:rdp AND alive:true
port:445 AND NOT address:10.0.0.0/8
protocol:ssh AND software:OpenSSH AND software:<8
protocol:telnet
port:443 AND tls.version:TLSv1.0
protocol:rdp OR protocol:telnet OR protocol:ftpprotocol:httpsprotocol:rdp OR protocol:smbCause: Invalid service UUID or service no longer detected Solution: Search by port/protocol on the asset instead
Cause: Broad queries returning thousands of services Solution: Add site or protocol filters; use the Export API