Stats
Actions
Tags
From runzero
Lists and filters RunZero-discovered services by port or protocol, identifies vulnerabilities, and audits exposed services across sites.
How this skill is triggered — by the user, by Claude, or both
Slash command
/runzero:servicesThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
RunZero discovers services running on every asset -- open ports, protocols, software versions, and TLS configurations. Service data is critical for vulnerability assessment, compliance auditing, and attack surface management. This skill covers listing, filtering, and analyzing discovered services.
RunZero discovers services running on every asset -- open ports, protocols, software versions, and TLS configurations. Service data is critical for vulnerability assessment, compliance auditing, and attack surface management. This skill covers listing, filtering, and analyzing discovered services.
Each discovered service includes:
| Attribute | Description |
|---|---|
port | TCP/UDP port number |
protocol | Application protocol (HTTP, SSH, RDP, etc.) |
transport | Transport layer (TCP, UDP) |
summary | Service banner or description |
software | Detected software and version |
tls | TLS/SSL configuration details |
asset_id | The asset this service runs on |
first_seen | When the service was first discovered |
last_seen | When the service was last observed |
| Protocol | Default Port | Risk Considerations |
|---|---|---|
ssh | 22 | Check for weak ciphers, old versions |
rdp | 3389 | High-risk if exposed externally |
http | 80 | Check for unencrypted admin panels |
https | 443 | Verify TLS version and certificate |
smb | 445 | Ransomware vector if exposed |
snmp | 161 | Check for default community strings |
telnet | 23 | Unencrypted; should be disabled |
ftp | 21 | Unencrypted; check for anonymous access |
RunZero flags services with security concerns:
runzero_services_list
Parameters:
site_id -- Filter by sitesearch -- RunZero query stringcount -- Results per pageoffset -- Pagination offsetExample response:
{
"services": [
{
"id": "svc-uuid-123",
"asset_id": "asset-uuid-456",
"port": 3389,
"transport": "tcp",
"protocol": "rdp",
"summary": "Microsoft Terminal Services",
"software": "Windows RDP 10.0",
"first_seen": "2026-01-15T10:00:00Z",
"last_seen": "2026-03-27T08:30:00Z"
}
]
}
runzero_services_get
Parameters:
service_id -- The specific service UUIDrunzero_services_export
Parameters:
search -- RunZero query to filter servicessite_id -- Filter by siteUse for bulk service data retrieval.
protocol:rdp AND alive:true
port:445 AND NOT address:10.0.0.0/8
protocol:ssh AND software:OpenSSH AND software:<8
protocol:telnet
port:443 AND tls.version:TLSv1.0
protocol:rdp OR protocol:telnet OR protocol:ftpprotocol:httpsprotocol:rdp OR protocol:smbCause: Invalid service UUID or service no longer detected Solution: Search by port/protocol on the asset instead
Cause: Broad queries returning thousands of services Solution: Add site or protocol filters; use the Export API
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin runzeroProvides methodologies for Shodan-based reconnaissance during penetration testing: search filters, CLI, API, host scanning, and vulnerability discovery.
Searches and browses RunZero asset inventory, inspects attributes like OS fingerprinting, hardware details, network interfaces, and classifications.
Maps internet-facing assets ranked by risk, exposed ports/services, and attacker's-eye view of the environment.