[Sprint 6] Extend Assets API with Services Module

[talltechy]

Overview

Extend the existing Assets API module with comprehensive service enumeration capabilities for detailed service, web application, and database discovery on assets.

Scope

• Detailed service enumeration methods
• Web application discovery on services
• Service configuration retrieval
• Database enumeration on services
• User account discovery
• Helper methods for common workflows
• Comprehensive docstrings with type hints
• Error handling
• Unit tests (when test framework ready)

API Endpoints (to add to existing Assets API)

• GET /api/3/assets/{id}/services - Get all services on asset
• GET /api/3/assets/{id}/services/{protocol}/{port} - Get specific service
• GET /api/3/assets/{id}/services/{protocol}/{port}/configurations - Get service config
• GET /api/3/assets/{id}/services/{protocol}/{port}/databases - Get databases
• GET /api/3/assets/{id}/services/{protocol}/{port}/web_applications - Get web apps
• GET /api/3/assets/{id}/services/{protocol}/{port}/user_groups - Get user groups
• GET /api/3/assets/{id}/users - Get enumerated users

Implementation Checklist

• Extend src/rapid7/api/assets.py with service methods
• Add service-specific helper methods
• Update documentation in docs/ASSETS_API.md
• Add service examples to documentation
• Update Memory Bank (activeContext.md, progress.md)
• Create feature branch: feature/issue-{number}-asset-services-extension

Key Features

• Service Details: Protocol, port, product, version, fingerprint
• Web Applications: Virtual hosts, paths, response codes
• Databases: Database names, instances, versions
• Configurations: Service-specific configuration properties
• User Enumeration: Local accounts, groups discovered
• Helper Methods: get_http_services(), get_databases(), find_service_by_name()

Common Service Types

• HTTP/HTTPS web servers
• SSH remote access
• Database servers (MySQL, PostgreSQL, Oracle, SQL Server)
• File sharing (SMB, NFS, FTP)
• Directory services (LDAP, Active Directory)
• Email servers (SMTP, IMAP, POP3)

Estimated Size

~250-300 lines of code (addition to existing assets.py)

Definition of Done

• Service methods added to existing AssetAPI class
• All endpoints implemented and tested
• Documentation updated with service examples
• Memory Bank updated
• PR created and ready for review

Note

This extends the existing Assets API rather than creating a new module, as services are inherently tied to assets.

References

• Context7 API Documentation: /riza/rapid7-insightvm-api-docs
• Existing Module: src/rapid7/api/assets.py
• BaseAPI Pattern: src/rapid7/api/base.py