- Home
- Skills
- Brownfinesecurity
- Iothackbot
- Wsdiscovery
wsdiscovery_skill
- Python
520
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill brownfinesecurity/iothackbot --skill wsdiscovery- SKILL.md2.5 KB
Overview
This skill implements a WS-Discovery protocol scanner focused on discovering and enumerating ONVIF cameras and other WS-Discovery enabled IoT devices on a network. It locates devices that advertise via multicast, extracts identifying metadata, and can present results in human or machine-friendly formats. Use it to quickly inventory cameras, NVRs, and compatible network devices for assessment or follow-up testing.
How this skill works
The tool sends WS-Discovery probes (including multicast to 239.255.255.250) and listens for probe matches from devices that implement the protocol. It parses responses to extract IPs, ports, endpoint references (UUIDs), device types, manufacturer/model, firmware and serial data, service endpoints (XAddrs), and ONVIF scope metadata. Output can be plain text, verbose XML, or JSON for automation.
When to use it
- You need to find ONVIF cameras or NVRs on a local network segment.
- You want a quick inventory of WS-Discovery enabled IoT devices.
- Preparing targets for targeted ONVIF or web UI testing.
- Automating discovery and exporting results to tools that consume JSON.
- Validating that devices are advertising correct metadata (model, firmware).
Best practices
- Run against a single host or the multicast address (239.255.255.250) depending on scope.
- Use verbose (-v) only when you need the raw XML responses for debugging.
- Prefer JSON output (--format json) for downstream parsing or pipelines.
- Combine XAddrs with ONVIF tooling for authentication and deeper enumeration.
- Perform discovery from the same network segment as the target to avoid multicast filtering.
Example use cases
- Discover all ONVIF cameras on a subnet via multicast to build an asset list.
- Probe a specific IP to confirm device model, firmware, and management endpoints.
- Export discovery results as JSON for integration with inventory or pentest frameworks.
- Collect raw XML responses for troubleshooting device discovery or scope parsing.
- Feed discovered XAddrs into onvif scanners to enumerate services and credentials.
FAQ
Yes — WS-Discovery uses multicast/broadcast, so discovery typically requires running from the same network segment or through network infrastructure that forwards multicast.
What output should I use for automation?
Use --format json for machine-readable output; it contains IPs, XAddrs, UUIDs, and metadata suitable for scripts and scanners.