wsdiscovery_skill

This skill helps you discover and enumerate WS-Discovery devices like ONVIF cameras on your network, returning endpoints, device details, and service locations.
  • Python

520

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill brownfinesecurity/iothackbot --skill wsdiscovery

  • SKILL.md2.5 KB

Overview

This skill implements a WS-Discovery protocol scanner focused on discovering and enumerating ONVIF cameras and other WS-Discovery enabled IoT devices on a network. It locates devices that advertise via multicast, extracts identifying metadata, and can present results in human or machine-friendly formats. Use it to quickly inventory cameras, NVRs, and compatible network devices for assessment or follow-up testing.

How this skill works

The tool sends WS-Discovery probes (including multicast to 239.255.255.250) and listens for probe matches from devices that implement the protocol. It parses responses to extract IPs, ports, endpoint references (UUIDs), device types, manufacturer/model, firmware and serial data, service endpoints (XAddrs), and ONVIF scope metadata. Output can be plain text, verbose XML, or JSON for automation.

When to use it

  • You need to find ONVIF cameras or NVRs on a local network segment.
  • You want a quick inventory of WS-Discovery enabled IoT devices.
  • Preparing targets for targeted ONVIF or web UI testing.
  • Automating discovery and exporting results to tools that consume JSON.
  • Validating that devices are advertising correct metadata (model, firmware).

Best practices

  • Run against a single host or the multicast address (239.255.255.250) depending on scope.
  • Use verbose (-v) only when you need the raw XML responses for debugging.
  • Prefer JSON output (--format json) for downstream parsing or pipelines.
  • Combine XAddrs with ONVIF tooling for authentication and deeper enumeration.
  • Perform discovery from the same network segment as the target to avoid multicast filtering.

Example use cases

  • Discover all ONVIF cameras on a subnet via multicast to build an asset list.
  • Probe a specific IP to confirm device model, firmware, and management endpoints.
  • Export discovery results as JSON for integration with inventory or pentest frameworks.
  • Collect raw XML responses for troubleshooting device discovery or scope parsing.
  • Feed discovered XAddrs into onvif scanners to enumerate services and credentials.

FAQ

Yes — WS-Discovery uses multicast/broadcast, so discovery typically requires running from the same network segment or through network infrastructure that forwards multicast.

What output should I use for automation?

Use --format json for machine-readable output; it contains IPs, XAddrs, UUIDs, and metadata suitable for scripts and scanners.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational