# WS-Discovery - Port 3702/UDP {% tabs %} {% tab title="Support VeryLazyTech 🎉" %} * Become VeryLazyTech [**member**](https://shop.verylazytech.com/product-category/membership/)**! 🎁** * **Follow** us on: * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.** * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.** * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.** * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.** * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.** * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.** * Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses. 📚 {% endtab %} {% endtabs %} ### **Basic info** **WS-Discovery** (Web Services Dynamic Discovery) is a UDP-based multicast discovery protocol used primarily in local networks for service advertisement and discovery.\ It is commonly implemented in: * Network printers * IP cameras * Media servers * IoT devices * Windows services WS-Discovery uses SOAP messages over UDP to allow clients to locate services automatically without manual configuration. When exposed to the internet or misconfigured, WS-Discovery can: * Leak internal network information. * Allow attackers to enumerate available devices and services. * Be abused for **DDoS amplification attacks**. *** ### **Key Details** * **Default Port:** `3702/udp` * **Protocol:** WS-Discovery (SOAP over UDP) * **Risk:** Device enumeration, sensitive information leakage, DDoS amplification. *** ### **Port Discovery** Check if the port is open/responding: ```bash nmap -sU -p 3702 PORT STATE SERVICE 3702/udp open ws-discovery ``` *** ### **Enumeration** #### **1. Nmap Script Scan** ```bash nmap -sU -p 3702 --script broadcast-ws-discovery ``` This will send WS-Discovery probe requests and list discovered devices on the network. *** #### **2. Manual WS-Discovery Probe** You can send a crafted SOAP `Probe` request using `netcat` or `socat`: ```bash echo -n \ ' uuid:$(uuidgen) urn:schemas-xmlsoap-org:ws:2005:04:discovery http://schemas.xmlsoap.org/ws/2005/04/discovery/Probe dn:NetworkVideoTransmitter ' \ | socat - UDP-DATAGRAM::3702 ``` If successful, the device will respond with details about its services and network location. *** {% hint style="success" %} Learn & practice [**For the Bug Bounty**](https://shop.verylazytech.com)
Support VeryLazyTech 🎉 * Become VeryLazyTech [**member**](https://shop.verylazytech.com/product-category/membership/)**! 🎁** * **Follow** us on: * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.** * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.** * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.** * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.** * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.** * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.** * Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses. 📚
{% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.verylazytech.com/ws-discovery-port-3702-udp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.