9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Retrieves and displays information from devices supporting the Web Services Dynamic Discovery (WS-Discovery) protocol. It also attempts to locate any published Windows Communication Framework (WCF) web services (.NET 4.0 or later).
See the documentation for the target library.
sudo ./nmap --script wsdd-discover
PORT STATE SERVICE
3702/udp open|filtered unknown
| wsdd-discover:
| Devices
| Message id: 39a2b7f2-fdbd-690c-c7c9-deadbeefceb3
| Address: http://10.0.200.116:50000
|_ Type: Device wprt:PrintDeviceType
local coroutine = require "coroutine"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
local wsdd = require "wsdd"
description = [[
Retrieves and displays information from devices supporting the Web
Services Dynamic Discovery (WS-Discovery) protocol. It also attempts
to locate any published Windows Communication Framework (WCF) web
services (.NET 4.0 or later).
]]
---
-- @usage
-- sudo ./nmap --script wsdd-discover
--
-- @output
-- PORT STATE SERVICE
-- 3702/udp open|filtered unknown
-- | wsdd-discover:
-- | Devices
-- | Message id: 39a2b7f2-fdbd-690c-c7c9-deadbeefceb3
-- | Address: http://10.0.200.116:50000
-- |_ Type: Device wprt:PrintDeviceType
--
--
--
-- Version 0.1
-- Created 10/31/2010 - v0.1 - created by Patrik Karlsson <[email protected]>
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"safe", "discovery", "default"}
portrule = shortport.portnumber(3702, "udp", {"open", "open|filtered"})
-- function used for running several discovery threads in parallel
--
-- @param funcname string containing the name of the function to run
-- the name should be one of the discovery functions in wsdd.Helper
-- @param result table into which the results are stored
discoverThread = function( funcname, host, port, results )
-- calculates a timeout based on the timing template (default: 5s)
local timeout = ( 20000 / ( nmap.timing_level() + 1 ) )
local condvar = nmap.condvar( results )
local helper = wsdd.Helper:new(host, port)
helper:setTimeout(timeout)
local status, result = helper[funcname](helper)
if ( status ) then table.insert(results, result) end
condvar("broadcast")
end
local function sortfunc(a,b)
if ( a and b and a.name and b.name ) and ( a.name < b.name ) then
return true
end
return false
end
action = function(host, port)
local threads, results = {}, {}
local condvar = nmap.condvar( results )
-- Attempt to discover both devices and WCF web services
for _, f in ipairs( {"discoverDevices", "discoverWCFServices"} ) do
threads[stdnse.new_thread( discoverThread, f, host, port, results )] = true
end
local done
-- wait for all threads to finish
while( not(done) ) do
done = true
for thread in pairs(threads) do
if (coroutine.status(thread) ~= "dead") then done = false end
end
if ( not(done) ) then
condvar("wait")
end
end
if ( results ) then
table.sort( results, sortfunc )
return stdnse.format_output(true, results)
end
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%