This schema document describes the XML namespace, in a form suitable for import by other schema documents.
See http://www.w3.org/XML/1998/namespace.html and http://www.w3.org/TR/REC-xml for information about this namespace.
Note that local names in this namespace are intended to be defined only by the World Wide Web Consortium or its subgroups. The names currently defined in this namespace are listed below. They should not be used with conflicting semantics by any Working Group, specification, or document instance.
See further below in this document for more information about how to refer to this schema document from your own XSD schema documents and about the namespace-versioning policy governing this schema document.
denotes an attribute whose value is a language code for the natural language of the content of any element; its value is inherited. This name is reserved by virtue of its definition in the XML specification.
Attempting to install the relevant ISO 2- and 3-letter codes as the enumerated possible values is probably never going to be a realistic possibility.
See BCP 47 at http://www.rfc-editor.org/rfc/bcp/bcp47.txt and the IANA language subtag registry at http://www.iana.org/assignments/language-subtag-registry for further information.
The union allows for the 'un-declaration' of xml:lang with the empty string.
denotes an attribute whose value is a keyword indicating what whitespace processing discipline is intended for the content of the element; its value is inherited. This name is reserved by virtue of its definition in the XML specification.
denotes an attribute whose value provides a URI to be used as the base for interpreting any relative URIs in the scope of the element on which it appears; its value is inherited. This name is reserved by virtue of its definition in the XML Base specification.
See http://www.w3.org/TR/xmlbase/ for information about this attribute.
denotes an attribute whose value should be interpreted as if declared to be of type ID. This name is reserved by virtue of its definition in the xml:id specification.
See http://www.w3.org/TR/xml-id/ for information about this attribute.
denotes Jon Bosak, the chair of the original XML Working Group. This name is reserved by the following decision of the W3C XML Plenary and XML Coordination groups:
In appreciation for his vision, leadership and dedication the W3C XML Plenary on this 10th day of February, 2000, reserves for Jon Bosak in perpetuity the XML name "xml:Father".
git clone https://github.com/ianling/wsdpy
cd wsdpy
python3 wsdump.py 10.10.10.5
This sends a Probe message and lists all advertised devices, their types, scopes, and metadata addresses.
Example output:
Device: http://10.10.10.5:5357/wsd/3f8c2a1b-...
Type: Printer
Friendly Name: HP LaserJet M402dw
Metadata URL: http://10.10.10.5:5357/wsd/3f8c2a1b/metadata
If the WSD endpoint belongs to a print device, the host might be vulnerable to the PrintNightmare chain:
# Using wsd-client tools (if installed)
wsdd – discover
According to HackTricks, a website known for providing detailed guides on penetration testing and cybersecurity:
Detection and Mitigation:
Understanding the use and potential vulnerabilities of port 5357 and related protocols like SSDP and UPnP can significantly improve network security. Utilizing resources like HackTricks can enhance your knowledge of cybersecurity concepts, from basic to advanced levels.
Port 5357 is typically associated with the Web Services for Devices API (WSDAPI), a Microsoft implementation of the WS-Discovery protocol. It allows devices like printers and scanners to be automatically discovered on a local network.
While HackTricks does not currently have a dedicated page for Port 5357, the port is an extension of standard Windows network discovery services. Here is the technical breakdown for security assessment and enumeration. Port 5357 Service Details Protocol: TCP Service: Web Services for Devices (WSD) / wsdapi port 5357 hacktricks
Process: Often identified as mshttpapi or part of the Windows HTTP Server Stack.
Function: It provides an HTTP-based discovery mechanism. When accessed via a browser, it may return a "404 Not Found" or a simple status message if the service is active but not configured to serve a root page. Enumeration & Pentesting Approach
If you encounter Port 5357 during a scan, you can use these methods to gather more information:
Banner Grabbing & Nmap Scanning:Identify the specific version of the HTTP server running on the port. nmap -sV -p 5357 Use code with caution. Copied to clipboard
Information Leakage Check:Port 5357 has been noted as a potential source for information leaks. Use tools like curl to check for XML responses that might reveal device names, manufacturer details, or network configurations. curl -v http:// Use code with caution. Copied to clipboard
Cross-Referencing WS-Discovery (UDP 3702):Since 5357 is the HTTP unicast part of WSD, it is often paired with UDP port 3702, which handles multicast discovery. Pentesting the UDP discovery service can often provide more detailed device information than the TCP port alone. Vulnerability Context
System Identification: If this port is open, it strongly indicates the target is a Windows-based system (Vista or later) with network discovery enabled. git clone https://github
Attack Surface: While there are no widespread "one-click" exploits for Port 5357 itself, it increases the target's attack surface by confirming the operating system and potentially leaking internal metadata about connected hardware.
Remediation: If network discovery is not required, this service can be disabled by turning off "Network Discovery" in the Windows Sharing settings or blocking the port via Windows Defender Firewall. How to block TCP port 445 in Windows - ManageEngine
Step 1: Open the Control Panel Step 2: Click on Windows Firewall/ Windows Defender firewall Step 3: Navigate to advanced settings. ManageEngine Penetration Testing: Re: Port 5357 -- Vista SP1 ???
Port 5357 is typically used for the Microsoft Web Services for Management (WS-Management) service, often associated with the Web Services Dynamic Discovery (WS-Discovery) protocol.
On HackTricks, this port is categorized under 5357 - Pentesting WS-Discovery. Key Takeaways for Port 5357 Service: Microsoft HTTPAPI httpd 2.0 (SSDP/WS-Discovery).
Function: It is part of the Windows communication framework that allows devices to find each other on a local network using web services. Enumeration:
You can often interact with this port via a web browser or curl to see if it returns an XML response, though it frequently returns a 404 Not Found or 400 Bad Request if no specific endpoint is targeted. This sends a Probe message and lists all
Nmap scans using -sV will usually identify it as http with the service Microsoft HTTPAPI httpd 2.0. Pentesting Focus:
Information Leakage: Sometimes the service can leak the internal hostname or Windows version through the HTTP headers or XML responses.
SSRF/Relay: While less common than port 80 or 443, if the service is misconfigured, it might be leveraged in NTLM relay attacks or for internal network scanning. Common Nmap Command nmap -sV -p 5357 Use code with caution. Copied to clipboard
For more detailed exploitation paths and scripts, you can refer to the official HackTricks WS-Discovery page.
HackTricks often notes that port 5357 may be:
The metadata URL is XML that contains actions (operations) the device supports.
curl http://10.10.10.5:5357/wsd/3f8c2a1b/metadata
Look for <wsdp:Get> – this allows you to request internal device info.
Port 5357 is used by the Web Services for Devices (WSD) API — a Microsoft implementation that allows networked devices (printers, scanners, cameras, IoT appliances) and Windows hosts to discover and communicate with each other over HTTP-like endpoints. Because WSD exposes device management and discovery functionality, misconfigured or exposed WSD endpoints can reveal device information, let administrators or services be manipulated remotely, or provide an entry point for lateral movement.
In keeping with the XML Schema WG's standard versioning policy, this schema document will persist at http://www.w3.org/2009/01/xml.xsd.
At the date of issue it can also be found at http://www.w3.org/2001/xml.xsd.
The schema document at that URI may however change in the future, in order to remain compatible with the latest version of XML Schema itself, or with the XML namespace itself. In other words, if the XML Schema or XML namespaces change, the version of this document at http://www.w3.org/2001/xml.xsd will change accordingly; the version at http://www.w3.org/2009/01/xml.xsd will not change.
Previous dated (and unchanging) versions of this schema document are at: