printer-config.py from Impacket suite or a custom SOAP XML request.
The wsd-discover.nse script mimics a WSD probe and lists all available services on the target. hacktricks 5357
When you see port 5357 open, you are looking at an HTTP endpoint hosting a SOAP-based web service that describes the device or printer capabilities. This is why a simple curl might return an XML response. printer-config
The hacktricks 5357 keyword bridges two worlds: the comprehensive, community-driven knowledge base of HackTricks and the specific attack surface of Windows WSD services. While port 5357 does not offer a guaranteed "push-button" remote code execution (unless combined with other flaws), it is a powerful reconnaissance and relay vector. hacktricks 5357