diff --git a/network/detection/rpcbind-portmapper-detect.yaml b/network/detection/rpcbind-portmapper-detect.yaml
new file mode 100644
index 0000000000..5605cd01ee
--- /dev/null
+++ b/network/detection/rpcbind-portmapper-detect.yaml
@@ -0,0 +1,25 @@
+id: rpcbind-portmapper-detect
+
+info:
+  name: RPCBind Portmapper Detection
+  author: geeknik
+  severity: info
+  reference: https://book.hacktricks.xyz/pentesting/pentesting-rpcbind
+  metadata:
+    verified: true
+    shodan-query: port:"111"
+  tags: network,rpcbind,portmap
+
+network:
+  - inputs:
+      - data: 8000002836ed646d0000000000000002000186a0000000040000000400000000000000000000000000000000
+        type: hex
+
+    host:
+      - "{{Hostname}}"
+      - "{{Host}}:111"
+
+    matchers:
+      - type: word
+        words:
+          - "/run/rpcbind.sock"