From 976dde4a7ff53fa404b5ae755fd601bf47147b0d Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 5 Dec 2022 13:12:28 +0530
Subject: [PATCH 1/2] Create rpcbind-portmapper-detect.yaml

---
 .../detection/rpcbind-portmapper-detect.yaml  | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 network/detection/rpcbind-portmapper-detect.yaml

diff --git a/network/detection/rpcbind-portmapper-detect.yaml b/network/detection/rpcbind-portmapper-detect.yaml
new file mode 100644
index 0000000000..a8a6be522e
--- /dev/null
+++ b/network/detection/rpcbind-portmapper-detect.yaml
@@ -0,0 +1,22 @@
+id: rpcbind-portmapper-detect
+
+info:
+  name: RPCBind Portmapper Detection
+  author: geeknik
+  severity: info
+  reference: https://book.hacktricks.xyz/pentesting/pentesting-rpcbind
+  tags: network,rpcbind,portmap
+
+network:
+  - inputs:
+      - data: 8000002836ed646d0000000000000002000186a0000000040000000400000000000000000000000000000000
+        type: hex
+
+    host:
+      - "{{Hostname}}"
+      - "{{Host}}:111"
+
+    matchers:
+      - type: word
+        words:
+          - "/run/rpcbind.sock"

From cab75b415ad51d980a076a0e588b03cbc7994073 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Fri, 9 Dec 2022 10:06:04 +0530
Subject: [PATCH 2/2] Update rpcbind-portmapper-detect.yaml

---
 network/detection/rpcbind-portmapper-detect.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/network/detection/rpcbind-portmapper-detect.yaml b/network/detection/rpcbind-portmapper-detect.yaml
index a8a6be522e..5605cd01ee 100644
--- a/network/detection/rpcbind-portmapper-detect.yaml
+++ b/network/detection/rpcbind-portmapper-detect.yaml
@@ -5,6 +5,9 @@ info:
   author: geeknik
   severity: info
   reference: https://book.hacktricks.xyz/pentesting/pentesting-rpcbind
+  metadata:
+    verified: true
+    shodan-query: port:"111"
   tags: network,rpcbind,portmap
 
 network: