id: erlang-daemon

info:
  name: Erlang Port Mapper Daemon
  author: pussycat0x
  severity: low
  description: |
    The erlang port mapper daemon is used to coordinate distributed erlang instances. His job is to keep track of which node name listens on which address. Hence, epmd map symbolic node names to machine addresses.
  reference:
    - https://nmap.org/nsedoc/scripts/epmd-info.html
    - https://book.hacktricks.xyz/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd
    - https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
  metadata:
    max-request: 1
    shodan-query: product:"Erlang Port Mapper Daemon"
    verified: true
  tags: demon,enum,erlang,epmd

tcp:
  - inputs:
      - data: "\x00\x01\x6e"

    host:
      - "{{Hostname}}"
    port: 4369

    extractors:
      - type: dsl
        name: default-instances
        dsl:
          - trim(raw, '[ ]')
# digest: 4a0a004730450220355188af0f9857f623bc4acc4a4be1bf35256e1aada20409924789891020dc19022100f4de4851b2259ca96fef0a174af79c129a8fc270ee9a965b22422c0d1d0e6d3b:922c64590222798bb761d5b6d8e72950