id: erlang-daemon

info:
  name: Erlang Port Mapper Daemon
  author: pussycat0x,daffainfo
  severity: low
  description: |
    The erlang port mapper daemon is used to coordinate distributed erlang instances. His job is to keep track of which node name listens on which address. Hence, epmd map symbolic node names to machine addresses.
  reference:
    - https://nmap.org/nsedoc/scripts/epmd-info.html
    - https://book.hacktricks.xyz/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd
    - https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
  metadata:
    verified: true
    max-request: 1
    shodan-query: product:"Erlang Port Mapper Daemon"
  tags: demon,enum,erlang,epmd,network,misconfig,tcp
tcp:
  - inputs:
      - data: "\x00\x01\x6e"

    host:
      - "{{Hostname}}"
    port: 4369

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "HTTP/1.1"
        negative: true

      - type: word
        words:
          - "name"
          - "at port"
        condition: and

    extractors:
      - type: regex
        regex:
          - 'name (.*?) at port ([0-9]+)'
# digest: 4b0a00483046022100f94aa4a5746bd22235cbc0684ceb4233b9d6e9a13b4773aeff41aadf9e52e552022100b0e666dec59f22fb72b3be096ce1a731d313d4f59ec423305f134626a49ff696:922c64590222798bb761d5b6d8e72950