id: erlang-daemon

info:
  name: Erlang Port Mapper Daemon
  author: pussycat0x
  severity: low
  description: |
    The erlang port mapper daemon is used to coordinate distributed erlang instances. His job is to keep track of which node name listens on which address. Hence, epmd map symbolic node names to machine addresses.
  reference:
    - https://nmap.org/nsedoc/scripts/epmd-info.html
    - https://book.hacktricks.xyz/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd
    - https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
  metadata:
    verified: true
    max-request: 1
    shodan-query: product:"Erlang Port Mapper Daemon"
  tags: demon,enum,erlang,epmd,network,misconfig,tcp
tcp:
  - inputs:
      - data: "\x00\x01\x6e"

    host:
      - "{{Hostname}}"
    port: 4369

    matchers:
      - type: word
        words:
          - "HTTP/1.1"
        negative: true

    extractors:
      - type: dsl
        name: default-instances
        dsl:
          - trim(raw, '[ ]')
# digest: 4a0a00473045022100cd83b7db7a738badc1ee1068f3a27f5e39a1eafbc3fd6c11c58bc700109e3f2a022071036860511978e2b00c92aa9a2b0194d89a829466b94273f7824ddf95aca5af:922c64590222798bb761d5b6d8e72950