rpcmap.py

Connect to an MSRPC interface using a string binding (e.g., ncacn_ip_tcp:host[port])

$ rpcmap.py [stringbinding]

$ rpcmap.py -brute-uuids [stringbinding]

$ rpcmap.py -brute-opnums [stringbinding]

$ rpcmap.py -brute-versions [stringbinding]

$ rpcmap.py -target-ip [ip_address] [stringbinding]

$ rpcmap.py -auth-rpc [domain]/[username]:[password] [stringbinding]

$ rpcmap.py -hashes-rpc [LMHASH:NTHASH] [stringbinding]

$ rpcmap.py -debug [stringbinding]

rpcmap.py [-h] [-p port] host

-h
    Display help message and exit.

-p port
    Specify the port number to use for the connection. Defaults to 111 (rpcbind port).

host
    The hostname or IP address of the target system.

The `rpcmap.py` command is a Python script designed to query the portmapper (rpcbind) service on a specified host and display the registered RPC programs and their corresponding port numbers. It essentially replicates the functionality of `rpcinfo -p` but is written in Python. This script can be helpful for troubleshooting network issues, auditing security configurations, or simply gaining insight into the RPC services running on a system. It allows users to view information such as program number, version, protocol (tcp or udp), and the port number where a particular RPC service is listening. It's used to determine which RPC services are running on a host and how to connect to them.

This script requires Python and the ability to establish network connections to the target host on the RPCbind port (typically 111). Firewall rules or network configurations could prevent it from functioning correctly. Some systems might restrict access to the portmapper service for security reasons. Proper exception handling is necessary when interacting with remote hosts.

To query the RPC mappings on a host named 'server1', you would use:
`rpcmap.py server1`
To specify a non-standard port, use:
`rpcmap.py -p 1111 server2`

rpcinfo(1), nmap(1), rpcbind(8)