Nmap
To fingerprint the hosts on example.com, you can use the nmap tool. Here's how you can do it:
Install
nmap: If you don't havenmapinstalled, you can download and install it from the official website (https://nmap.org/download.html).Run the following command:
sudo nmap -sV -O example.comThe
-sVoption is used to determine the service and version information of the target hosts.The
-Ooption is used to enable OS detection and fingerprinting.
Analyze the output: The output will show the IP addresses and hostnames of the targets, along with the detected open ports and the services running on them. You'll also see the OS fingerprint and version information.
Using nmap to scan a list of subdomains
You can use nmap in combination with the subdomains enumerated by subfinder to fingerprint the targets. Here's how you can do it:
Save the output of enumeration: Save the output of
subfinderto a file. For example:
subfinder -d example.com > subdomains.txtRun the following command:
nmap -sV -iL subdomains.txtThe
-sVoption is used to determine the service and version information of the target hosts.The
-iLoption is used to specify a file containing a list of targets to scan.
Running nmap with Default set of scripts
To run all the nmap scripts on the example.com domain, you can use the following command:
nmap -sC -sV example.comThe
-sCoption is used to enable the default set of scripts for vulnerability detection and service fingerprinting.The
-sVoption is used to determine the service and version information of the target hosts.
Detecting CVEs using nmap
To detect Common Vulnerabilities and Exposures (CVEs) on the example.com domain using nmap, you can use the following command:
nmap --script vuln example.comThe
--script vulnoption is used to enable thenmapvulnerability detection scripts.
The output of the command will show the IP addresses and hostnames of the targets, along with the detected open ports and the services running on them. You'll also see the results of the nmap vulnerability detection scripts, including any CVEs or vulnerabilities that they detect.
Last updated