# Nmap

To fingerprint the hosts on example.com, you can use the `nmap` tool. Here's how you can do it:

1. Install `nmap`: If you don't have `nmap` installed, you can download and install it from the official website (<https://nmap.org/download.html>).
2. Run the following command:

```bash
sudo nmap -sV -O example.com
```

* The `-sV` option is used to determine the service and version information of the target hosts.
* The `-O` option is used to enable OS detection and fingerprinting.

3. Analyze the output: The output will show the IP addresses and hostnames of the targets, along with the detected open ports and the services running on them. You'll also see the OS fingerprint and version information.

<figure><img src="/files/NvFdAgQKKYOU0CMvLwUc" alt=""><figcaption><p>result of the nmap scan on example.com</p></figcaption></figure>

### Using nmap to scan a list of subdomains

You can use `nmap` in combination with the subdomains enumerated by `subfinder` to fingerprint the targets. Here's how you can do it:

1. Save the output of enumeration: Save the output of `subfinder` to a file. For example:

```bash
subfinder -d example.com > subdomains.txt
```

4. Run the following command:

```bash
nmap -sV -iL subdomains.txt
```

* The `-sV` option is used to determine the service and version information of the target hosts.
* The `-iL` option is used to specify a file containing a list of targets to scan.

### Running nmap with Default set of scripts

To run all the `nmap` scripts on the example.com domain, you can use the following command:

```bash
nmap -sC -sV example.com
```

* The `-sC` option is used to enable the default set of scripts for vulnerability detection and service fingerprinting.
* The `-sV` option is used to determine the service and version information of the target hosts.

### Detecting CVEs using nmap

To detect Common Vulnerabilities and Exposures (CVEs) on the example.com domain using `nmap`, you can use the following command:

```bash
nmap --script vuln example.com
```

* The `--script vuln` option is used to enable the `nmap` vulnerability detection scripts.

The output of the command will show the IP addresses and hostnames of the targets, along with the detected open ports and the services running on them. You'll also see the results of the `nmap` vulnerability detection scripts, including any CVEs or vulnerabilities that they detect.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://bugbounty-for-starters.humbertojunior.com.br/reconnaissance-phase/fingerprint/nmap.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.