Example Queries

Real-world examples of how to use FullHunt Agentic AI for security operations.

Getting Started

Basic Information

"What's my current IP address?"

Returns your public IP address - useful for verifying VPN connections or checking your network configuration.

Domain & Subdomain Discovery

Simple Domain Lookup

"Get domain details for example.com"

Returns comprehensive domain information including DNS records, hosting details, and metadata.

Subdomain Enumeration

"Find all subdomains of example.com"

Discovers and lists all known subdomains for the target domain.

Multi-Step Domain Analysis

"Analyze security.example.com:
Get the domain details
List all subdomains
Check each subdomain for exposed services"

The AI autonomously performs each step and provides a comprehensive report.

Host & Service Analysis

Basic Host Lookup

"Get host information for api.example.com"

Returns detailed host information including:

Open ports and services
Technology stack
SSL certificates
Security headers

Technology Stack Identification

"What technologies is www.example.com running?"

Identifies web servers, frameworks, CMS platforms, and other technologies.

Multi-Host Analysis

"Compare the technology stacks of:
- api.example.com
- www.example.com
- admin.example.com"

Analyzes multiple hosts and provides comparative insights.

Attack Surface Reconnaissance

Basic Attack Surface Scan

"Scan example.com for exposed services"

Triggers an attack surface scan and returns discovered assets.

Comprehensive Reconnaissance

"Investigate the complete attack surface of acme.com including:
- All subdomains and their services
- Technology fingerprints
- SSL/TLS configuration
- Security headers
- Exposed admin panels"

Performs multi-step reconnaissance and aggregates findings.

Identify Exposed Admin Panels

"Find exposed admin panels on example.com"

Searches for common admin paths and interfaces across all discovered hosts.

Find Development/Staging Environments

"Find development and staging environments for example.com"

Identifies non-production environments that may be less secure.

Vulnerability Research

Search by CVE

"Find information about CVE-2024-1234"

Returns comprehensive vulnerability details including:

CVSS scores
EPSS probability
CISA KEV status
Affected products
Remediation guidance

Find Exploits

"Find exploits for CVE-2024-1234"

Searches for public exploits and PoCs for the specified CVE.

Product Vulnerability Search

"What vulnerabilities affect Apache HTTP Server version 2.4.49?"

Lists all known vulnerabilities for specific product versions.

Vulnerability Impact Assessment

"Search for CVE-2024-1234 and:
Get CVSS and EPSS scores
Check if it's in CISA KEV
Find available exploits
Check if any of our assets are affected"

Comprehensive vulnerability triage workflow.

Threat Intelligence

IP Reputation Check

"Is IP 1.2.3.4 malicious?"

Checks IP reputation, geolocation, and threat indicators.

Tor Detection

"Is 1.2.3.4 a Tor exit node?"

Identifies if an IP belongs to the Tor network.

Reverse DNS Lookup

"What domains point to IP 1.2.3.4?"

Finds all hosts resolved to a specific IP address.

Passive DNS Research

"Get passive DNS history for example.com"

Returns historical DNS resolution data.

Comprehensive Threat Profile

"Build a threat profile for IP 1.2.3.4:
Check reputation score
Verify if it's a Tor node
Find all associated domains
Get passive DNS history
Check geolocation and ASN"

Complete threat intelligence investigation.

Data Intelligence Queries

Find Hosts by Technology

"Find hosts running nginx version 1.18"

Searches the intelligence database for specific technologies.

Search by Service Tag

"Find all hosts with exposed MySQL"

Locates hosts with specific service tags.

Product-Based Search

"Find all installations of Citrix NetScaler"

Identifies hosts running specific products.

ASN-Based Discovery

"Find all hosts in ASN 15169"

Lists hosts within a specific Autonomous System.

IP Range Analysis

"Find all hosts between 192.168.1.1 and 192.168.1.255"

Discovers hosts in a specific IP range.

Organization Research

Company Search

"Find organizations matching 'Apple Inc'"

Searches organizations database by name.

Domain-Based Org Search

"Find the organization that owns example.com"

Identifies organizations by their domains.

Domain Collection

"Get all domains owned by Microsoft"

Returns comprehensive domain portfolio for a company.

Enterprise Workflows

Enterprise-specific queries require an Enterprise account.

Organization Monitoring

"Show all assets for my organization"

Lists complete asset inventory.

Security Alerts

"Show critical security alerts from the last 7 days"

Retrieves recent high-priority alerts.

Vulnerability Management

"List all critical vulnerabilities affecting our assets"

Provides prioritized vulnerability list.

Entity Management

"Show all assets in the 'Production' entity"

Lists assets grouped by custom entities.

Certificate Monitoring

"Find SSL certificates expiring in the next 30 days"

Identifies certificates requiring renewal.

Dark Web Monitoring

Enterprise-specific dark web queries.

Credential Breach Search

"Search for compromised credentials for @example.com"

Finds leaked credentials in dark web databases.

Email Discovery

"Find discovered emails for example.com on the dark web"

Lists email addresses found in breaches.

Phishing Detection

"Find potential phishing domains targeting example.com"

Identifies lookalike domains used for phishing.

Typosquatting Detection

"Detect typosquatting domains for example.com"

Finds domains using typosquatting techniques.

Comprehensive Brand Protection

"Investigate dark web threats to acme.com:
Find compromised credentials
Identify phishing domains
Detect typosquatting attempts
Search for brand mentions in forums"

Complete brand protection workflow.

Advanced Multi-Step Investigations

Complete Security Assessment

"Perform a complete security assessment of acme.com:
Discover all subdomains and services
Identify technology stack and versions
Search for known vulnerabilities
Check for exposed admin panels
Analyze SSL/TLS configuration
Search dark web for compromised credentials
Identify phishing and typosquatting domains
Generate executive summary with risk scores"

Comprehensive enterprise-grade security assessment.

Competitor Analysis

"Analyze competitor.com's attack surface:
Map their entire subdomain infrastructure
Identify technologies and products used
Find exposed services and APIs
Note security misconfigurations
Compare with our security posture"

Competitive intelligence gathering.

Incident Investigation

"Investigate security incident for suspicious IP 1.2.3.4:
Check IP reputation and geolocation
Verify if it's a Tor node or VPN
Find all domains hosted on this IP
Check passive DNS history
Search for related threat intelligence
Identify any connections to our infrastructure"

Incident response workflow.

Supply Chain Assessment

"Assess third-party vendor security.vendor.com:
Enumerate their attack surface
Identify exposed services and APIs
Check for known vulnerabilities
Search for data breaches
Evaluate security posture
Generate vendor risk report"

Third-party risk assessment.

Automation & Integration Examples

Scheduled Monitoring

"Monitor example.com for changes:
- New subdomains
- New services
- SSL certificate changes
- New vulnerabilities"

Sets up continuous monitoring queries.

Alert Workflows

"Alert me when:
- New critical vulnerabilities are found
- SSL certificates are expiring soon
- New subdomains are discovered
- Compromised credentials appear on dark web"

Configures automated alerting.

Tips for Effective Queries

Be Specific

❌ Poor: "Check example.com" ✅ Good: "Scan example.com for exposed admin panels and check for known vulnerabilities"

Use Multi-Step Workflows

❌ Poor: Multiple separate queries ✅ Good: "Investigate example.com: 1. Find subdomains, 2. Check technologies, 3. Search vulnerabilities"

Provide Context

❌ Poor: "Is this bad?" ✅ Good: "Is IP 1.2.3.4 malicious? Check reputation and Tor status"

Request Actionable Output

❌ Poor: "Show vulnerabilities" ✅ Good: "List critical vulnerabilities with remediation steps prioritized by EPSS score"

Next Steps

Review Tools Reference for complete tool documentation
Check Best Practices for optimization tips
See Integration Guide for setup instructions

Have a specific use case? Contact support at team@fullhunt.io for custom workflow guidance.

Getting Started​

Basic Information​

Domain & Subdomain Discovery​

Simple Domain Lookup​

Subdomain Enumeration​

Multi-Step Domain Analysis​

Host & Service Analysis​

Basic Host Lookup​

Technology Stack Identification​

Multi-Host Analysis​

Attack Surface Reconnaissance​

Basic Attack Surface Scan​

Comprehensive Reconnaissance​

Identify Exposed Admin Panels​

Find Development/Staging Environments​

Vulnerability Research​

Search by CVE​

Find Exploits​

Product Vulnerability Search​

Vulnerability Impact Assessment​

Threat Intelligence​

IP Reputation Check​

Tor Detection​

Reverse DNS Lookup​

Passive DNS Research​

Comprehensive Threat Profile​

Data Intelligence Queries​

Find Hosts by Technology​

Search by Service Tag​

Product-Based Search​

ASN-Based Discovery​

IP Range Analysis​

Organization Research​

Company Search​

Domain-Based Org Search​

Domain Collection​

Enterprise Workflows​

Organization Monitoring​

Security Alerts​

Vulnerability Management​

Entity Management​

Certificate Monitoring​

Dark Web Monitoring​

Credential Breach Search​

Email Discovery​

Phishing Detection​

Typosquatting Detection​

Comprehensive Brand Protection​

Advanced Multi-Step Investigations​

Complete Security Assessment​

Competitor Analysis​

Incident Investigation​

Supply Chain Assessment​

Automation & Integration Examples​

Scheduled Monitoring​

Alert Workflows​

Tips for Effective Queries​

Be Specific​

Use Multi-Step Workflows​

Provide Context​

Request Actionable Output​

Next Steps​