Tools Reference

Complete reference for all 40+ tools available through FullHunt Agentic AI.

Tool Categories

• Public APIs
• Domain Intelligence
• Host Intelligence
• Attack Surface Management
• Organizations Database
• Vulnerability Intelligence
• Data Intelligence
• Global Search
• Enterprise APIs
• Nexus Intelligence
• OEM APIs

---

Public APIs

get_my_ip

Get your current IP address.

Usage:

"What's my current IP address?"

Returns: Your current public IP address

---

Domain Intelligence

fullhunt_domain_details

Get detailed information about a domain including DNS records, hosting details, and metadata.

Parameters:

• domain (string): Domain name (e.g., example.com)

Usage:

"Get domain details for example.com"
"Show me information about google.com"

Returns: Domain details including:

• DNS records
• Hosting information
• Registration data
• Associated metadata

fullhunt_domain_subdomains

List all discovered subdomains for a domain.

Parameters:

• domain (string): Domain name (e.g., example.com)

Usage:

"Find all subdomains of example.com"
"List subdomains for github.com"

Returns: Array of discovered subdomains with details

nexus_domain_collection_lookup

Look up domain collection information by domain.

Parameters:

• domain (string): Domain to lookup

Usage:

"Get domain collection for example.com"

Returns: Domain collection metadata and related domains

nexus_domain_collection_company_lookup

Look up domain collection by company name.

Parameters:

• company (string): Company name to search for

Usage:

"Find domains owned by Apple Inc"
"Get domain collection for Microsoft"

Returns: Domains associated with the company

---

Host Intelligence

fullhunt_host

Get detailed information about a specific host including services, ports, and technology stack.

Parameters:

• host (string): Hostname or IP address

Usage:

"Get host information for api.example.com"
"Look up 8.8.8.8"

Returns: Host details including:

• Open ports and services
• Technology stack
• SSL/TLS certificates
• Security headers
• Hosting information

intel_host

Get host details from FullHunt intelligence database.

Parameters:

• host (string): The hostname to search for

Usage:

"Search intelligence database for mail.example.com"

Returns: Intelligence data for the host

nexus_ip_lookup

Perform comprehensive IP lookup for threat intelligence.

Parameters:

• ip (string): IP address or hostname

Usage:

"Look up IP 1.2.3.4"
"Get threat intelligence for 192.168.1.1"

Returns: IP intelligence including:

• Geolocation
• ASN information
• Reputation score
• Threat indicators
• Historical data

---

Attack Surface Management

fullhunt_scan

Trigger an attack surface scan for a domain, IP, or CIDR range.

Parameters:

• target (string): Domain, IP address, or CIDR range

Usage:

"Scan example.com"
"Trigger attack surface scan for 192.168.1.0/24"

Returns: Scan results with discovered assets and services

enterprise_on_demand_scans

Trigger enterprise on-demand scan with enhanced features.

Parameters:

• target (string): The target to scan (domain, IP, or hostname)

Usage:

"Run enterprise scan on acme.com"

Returns: Comprehensive scan results Availability: Enterprise accounts only

---

Organizations Database

search_organizations

Search for organizations by domain or company name.

Parameters:

• query (string): Organization name or domain (3-100 characters)

Usage:

"Find organizations matching 'Apple'"
"Search for organizations with domain example.com"

Returns: List of matching organizations with metadata

---

Vulnerability Intelligence

search_vulnerabilities

Search for vulnerabilities by CVE ID, description, vendor, or product.

Parameters:

• query (string): CVE ID, description, or vendor/product (3-50 characters)

Usage:

"Search for CVE-2024-1234"
"Find vulnerabilities in Apache HTTP Server"
"Look up vulnerabilities affecting nginx"

Returns: Vulnerability details including:

• CVE information
• CVSS scores
• EPSS probability
• CISA KEV status
• Affected products
• Remediation guidance

search_exploits

Search for exploits by CVE ID, title, or description.

Parameters:

• query (string): CVE ID, title, description, type, or platform (3-100 characters)

Usage:

"Find exploits for CVE-2024-1234"
"Search for remote code execution exploits"
"Look up exploits for Windows"

Returns: Exploit information including:

• Exploit code/PoC
• Exploit type
• Platform
• Reliability
• Related CVEs

---

Data Intelligence

intel_tag

Get hosts with a specific service tag.

Parameters:

• tag (string): The tag to search for (e.g., "ssh", "http")

Usage:

"Find hosts with SSH exposed"
"Get all hosts tagged with 'mysql'"

Returns: Hosts matching the tag

intel_web_tech

Get hosts running a specific web technology.

Parameters:

• tech (string): Web technology (e.g., "HTTP/3", "nginx")

Usage:

"Find hosts running nginx"
"Get all hosts using HTTP/3"

Returns: Hosts running the specified technology

intel_product

Get hosts running a specific product.

Parameters:

• product (string): Product name (e.g., "Citrix-NetScaler")

Usage:

"Find hosts running Citrix NetScaler"
"Get all Apache installations"

Returns: Hosts running the product

intel_domain

Get all subdomains of a domain from intelligence database.

Parameters:

• domain (string): The domain to search for

Usage:

"Get all subdomains from intelligence database for example.com"

Returns: Comprehensive subdomain list

intel_ip_to_hosts

Get hosts pointing to a specific IP address.

Parameters:

• ip (string): The IP address to search for

Usage:

"Find all hosts pointing to 1.2.3.4"
"Get reverse DNS for 8.8.8.8"

Returns: Hosts resolved to the IP

intel_asn_to_hosts

Get hosts within a specific ASN (Autonomous System Number).

Parameters:

• asn (integer): The ASN number

Usage:

"Find hosts in ASN 15169"
"Get all hosts for Google's ASN"

Returns: Hosts within the ASN

intel_asn_to_virtual_hosts

Get virtual hosts pointing to the same ASN.

Parameters:

• asn (integer): The ASN number

Usage:

"Find virtual hosts in ASN 15169"

Returns: Virtual hosts in the ASN

intel_ip_range_to_hosts

Get hosts in a specific IP range.

Parameters:

• ip_start (string): Range start IP
• ip_end (string): Range end IP

Usage:

"Find hosts between 192.168.1.1 and 192.168.1.255"

Returns: Hosts in the IP range

intel_dns_mx_to_hosts

Get hosts with the same DNS MX record.

Parameters:

• dns_mx (string): The DNS MX record

Usage:

"Find hosts using mail server mx.example.com"

Returns: Hosts with matching MX records

intel_dns_ns_to_hosts

Get hosts pointing to the same DNS NS record.

Parameters:

• dns_ns (string): The DNS NS record

Usage:

"Find hosts using nameserver ns1.example.com"

Returns: Hosts with matching NS records

---

Global Search (Enterprise Only)

global_search

Run advanced searches across the FullHunt database with powerful filtering.

Parameters:

• country (string, optional): Country code (e.g., "US", "GB")
• product (string, optional): Specific products (e.g., "Apache")
• organization (string, optional): Organization name
• asn (integer, optional): Autonomous System Number
• port (integer, optional): Specific ports
• tags (string, optional): Service tags
• technology (string, optional): Web technologies
• cloud_provider (string, optional): Cloud providers
• cdn (string, optional): CDN providers

Usage:

"Search for Apache servers in the US"
"Find all hosts on port 443 using nginx in Germany"
"Get all assets in AWS with Cloudflare CDN"

Returns: Matching hosts with comprehensive details Availability: Enterprise accounts only

---

Enterprise APIs

All Enterprise APIs require an Enterprise account.

enterprise_organizations

Get organizations list for enterprise account.

Usage:

"List my organizations"
"Show enterprise organizations"

Returns: List of organizations with metadata

enterprise_alerts

Retrieve security alerts and events for enterprise organizations.

Parameters:

• org (string, optional): Filter by organization ID
• page (integer, optional): Page number (default: 1)
• from_date (string, optional): Start date (DD/MM/YYYY)
• to_date (string, optional): End date (DD/MM/YYYY)

Usage:

"Show recent security alerts"
"Get alerts for organization XYZ from 01/01/2024"

Returns: Security alerts and events

enterprise_vulnerabilities

Retrieve discovered vulnerabilities for enterprise organizations.

Parameters:

• org (string, optional): Filter by organization ID

Usage:

"Show all vulnerabilities for my organization"
"List critical vulnerabilities"

Returns: Vulnerability inventory with severity and status

enterprise_entities

List all entities associated with enterprise account.

Parameters:

• org (string, optional): Filter by organization ID

Usage:

"List all entities"
"Show entities for organization ABC"

Returns: Entity list with metadata

enterprise_assets

Retrieve all assets associated with a specific entity.

Parameters:

• entity (string): Entity name

Usage:

"Get assets for entity 'Production'"
"Show all assets in 'Development' entity"

Returns: Asset inventory for the entity

enterprise_suggested_domains

Fetch suggested domains related to your organization.

Parameters:

• query (string, optional): Search query
• page (integer, optional): Page number
• from_date (string, optional): Start date (DD/MM/YYYY)
• to_date (string, optional): End date (DD/MM/YYYY)

Usage:

"Show suggested domains"
"Find suggested domains matching 'acme'"

Returns: Suggested domains with similarity scores

enterprise_darkweb_compromised_credentials

Retrieve compromised credentials from dark web monitoring.

Parameters:

• query (string, optional): Email or domain search
• page (integer, optional): Page number

Usage:

"Find compromised credentials for @example.com"
"Search dark web for admin@example.com"

Returns: Compromised credentials with breach details

enterprise_darkweb_discovered_emails

Retrieve discovered emails from dark web monitoring.

Parameters:

• query (string, optional): Email or domain search
• page (integer, optional): Page number

Usage:

"Find discovered emails for example.com"

Returns: Email addresses found on dark web

enterprise_darkweb_potential_phishing

Retrieve potential phishing domains.

Parameters:

• q (string, optional): Domain search query
• page (integer, optional): Page number
• from_date (string, optional): Start date (DD/MM/YYYY)
• to_date (string, optional): End date (DD/MM/YYYY)

Usage:

"Find potential phishing domains targeting example.com"
"Show recent phishing attempts"

Returns: Potential phishing domains with similarity analysis

enterprise_darkweb_typosquatting

Retrieve potential typosquatting domains.

Parameters:

• q (string, optional): Domain search query
• page (integer, optional): Page number
• from_date (string, optional): Start date (DD/MM/YYYY)
• to_date (string, optional): End date (DD/MM/YYYY)

Usage:

"Find typosquatting domains for example.com"
"Detect brand abuse attempts"

Returns: Typosquatting domains with registration details

enterprise_certificates

Retrieve SSL certificates for enterprise organizations.

Parameters:

• q (string, optional): Search query
• page (integer, optional): Page number
• from_date (string, optional): Start date (DD/MM/YYYY)
• to_date (string, optional): End date (DD/MM/YYYY)

Usage:

"Show SSL certificates for example.com"
"Find expiring certificates"

Returns: Certificate inventory with expiration and details

---

Nexus Intelligence

nexus_tor_check_ip

Check if an IP address is a Tor exit node.

Parameters:

• ip (string): IP address to check

Usage:

"Is 1.2.3.4 a Tor exit node?"
"Check if this IP is from Tor"

Returns: Tor node status and details

nexus_certs_dns_search

Search for certificates by DNS name.

Parameters:

• dns_name (string): DNS name to search for

Usage:

"Find certificates for *.example.com"
"Search SSL certificates for api.example.com"

Returns: Certificates matching the DNS name

nexus_passive_dns_lookup

Look up passive DNS hosts for a domain.

Parameters:

• domain (string): Domain to lookup

Usage:

"Get passive DNS for example.com"
"Show historical DNS records"

Returns: Historical DNS resolution data

---

OEM APIs

OEM APIs are available for OEM partners only.

oem_attack_surface_search

Search attack surface data for domains.

Parameters:

• target (string): Domain to search for
• query_tags (object, optional): Client tracking tags

Usage:

"Search attack surface for example.com (OEM)"

Returns: Attack surface data Availability: OEM partners only

oem_darkweb_search

Search dark web sources for compromised data.

Parameters:

• query (string): Search query
• query_type (string): Query type (default: "email")
• query_tags (object, optional): Client tracking tags

Usage:

"Search dark web for admin@example.com (OEM)"

Returns: Dark web findings Availability: OEM partners only

oem_organizations_search

Search organizations database by domain or name.

Parameters:

• query (string): Organization name or domain
• query_tags (object, optional): Client tracking tags

Usage:

"Search organizations for Apple (OEM)"

Returns: Organization data Availability: OEM partners only

oem_on_demand_scan

Trigger priority on-demand scan.

Parameters:

• target (string): Target to scan (domain, IP, or CIDR)
• query_tags (object, optional): Client tracking tags

Usage:

"Trigger OEM scan for example.com"

Returns: Scan results Availability: OEM partners only

oem_vulnerability_intelligence

Search vulnerability intelligence database.

Parameters:

• query (string): Search query (CVE ID, product, etc.)
• query_type (string): Query type (default: "cve")
• query_tags (object, optional): Client tracking tags

Usage:

"Search vulnerabilities for CVE-2024-1234 (OEM)"

Returns: Vulnerability data Availability: OEM partners only

---

Tool Availability Matrix

Tool Category	Public	Professional	Enterprise	OEM
Public APIs	✅	✅	✅	✅
Domain Intelligence	✅	✅	✅	✅
Host Intelligence	✅	✅	✅	✅
Attack Surface	✅	✅	✅	✅
Organizations Search	✅	✅	✅	✅
Vulnerability Intelligence	✅	✅	✅	✅
Data Intelligence	✅	✅	✅	✅
Global Search	❌	❌	✅	❌
Enterprise APIs	❌	❌	✅	❌
Nexus Intelligence	✅	✅	✅	✅
OEM APIs	❌	❌	❌	✅

---

Next Steps

• Try Example Queries to see tools in action
• Review Best Practices for optimal usage
• Check Integration Guide for setup instructions