Overview
This node integrates the Wapiti web vulnerability scanner into n8n workflows. It allows users to scan a target website for security vulnerabilities using different scanning modes and options. The node supports quick scans, full scans with customizable modules, and retrieving text reports from previous scans.
Common scenarios include:
- Security teams automating vulnerability assessments of websites.
- Developers integrating security checks into CI/CD pipelines.
- Penetration testers running scheduled scans on web assets.
Practical example:
- A user configures the node to perform a full scan on
https://example.comwith specific modules enabled, then uses the output JSON data to generate alerts or reports in subsequent workflow steps.
Properties
| Name | Meaning |
|---|---|
| Target Website | The URL of the website to be scanned. |
| Options.Scope | The scan scope; choose one of: Domain, Folder, Page, Punk, URL. |
| Options.Modules | Comma-separated list of Wapiti modules to use during the scan (e.g., backup, blindsql, brute_login_form). |
| Options.Put Result in Field | The name of the output field where the scan results will be stored. Default is "ports". |
Output
The node outputs an array of items, each containing a json object with a field named as specified by the "Put Result in Field" property (default "ports"). Depending on the operation:
- For Quick Scan and Full Scan, this field contains parsed JSON data representing the scan results.
- For Text Report, this field contains the raw text report as a string.
No binary data output is produced by this node.
Dependencies
- Requires the Wapiti command-line tool installed and accessible in the environment where n8n runs.
- Uses shell commands to execute Wapiti scans and read output files.
- Generates temporary output files in the user's home directory.
- No external API keys or credentials are required.
Troubleshooting
Common issues:
- Wapiti not installed or not in PATH: The node will fail when trying to run the scan command.
- Permission issues writing to the home directory or reading output files.
- Invalid target website URL causing scan failures.
- Incorrect module names or malformed module list may cause scan errors.
Error messages:
- Errors thrown by the shell command execution will be wrapped and reported as node operation errors.
- If the output file cannot be read or parsed, the node will throw an error indicating failure to retrieve scan results.
Resolutions:
- Ensure Wapiti is properly installed and accessible.
- Verify file system permissions for the home directory.
- Validate input URLs and module lists before running scans.
- Check logs printed by the node for detailed command execution info.