Overview
This node integrates the Wapiti web vulnerability scanner into n8n workflows. It allows users to perform security scans on target websites to identify potential vulnerabilities such as SQL injection, cross-site scripting (XSS), and other common web application security issues.
The node supports three main operations:
- Quick Scan: Performs a fast scan with default modules and settings.
- Full Scan: Executes a comprehensive scan using a customizable set of modules.
- Text Report: Retrieves a textual report from a previous scan.
Typical use cases include automated security testing in CI/CD pipelines, routine website vulnerability assessments, or integrating security checks into broader automation workflows.
Properties
| Name | Meaning |
|---|---|
| Target Website | The URL of the website to be scanned. |
| Options.Scope | Defines the scan scope. Possible values: Domain, Folder, Page, Punk, URL scope. |
| Options.Modules | Comma-separated list of Wapiti modules to use during the scan. Defaults to a broad set of vulnerability tests. |
| Options.Put Result in Field | The name of the output field where the scan results will be stored. Defaults to "ports". |
Output
The node outputs an array of items corresponding to each input item processed. Each output item contains a json property with a field named according to the "Put Result in Field" option (default "ports"). This field holds the scan results:
- For Quick Scan and Full Scan operations, the field contains parsed JSON data representing the scan findings.
- For the Text Report operation, the field contains the raw text report as a string.
No binary data is output by this node.
Dependencies
- Requires the Wapiti command-line tool installed and accessible in the environment where n8n runs.
- Uses shell commands to execute Wapiti scans and read output files.
- Generates temporary files in the user's home directory for storing scan results.
- No external API keys or credentials are required.
Troubleshooting
Common Issues:
- Wapiti not installed or not in PATH: The node will fail when attempting to run the scan command.
- Insufficient permissions to write/read temporary files in the home directory.
- Invalid target website URL or unreachable target causing scan failures.
- Incorrect module names or malformed options may cause Wapiti to error out.
Error Messages:
- Errors thrown during command execution are wrapped and reported as node operation errors.
- If the scan output file cannot be read, the node returns an empty string or throws an error.
Resolutions:
- Ensure Wapiti is properly installed and accessible.
- Verify that the n8n process has permission to create and read files in the home directory.
- Validate the target website URL before running the scan.
- Use valid module names and scope options as per Wapiti documentation.