Overview
This node integrates the Wapiti web vulnerability scanner into n8n workflows. It allows users to perform security scans on target websites to identify potential vulnerabilities such as SQL injection, cross-site scripting (XSS), and other common web application security issues.
Common scenarios for this node include:
- Automated security testing during development or deployment pipelines.
- Periodic scanning of websites to detect new vulnerabilities.
- Generating reports for security audits.
Practical example:
- A user configures the node to run a quick scan on their company’s website after each code deployment, helping catch security issues early.
Properties
| Name | Meaning |
|---|---|
| Target Website | The URL of the website to be scanned. Example: https://www.zubial.net |
| Options | Collection of additional scan options: |
| - Scope | Defines the scan scope. Possible values: Domain, Folder, Page, Punk, URL |
| - Modules | Comma-separated list of Wapiti modules to use in the scan. Default includes many modules like backup, blindsql, brute_login_form, etc. |
| - Put Result in Field | The name of the output JSON field where the scan results will be stored. Default is ports |
| Operation | The type of scan operation to perform. Options are: Quick Scan Wapiti, Full Scan Wapiti, Text Report Wapiti |
Output
The node outputs an array of items, each containing a json object with the scan results.
- For Quick Scan and Full Scan operations, the output field (default
ports) contains parsed JSON data representing the scan findings. - For the Text Report operation, the output field contains the raw text report generated by Wapiti.
The exact structure of the JSON depends on Wapiti's output but generally includes details about detected vulnerabilities, affected URLs, severity, and descriptions.
No binary data output is produced by this node.
Dependencies
- Requires Wapiti installed and accessible in the system environment where n8n runs.
- Uses shell commands to execute Wapiti scans and read output files.
- Generates temporary files in the user's home directory to store scan results.
- No external API keys or credentials are required.
Troubleshooting
Common Issues:
- Wapiti not installed or not in PATH: The node will fail when trying to execute the scan command.
- Permission issues writing to the home directory: The node writes temporary files there; lack of permissions can cause errors.
- Invalid target URL or unreachable website: Wapiti may return empty or error results.
- Incorrect module names or malformed options string can cause Wapiti to fail.
Error Messages:
- Errors from shell command execution are caught and rethrown as node operation errors.
- If the output file cannot be read, the node returns an empty string or throws an error.
Resolutions:
- Ensure Wapiti is installed and accessible.
- Verify that the n8n process has write/read permissions in the home directory.
- Validate the target website URL.
- Use default or verified module lists to avoid syntax errors.