Overview
This node integrates with Wapiti, a web application vulnerability scanner, to perform security scans on target websites. It supports three main operations:
- Quick Scan: Runs a fast scan using default modules and outputs results in JSON format.
- Full Scan: Executes a comprehensive scan with customizable modules, outputting JSON results.
- Text Report: Generates a plain text report of the scan results.
Typical use cases include automated security testing during development or continuous integration pipelines, vulnerability assessments for web applications, and generating reports for security audits.
For example, a user can specify a website URL and run a full scan with selected modules to identify potential vulnerabilities, then retrieve a detailed text report summarizing findings.
Properties
| Name | Meaning |
|---|---|
| Target Website | The URL of the website to be scanned. |
| Options | Collection of additional settings: |
| - Scope | Defines the scan scope; options are: Domain, Folder, Page, Punk, URL scope. |
| - Modules | Comma-separated list of Wapiti modules to use during scanning (e.g., backup, blindsql, xss, etc.). |
| - Put Result in Field | The name of the output field where the scan result will be stored in the node's output JSON. |
Output
The node outputs an array of items, each containing a json object with a single property named as specified by the "Put Result in Field" input (default is "ports"). Depending on the operation:
- For Quick Scan and Full Scan, this field contains parsed JSON data representing the scan results.
- For Text Report, this field contains the raw text content of the Wapiti report.
No binary data output is produced by this node.
Example output JSON snippet for a full scan might look like:
{
"ports": {
"vulnerabilities": [...],
"infos": [...],
...
}
}
Or for a text report:
{
"ports": "Wapiti scan report text content..."
}
Dependencies
- Requires Wapiti to be installed and accessible via command line on the system where n8n runs.
- Uses shell commands to execute Wapiti scans and read output files.
- Generates temporary files in the user's home directory to store scan results.
- No external API keys or credentials are required.
Troubleshooting
Common Issues:
- Wapiti not installed or not in PATH: The node will fail when trying to execute the Wapiti command.
- Permission issues writing to the home directory or executing shell commands.
- Invalid website URLs or unreachable targets causing scan failures.
- Incorrect module names or malformed options may cause Wapiti to error out.
Error Messages:
- Errors thrown from shell command execution are wrapped and reported as node operation errors.
- If the output file cannot be read, the node returns an empty string or throws an error.
Resolutions:
- Ensure Wapiti is properly installed and accessible.
- Verify that the n8n process has permission to write/read files in the home directory.
- Validate input URLs and options before running the node.
- Check logs for detailed shell command errors.