Network Vulnerability Scanner (used NMAP as engine) with Automated CVE Report Workflow Overview This n8n workflow provides comprehensive network vulnerability scanning with automated CVE enrichment and professional report generation. It performs Nmap scans, queries the National Vulnerability Database (NVD) for CVE information, generates detailed HTML/PDF reports, and distributes them via Telegram and email. Key Features - Automated Network Scanning: Full Nmap service and version detection scan -

Network Vulnerability Scanner (used NMAP as engine) with Automated CVE Report Workflow Overview This n8n workflow provides comprehensive network vulnerability scanning with automated CVE enrichment and professional report generation. It performs Nmap scans, queries the National Vulnerability Database (NVD) for CVE information, generates detailed HTML/PDF reports, and distributes them via Telegram and email. Key Features - Automated Network Scanning: Full Nmap service and version detection scan - CVE Enrichment: Automatic vulnerability lookup using NVD API - CVSS Scoring: Vulnerability severity assessment with CVSS v3.1/v3.0 scores - Professional Reporting: HTML reports with detailed findings and recommendations - PDF Generation: Password-protected PDF reports using Prince XML - Multi-Channel Distribution: Telegram and email delivery - Multiple Triggers: Webhook API, web form, manual execution, scheduled scans - Rate Limiting: Respects NVD API rate limits - Comprehensive Data: Service detection, CPE matching, CVE details with references Use Cases - Regular security audits of network infrastructure - Compliance scanning for vulnerability management - Penetration testing reconnaissance phase - Asset inventory with vulnerability context - Continuous security monitoring - Vulnerability assessment reporting for management - DevSecOps integration for infrastructure testing --- Setup Instructions Prerequisites Before setting up this workflow, ensure you have: System Requirements - n8n instance (self-hosted) with command execution capability - Alpine Linux base image (or compatible Linux distribution) - Minimum 2 GB RAM (4 GB recommended for large scans) - 2 GB free disk space for dependencies - Network access to scan targets - Internet connectivity for NVD API Required Knowledge - Basic networking concepts (IP addresses, ports, protocols) - Understanding of CVE/CVSS vulnerability scoring - Nmap scanning basics External Services - Telegram Bot (optional, for Telegram notifications) - Email server / SMTP credentials (optional, for email reports) - NVD API access (public, no API key required but rate-limited) Step 1: Understanding the Workflow Components Core Dependencies Nmap: Network scanner - Purpose: Port scanning, service detection, version identification - Usage: Performs TCP SYN scan with service/version detection nmap-helper: JSON conversion tool - Repository: - Purpose: Converts Nmap XML output to JSON format Prince XML: HTML to PDF converter - Website: - Version: 16.1 (Alpine 3.20) - Purpose: Generates professional PDF reports from HTML - Features: Password protection, print-optimized formatting NVD API: Vulnerability database - Endpoint: - Purpose: CVE information, CVSS scores, vulnerability descriptions - Rate Limit: Public API allows limited requests per minute - Documentation: Step 2: Telegram Bot Configuration (Optional) If you want to receive reports via Telegram: Create Telegram Bot 1. Open Telegram and search for @BotFather 2. Start a chat and send /newbot 3. Follow prompts: - Bot name: Network Scanner Bot (or your choice) - Username: networkscannerbot (must end with 'bot') 4. BotFather will provide: - Bot token: 123456789:ABCdefGHIjklMNOpqrsTUVwxyz (save this) - Bot URL: Get Your Chat ID 1. Start a chat with your new bot 2. Send any message to the bot 3. Visit: 4. Find your chat ID in the response 5. Save this chat ID (e.g., 123456789) Alternative: Group Chat ID For sending to a group: 1. Add bot to your group 2. Send a message in the group 3. Check getUpdates URL 4. Group chat IDs are negative: -1001234567890 Add Credentials to n8n 1. Navigate to Credentials in n8n 2. Click Add Credential 3. Select Telegram API 4. Fill in: - Access Token: Your bot token from BotFather 5. Click Save 6. Test connection if available Step 3: Email Configuration (Optional) If you want to receive reports via email: Add SMTP Credentials to n8n 1. Navigate to Credentials in n8n 2. Click Add Credential 3. Select SMTP 4. Fill in: - Host: SMTP server address (e.g., smtp.gmail.com) - Port: SMTP port (587 for TLS, 465 for SSL, 25 for unencrypted) - User: Your email username - Password: Your email password or app password - Secure: Enable for TLS/SSL 5. Click Save Gmail Users: 1. Enable 2-factor authentication 2. Generate app-specific password: 3. Use app password in n8n credential Step 4: Import and Configure Workflow Configure Basic Parameters Locate "1. Set Parameters" Node: 1. Click the node to open settings 2. Default configuration: - network: Input from webhook/form/manual trigger - timestamp: Auto-generated (format: yyyyMMddHHmmss) - reportpassword: Almafa123456 (change this!) Change Report Password: 1. Edit reportpassword assignment 2. Set strong password: 12+ characters, mixed case, numbers, symbols 3. This password will protect the PDF report 4. Save changes Step 5: Configure Notification Endpoints Telegram Configuration Locate "14/a. Send Report in Telegram" Node: 1. Open node settings 2. Update fields: - Chat ID: Replace -123456789012 with your actual chat ID - Credentials: Select your Telegram credential 3. Save changes Message customization: - Current: Sends PDF as document attachment - Automatic filename: vulnerabilityreport<timestamp>.pdf - No caption by default (add if needed) Email Configuration Locate "14/b. Send Report in Email with SMTP" Node: 1. Open node settings 2. Update fields: - From Email: report.creator@example.com → Your sender email - To Email: report.receiver@example.com → Your recipient email - Subject: Customize if needed (default includes network target) - Text: Email body message - Credentials: Select your SMTP credential 3. Save changes Multiple Recipients: Change toEmail field to comma-separated list: Add CC/BCC: In node options, add: - cc: Carbon copy recipients - bcc: Blind carbon copy recipients Step 6: Configure Triggers The workflow supports 4 trigger methods: Trigger 1: Webhook API (Production) Locate "Webhook" Node: - Path: /vuln-scan - Method: POST - Response: Immediate acknowledgment "Process started!" - Async: Scan runs in background Trigger 2: Web Form (User-Friendly) Locate "On form submission" Node: - Path: /webhook-test/form/target - Method: GET (form display), POST (form submit) - Form Title: "Add scan parameters" - Field: network (required) Form URL: Users can: 1. Open form URL in browser 2. Enter target network/IP 3. Click submit 4. Receive confirmation Trigger 3: Manual Execution (Testing) Locate "Manual Trigger" Node: - Click to activate - Opens workflow with "Pre-Set-Target" node - Default target: scanme.nmap.org (Nmap's official test server) To change default target: 1. Open "Pre-Set-Target" node 2. Edit network value 3. Enter your test target 4. Save changes Trigger 4: Scheduled Scans (Automated) Locate "Schedule Trigger" Node: - Default: Daily at 1:00 AM - Uses "Pre-Set-Target" for network To change schedule: 1. Open node settings 2. Modify trigger time: - Hour: 1 (1 AM) - Minute: 0 - Day of week: All days (or select specific days) 3. Save changes Schedule Examples: - Every day at 3 AM: Hour: 3, Minute: 0 - Weekly on Monday at 2 AM: Hour: 2, Day: Monday - Twice daily (8 AM, 8 PM): Create two Schedule Trigger nodes Step 7: Test the Workflow Recommended Test Target Use Nmap's official test server for initial testing: - Target: scanme.nmap.org - Purpose: Official Nmap testing server - Safe: Designed for scanning practice - Permissions: Public permission to scan Important: Never scan targets without permission. Unauthorized scanning is illegal. Manual Test Execution 1. Open workflow in n8n editor 2. Click Manual Trigger node to select it 3. Click Execute Workflow button 4. Workflow will start with scanme.nmap.org as target Monitor Execution Watch nodes turn green as they complete: 1. Need to Add Helper?: Checks if nmap-helper installed 2. Add NMAP-HELPER: Installs helper (if needed, 2-3 minutes) 3. Optional Params Setter: Sets scan parameters 4. 2. Execute Nmap Scan: Runs scan (5-30 minutes depending on target) 5. 3. Parse NMAP JSON to Services: Extracts services (1 second) 6. 5. CVE Enrichment Loop: Queries NVD API (1 second per service) 7. 8-10. Report Generation: Creates HTML/PDF reports (5-10 seconds) 8. 12. Convert to PDF: Generates password-protected PDF (10 seconds) 9. 14a/14b. Distribution: Sends reports Check Outputs Click nodes to view outputs: - 3. Parse NMAP JSON: View discovered services - 5. CVE Enrichment: See vulnerabilities found - 8. Prepare Report Structure: Check statistics - 13. Read Report PDF: Download report to verify Verify Distribution Telegram: - Open Telegram chat with your bot - Check for PDF document - Download and open with password Email: - Check inbox for report email - Verify subject line includes target network - Download PDF attachment - Open with password --- How to Use Understanding the Scan Process Initiating Scans Method 1: Webhook API Use curl or any HTTP client and add "network" parameter in a POST request. Response: Scan runs asynchronously. You'll receive results via configured channels (Telegram/Email). Method 2: Web Form 1. Open form URL in browser: 2. Fill in form: - network: Enter target (IP, range, domain) 3. Click Submit 4. Receive confirmation 5. Wait for report delivery Advantages: - No command line needed - User-friendly interface - Input validation - Good for non-technical users Method 3: Manual Execution For testing or one-off scans: 1. Open workflow in n8n 2. Edit "Pre-Set-Target" node: - Change network value to your target 3. Click Manual Trigger node 4. Click Execute Workflow 5. Monitor progress in real-time Advantages: - See execution in real-time - Debug issues immediately - Test configuration changes - View intermediate outputs Method 4: Scheduled Scans For regular, automated security audits: 1. Configure "Schedule Trigger" node with desired time 2. Configure "Pre-Set-Target" node with default target 3. Activate workflow 4. Scans run automatically on schedule Advantages: - Automated security monitoring - Regular compliance scans - No manual intervention needed - Consistent scheduling Scan Targets Explained Supported Target Formats Single IP Address: CIDR Notation (Subnet): IP Range: Multiple Targets: Hostname/Domain: Choosing Appropriate Targets Development/Testing: - Use scanme.nmap.org (official test target) - Use your own isolated lab network - Never scan public internet without permission Internal Networks: - Use CIDR notation for entire subnets - Scan DMZ networks separately from internal - Consider network segmentation in scan design Understanding Report Contents Report Structure The generated report includes: 1. Executive Summary: - Total hosts discovered - Total services identified - Total vulnerabilities found - Severity breakdown (Critical, High, Medium, Low, Info) - Scan date and time - Target network 2. Overall Statistics: - Visual dashboard with key metrics - Severity distribution chart - Quick risk assessment 3. Detailed Findings by Host: For each discovered host: - IP address - Hostname (if resolved) - List of open ports and services - Service details: - Port number and protocol - Service name (e.g., http, ssh, mysql) - Product (e.g., Apache, OpenSSH, MySQL) - Version (e.g., 2.4.41, 8.2p1, 5.7.33) - CPE identifier 4. Vulnerability Details: For each vulnerable service: - CVE ID: Unique vulnerability identifier (e.g., CVE-2021-44228) - Severity: CRITICAL / HIGH / MEDIUM / LOW / INFO - CVSS Score: Numerical score (0.0-10.0) - Published Date: When vulnerability was disclosed - Description: Detailed vulnerability explanation - References: Links to advisories, patches, exploits 5. Recommendations: - Immediate actions (patch critical/high severity) - Long-term improvements (security processes) - Best practices Vulnerability Severity Levels CRITICAL (CVSS 9.0-10.0): - Color: Red - Characteristics: Remote code execution, full system compromise - Action: Immediate patching required - Examples: Log4Shell, EternalBlue, Heartbleed HIGH (CVSS 7.0-8.9): - Color: Orange - Characteristics: Significant security impact, data exposure - Action: Patch within days - Examples: SQL injection, privilege escalation, authentication bypass MEDIUM (CVSS 4.0-6.9): - Color: Yellow - Characteristics: Moderate security impact - Action: Patch within weeks - Examples: Information disclosure, denial of service, XSS LOW (CVSS 0.1-3.9): - Color: Green - Characteristics: Minor security impact - Action: Patch during regular maintenance - Examples: Path disclosure, weak ciphers, verbose error messages INFO (CVSS 0.0): - Color: Blue - Characteristics: No vulnerability found or informational - Action: No action required, awareness only - Examples: Service version detected, no known CVEs Understanding CPE CPE (Common Platform Enumeration): - Standard naming scheme for IT products - Used for CVE lookup in NVD database Workflow CPE Handling: - Nmap detects service and version - Nmap provides CPE (if in database) - Workflow uses CPE to query NVD API - NVD returns CVEs associated with that CPE - Special case: nginx vendor fixed from igorsysoev to nginx Working with Reports Accessing HTML Report Location: Viewing: - Open in web browser directly from n8n - Click "11. Read Report for Output" node - Download HTML file - Open locally in any browser Advantages: - Interactive (clickable links) - Searchable text - Easy to edit/customize - Smaller file size Accessing PDF Report Location: Password: - Default: Almafa123456 (configured in "1. Set Parameters") - Change in workflow before production use - Required to open PDF Opening PDF: 1. Receive PDF via Telegram or Email 2. Open with PDF reader (Adobe, Foxit, Browser) 3. Enter password when prompted 4. View, print, or share Advantages: - Professional appearance - Print-optimized formatting - Password protection - Portable (works anywhere) - Preserves formatting Report Customization Change Report Title: 1. Open "8. Prepare Report Structure" node 2. Find metadata object 3. Edit title and subtitle fields Customize Styling: 1. Open "9. Generate HTML Report" node 2. Modify CSS in <style> section 3. Change colors, fonts, layout Add Company Logo: 1. Edit HTML generation code 2. Add
Download the workflow JSON file after purchase.
Open n8n → click the menu → Import from File.
Select the downloaded JSON and import.
Set up credentials for each node that requires them.
Click Execute Workflow to test, then activate.
Setup guide included
Purchase to unlock the full step-by-step guide
No reviews yet
Be the first to buy and share your experience.
Leave a review
Sign in to share your experience with this workflow.
Create a free account to purchase workflows.
Need help setting this up?
Book a 3-hour live setup session with an Agility consultant.