🔒 Network vulnerability scanner with NMAP and automated CVE reporting

⚡ 2,707 views · 🔒 SecOps & Security Automation

Description

Network Vulnerability Scanner (used NMAP as engine) with Automated CVE Report

Workflow Overview

This n8n workflow provides comprehensive network vulnerability scanning with automated CVE enrichment and professional report generation. It performs Nmap scans, queries the National Vulnerability Database (NVD) for CVE information, generates detailed HTML/PDF reports, and distributes them via Telegram and email.

Key Features

Use Cases

Setup Instructions

Prerequisites

Before setting up this workflow, ensure you have:

System Requirements

Required Knowledge

External Services

Step 1: Understanding the Workflow Components

Core Dependencies

Nmap: Network scanner

nmap-helper: JSON conversion tool

Prince XML: HTML to PDF converter

NVD API: Vulnerability database

Step 2: Telegram Bot Configuration (Optional)

If you want to receive reports via Telegram:

Create Telegram Bot

  1. Open Telegram and search for @BotFather
  2. Start a chat and send /newbot
  3. Follow prompts:
    • Bot name: Network Scanner Bot (or your choice)
    • Username: network_scanner_bot (must end with ‘bot’)
  4. BotFather will provide:
    • Bot token: 123456789:ABCdefGHIjklMNOpqrsTUVwxyz (save this)
    • Bot URL: https://t.me/your_bot_username

Get Your Chat ID

  1. Start a chat with your new bot
  2. Send any message to the bot
  3. Visit: https://api.telegram.org/bot<YOUR_BOT_TOKEN>/getUpdates
  4. Find your chat ID in the response
  5. Save this chat ID (e.g., 123456789)

Alternative: Group Chat ID

For sending to a group:

  1. Add bot to your group
  2. Send a message in the group
  3. Check getUpdates URL
  4. Group chat IDs are negative: -1001234567890

Add Credentials to n8n

  1. Navigate to Credentials in n8n
  2. Click Add Credential
  3. Select Telegram API
  4. Fill in:
    • Access Token: Your bot token from BotFather
  5. Click Save
  6. Test connection if available

Step 3: Email Configuration (Optional)

If you want to receive reports via email:

Add SMTP Credentials to n8n

  1. Navigate to Credentials in n8n
  2. Click Add Credential
  3. Select SMTP
  4. Fill in:
    • Host: SMTP server address (e.g., smtp.gmail.com)
    • Port: SMTP port (587 for TLS, 465 for SSL, 25 for unencrypted)
    • User: Your email username
    • Password: Your email password or app password
    • Secure: Enable for TLS/SSL
  5. Click Save

Gmail Users:

  1. Enable 2-factor authentication
  2. Generate app-specific password: https://myaccount.google.com/apppasswords
  3. Use app password in n8n credential

Step 4: Import and Configure Workflow

Configure Basic Parameters

Locate “1. Set Parameters” Node:

  1. Click the node to open settings
  2. Default configuration:
    • network: Input from webhook/form/manual trigger
    • timestamp: Auto-generated (format: yyyyMMdd_HHmmss)
    • report_password: Almafa123456 (change this!)

Change Report Password:

  1. Edit report_password assignment
  2. Set strong password: 12+ characters, mixed case, numbers, symbols
  3. This password will protect the PDF report
  4. Save changes

Step 5: Configure Notification Endpoints

Telegram Configuration

Locate “14/a. Send Report in Telegram” Node:

  1. Open node settings
  2. Update fields:
    • Chat ID: Replace -123456789012 with your actual chat ID
    • Credentials: Select your Telegram credential
  3. Save changes

Message customization:

Email Configuration

Locate “14/b. Send Report in Email with SMTP” Node:

  1. Open node settings
  2. Update fields:
    • From Email: report.creator@example.com → Your sender email
    • To Email: report.receiver@example.com → Your recipient email
    • Subject: Customize if needed (default includes network target)
    • Text: Email body message
    • Credentials: Select your SMTP credential
  3. Save changes

Multiple Recipients: Change toEmail field to comma-separated list:

admin@example.com, security@example.com, manager@example.com

Add CC/BCC: In node options, add:

Step 6: Configure Triggers

The workflow supports 4 trigger methods:

Trigger 1: Webhook API (Production)

Locate “Webhook” Node:

Trigger 2: Web Form (User-Friendly)

Locate “On form submission” Node:

Form URL:

https://your-n8n-domain.com/webhook-test/form/target

Users can:

  1. Open form URL in browser
  2. Enter target network/IP
  3. Click submit
  4. Receive confirmation

Trigger 3: Manual Execution (Testing)

Locate “Manual Trigger” Node:

To change default target:

  1. Open “Pre-Set-Target” node
  2. Edit network value
  3. Enter your test target
  4. Save changes

Trigger 4: Scheduled Scans (Automated)

Locate “Schedule Trigger” Node:

To change schedule:

  1. Open node settings
  2. Modify trigger time:
    • Hour: 1 (1 AM)
    • Minute: 0
    • Day of week: All days (or select specific days)
  3. Save changes

Schedule Examples:

Step 7: Test the Workflow

Use Nmap’s official test server for initial testing:

Important: Never scan targets without permission. Unauthorized scanning is illegal.

Manual Test Execution

  1. Open workflow in n8n editor
  2. Click Manual Trigger node to select it
  3. Click Execute Workflow button
  4. Workflow will start with scanme.nmap.org as target

Monitor Execution

Watch nodes turn green as they complete:

  1. Need to Add Helper?: Checks if nmap-helper installed
  2. Add NMAP-HELPER: Installs helper (if needed, ~2-3 minutes)
  3. Optional Params Setter: Sets scan parameters
  4. 2. Execute Nmap Scan: Runs scan (5-30 minutes depending on target)
  5. 3. Parse NMAP JSON to Services: Extracts services (~1 second)
  6. 5. CVE Enrichment Loop: Queries NVD API (1 second per service)
  7. 8-10. Report Generation: Creates HTML/PDF reports (~5-10 seconds)
  8. 12. Convert to PDF: Generates password-protected PDF (~10 seconds)
  9. 14a/14b. Distribution: Sends reports

Check Outputs

Click nodes to view outputs:

Verify Distribution

Telegram:

Email:

How to Use

Understanding the Scan Process

Initiating Scans

Method 1: Webhook API

Use curl or any HTTP client and add “network” parameter in a POST request.

Response:

Process started!

Scan runs asynchronously. You’ll receive results via configured channels (Telegram/Email).

Method 2: Web Form

  1. Open form URL in browser:

    https://your-n8n.com/webhook-test/form/target

  2. Fill in form:

    • network: Enter target (IP, range, domain)

  3. Click Submit

  4. Receive confirmation

  5. Wait for report delivery

Advantages:

Method 3: Manual Execution

For testing or one-off scans:

  1. Open workflow in n8n
  2. Edit “Pre-Set-Target” node:
    • Change network value to your target
  3. Click Manual Trigger node
  4. Click Execute Workflow
  5. Monitor progress in real-time

Advantages:

Method 4: Scheduled Scans

For regular, automated security audits:

  1. Configure “Schedule Trigger” node with desired time
  2. Configure “Pre-Set-Target” node with default target
  3. Activate workflow
  4. Scans run automatically on schedule

Advantages:

Scan Targets Explained

Supported Target Formats

Single IP Address:

192.168.1.100
10.0.0.50

CIDR Notation (Subnet):

192.168.1.0/24         # Scans 192.168.1.0-255 (254 hosts)
10.0.0.0/16            # Scans 10.0.0.0-255.255 (65534 hosts)
172.16.0.0/12          # Scans entire 172.16-31.x.x range

IP Range:

192.168.1.1-50         # Scans 192.168.1.1 to 192.168.1.50
10.0.0.1-10.0.0.100    # Scans across range

Multiple Targets:

192.168.1.1,192.168.1.2,192.168.1.3

Hostname/Domain:

scanme.nmap.org
example.com
server.local

Choosing Appropriate Targets

Development/Testing:

Internal Networks:

Understanding Report Contents

Report Structure

The generated report includes:

1. Executive Summary:

2. Overall Statistics:

3. Detailed Findings by Host: For each discovered host:

4. Vulnerability Details: For each vulnerable service:

5. Recommendations:

Vulnerability Severity Levels

CRITICAL (CVSS 9.0-10.0):

HIGH (CVSS 7.0-8.9):

MEDIUM (CVSS 4.0-6.9):

LOW (CVSS 0.1-3.9):

INFO (CVSS 0.0):

Understanding CPE

CPE (Common Platform Enumeration):

Workflow CPE Handling:

Working with Reports

Accessing HTML Report

Location:

/tmp/vulnerability_report_<timestamp>.html

Viewing:

Advantages:

Accessing PDF Report

Location:

/tmp/vulnerability_report_<timestamp>.pdf

Password:

Opening PDF:

  1. Receive PDF via Telegram or Email
  2. Open with PDF reader (Adobe, Foxit, Browser)
  3. Enter password when prompted
  4. View, print, or share

Advantages:

Report Customization

Change Report Title:

  1. Open “8. Prepare Report Structure” node
  2. Find metadata object
  3. Edit title and subtitle fields

Customize Styling:

  1. Open “9. Generate HTML Report” node
  2. Modify CSS in <style> section
  3. Change colors, fonts, layout

Add Company Logo:

  1. Edit HTML generation code
  2. Add <img> tag in header section
  3. Include base64-encoded logo or URL

Modify Recommendations:

  1. Open “9. Generate HTML Report” node
  2. Find <h2>Recommendations</h2> section
  3. Edit recommendation text

Scanning Ethics and Legality

  1. Authorization is Mandatory:

    • Never scan networks without explicit written permission
    • Unauthorized scanning is illegal in most jurisdictions
    • Can result in criminal charges and civil liability

  2. Scope Definition:

    • Document approved scan scope
    • Exclude out-of-scope systems
    • Maintain scan authorization documents

  3. Notification:

    • Inform network administrators before scans
    • Provide scan window and source IPs
    • Have emergency contact procedures

  4. Safe Targets for Testing:

    • scanme.nmap.org: Official Nmap test server
    • Your own isolated lab network
    • Cloud instances you own
    • Explicitly authorized environments

Compliance Considerations

PCI DSS:

HIPAA:

ISO 27001:

NIST Cybersecurity Framework:

License and Credits

Workflow:

Dependencies:

Third-Party Services:

Support

For Nmap issues:

For NVD API issues:

For Prince XML issues:

Workflow Metadata

Security Disclaimer

This workflow is provided for legitimate security testing and vulnerability assessment purposes only. Users are solely responsible for ensuring they have proper authorization before scanning any network or system. Unauthorized network scanning is illegal and unethical. The authors assume no liability for misuse of this workflow or any damages resulting from its use. Always obtain written permission before conducting security assessments.

🔗 Nodes Used

Send Email, Webhook, Telegram, Schedule Trigger, n8n Form Trigger, Read/Write Files from Disk

đŸ“„ Import

Download workflow.json and import into n8n: Workflow menu → Import from File

📖 Importing guide · 🔑 Credential setup