HumationHuman + Automation
Back to Catalog

Web security scanner for OWASP compliance with Markdown reports

Sean BirminghamSean Birmingham
642 views
2/3/2026
user-managementconditional-logicdata-synchronizationapi-integrationauth0
Official Page

How the n8n OWASP Scanner Works & How to Set It Up

How It Works (Simple Flow):

  • 1. Input: Enter target URL + endpoint (e.g., https://example.com, /login)
  • 2. Scan: This workflow executes 5 parallel HTTP tests (Headers, Cookies, CORS, HTTPS, Methods)
  • 3. Analyze: Pure JS logic checks OWASP ASVS (Application Security Verification Standard) rules (no external tools)
  • 4. Merge: Combines all findings into one Markdown report
  • 5. Output: Auto-generates + downloads scan-2025-11-16_210900.md** (example filename)
  • 6. Email: (Optional) Forward the report to an email address using Gmail.

Setup in 3 Steps (2 Minutes)

  1. Import Workflow

    • Copy the full JSON (from "Export Final Workflow")
    • In n8n → WorkflowsImport from JSON → Paste → Import

  2. (Optional) Connect your Gmail credentials

    • In the last node to auto-email the report

  3. Click Execute the workflow

    • Enter a URL in the new window, then click 'submit'.

You can alternatively download or receive the Markdown report directly from the Markdown to File node

(Supports any HTTP/HTTPS endpoint. Works in n8n Cloud or self-hosted.)

Web Security Scanner for OWASP Compliance with Markdown Reports

This n8n workflow provides a streamlined solution for performing web security scans, specifically tailored for OWASP compliance. Upon a form submission, it initiates a security scan against a specified URL, processes the results, and generates a comprehensive Markdown report. The report is then sent via email, allowing for quick dissemination of critical security findings.

What it does

This workflow automates the following steps:

  1. Triggers on Form Submission: The workflow starts when a user submits data through an n8n form. This form is expected to provide the target URL for the security scan.
  2. Initiates HTTP Request: An HTTP Request node is used to interact with an external web security scanning API (e.g., an OWASP ZAP or similar scanner endpoint). The target URL from the form submission is passed to this API.
  3. Processes Scan Results: The raw data from the security scan API is processed. This likely involves parsing JSON or XML responses to extract relevant findings.
  4. Generates Markdown Report: A Code node dynamically creates a structured Markdown report based on the parsed scan results. This report highlights key vulnerabilities, their severity, and potentially remediation steps.
  5. Attaches Report as File: The generated Markdown content is converted into a file attachment.
  6. Sends Email with Report: Finally, a Gmail node sends an email containing the Markdown report as an attachment to a predefined recipient, ensuring that the security findings are promptly delivered.

Prerequisites/Requirements

To use this workflow, you will need:

  • n8n Instance: A running instance of n8n.
  • Web Security Scanner API: Access to a web security scanner API (e.g., a self-hosted OWASP ZAP instance with an API, or a commercial web scanner). The HTTP Request node will need to be configured with the appropriate endpoint and authentication.
  • Gmail Account: A configured Gmail credential in n8n to send email notifications.
  • n8n Form: A pre-configured n8n form that collects the target URL for the scan.

Setup/Usage

  1. Import the Workflow: Import the provided JSON into your n8n instance.
  2. Configure the n8n Form Trigger:
    • Open the "On form submission" node.
    • Ensure the form is set up to capture the target URL for the scan. The output of this form should contain a field that can be referenced by the HTTP Request node (e.g., {{ $json.url_to_scan }}).
  3. Configure the HTTP Request Node:
    • Open the "HTTP Request" node.
    • Set the URL to your web security scanner's API endpoint.
    • Configure the Method (e.g., POST, GET) and any necessary Headers or Body parameters, including passing the target URL from the "On form submission" node (e.g., {{ $('On form submission').item.json.url_to_scan }}).
    • Add any required authentication (e.g., API keys, basic auth) to the HTTP Request node's credentials.
  4. Configure the Code Node:
    • Open the "Code" node.
    • Review and customize the JavaScript code to parse the output of your specific web security scanner API and format it into a Markdown string. The current code expects to receive scan results from the previous HTTP Request node.
  5. Configure the Convert to File Node:
    • Open the "Convert to File" node.
    • Ensure it's configured to convert the Markdown output from the "Code" node into a file (e.g., report.md).
  6. Configure the Gmail Node:
    • Open the "Gmail" node.
    • Select your Gmail credential.
    • Set the To email address where the reports should be sent.
    • Customize the Subject and Body of the email.
    • Ensure the Attachments section is configured to include the file output from the "Convert to File" node.
  7. Activate the Workflow: Save and activate the workflow.

Once activated, submitting the n8n form with a target URL will trigger a web security scan, generate a Markdown report, and email it to the specified recipient.

Related Templates

Automate job matching with Gemini AI, Decodo scraping & resume analysis to Telegram

AI Job Matcher with Decodo, Gemini AI & Resume Analysis Sign up for Decodo — get better pricing here Who’s it for This workflow is built for job seekers, recruiters, founders, automation builders, and data engineers who want to automate job discovery and intelligently match job listings against resumes using AI. It’s ideal for anyone building job boards, candidate matching systems, hiring pipelines, or personal job alert automations using n8n. What this workflow does This workflow automatically scrapes job listings from SimplyHired using Decodo residential proxies, extracts structured job data with a Gemini AI agent, downloads resumes from Google Drive, extracts and summarizes resume content, and surfaces the most relevant job opportunities. The workflow stores structured results in a database and sends real-time notifications via Telegram, creating a scalable and low-maintenance AI-powered job matching pipeline. How it works A schedule trigger starts the workflow automatically Decodo fetches job search result pages from SimplyHired Job card HTML is extracted from the page A Gemini AI agent converts raw HTML into structured job data Resume PDFs are downloaded from Google Drive Resume text is extracted from PDF files A Gemini AI agent summarizes key resume highlights Job and resume data are stored in a database Matching job alerts are sent via Telegram How to set up Add your Decodo API credentials Add your Google Gemini API key Connect Google Drive for resume access Configure your Telegram bot Set up your database (Google Sheets by default) Update the job search URL with your keywords and location Requirements Self-hosted n8n instance Decodo account (community node) Google Gemini API access Google Drive access Telegram Bot token Google Sheets or another database > Note: This template uses a community node (Decodo) and is intended for self-hosted n8n only. How to customize the workflow Replace SimplyHired with another job board or aggregator Add job–resume matching or scoring logic Extend the resume summary with custom fields Swap Google Sheets for PostgreSQL, Supabase, or Airtable Route notifications to Slack, Email, or Webhooks Add pagination or multi-resume processing

Rully SaputraBy Rully Saputra
65

Daily Magento 2 customer sync to Google Contacts & Sheets without duplicates

Automatically sync newly registered Magento 2 customers to Google Contacts and Google Sheets every 24 hours — with full duplication control and seamless automation. This workflow is a plug-and-play customer contact automation system designed for Magento 2 store owners, marketers, and CRM teams. It fetches customer records registered within the last 24 hours (from 00:00:00 to 23:59:59), checks against an existing Google Sheet to avoid reprocessing, and syncs only the new ones into Google Contacts. This ensures your contact list is always fresh and up to date — without clutter or duplicates. ✅ What This Workflow Does: Automates Customer Syncing Every day, it fetches newly registered Magento 2 customers via API based on the exact date range (midnight to midnight). Deduplicates Using Google Sheets A master Google Sheet tracks already-synced emails. Before adding a customer, the workflow checks this list and skips if already present. Creates Google Contacts Automatically For each unique customer, it creates a new contact in your Google Contacts, saving fields like first name, last name, and email. Logs New Entries to Google Sheets In Google Sheets, it even records magento 2 customer group, createdat, websiteid & store_id After syncing, it adds each new email to the tracking sheet, building a cumulative record of synced contacts. Fully Scheduled & Automated Can be scheduled with the Cron node to run daily (e.g., 12:05 AM) with no manual intervention required. 🔧 Modules Used: HTTP Request (Magento 2 API) Date & Time (for filtering registrations) Google Sheets (for reading/writing synced emails) Google Contacts (for contact creation) Set, IF, and Merge nodes (for control logic) Cron (for scheduling the automation) 💼 Use Cases: Keep your email marketing tools synced with Magento 2 customer data. Build a CRM-friendly contact base in Google Contacts without duplicates. Share customer data with sales or support teams through synced Google Sheets. Reduce manual work and human error in data transfer processes. 🔒 Credentials Required Magento 2 Bearer Auth: Set up as a credential in n8n using your Magento 2 API access token. Google API 📂 Category E-commerce → Magento 2 (Adobe Commerce) 💬 Need Help? 💡 Having trouble setting it up or want to customize this workflow further? Feel free to reach out — I’m happy to help with setup, customization, or Magento 2 API integration issues. Contact: Author 👤 Author Kanaka Kishore Kandregula Certified Magento 2 Developer https://gravatar.com/kmyprojects https://www.linkedin.com/in/kanakakishore

Kanaka Kishore KandregulaBy Kanaka Kishore Kandregula
163

Run bulk RAG queries from CSV with Lookio

This template processes a CSV of questions and returns an enriched CSV with RAG-based answers produced by your Lookio assistant. Upload a CSV that contains a column named Query, and the workflow will loop through every row, call the Lookio API, and append a Response column containing the assistant's answer. It's ideal for batch tasks like drafting RFP responses, pre-filling support replies, generating knowledge-checked summaries, or validating large lists of product/customer questions against your internal documentation. Who is this for? Knowledge managers & technical writers: Produce draft answers to large question sets using your company docs. Sales & proposal teams: Auto-generate RFP answer drafts informed by internal docs. Support & operations teams: Bulk-enrich FAQs or support ticket templates with authoritative responses. Automation builders: Integrate Lookio-powered retrieval into bulk data pipelines. What it does / What problem does this solve? Automates bulk queries: Eliminates the manual process of running many individual lookups. Ensures answers are grounded: Responses come from your uploaded documents via Lookio, reducing hallucinations. Produces ready-to-use output: Delivers an enriched CSV with a new Response column for downstream use. Simple UX: Users only need to upload a CSV with a Query column and download the resulting file. How it works Form submission: User uploads a CSV via the Form Trigger. Extract & validate: Extract all rows reads the CSV and Aggregate rows checks for a Query column. Per-row loop: Split Out and Loop Over Queries iterate rows; Isolate the Query column normalizes data. Call Lookio: Lookio API call posts each query to your assistant and returns the answer. Build output: Prepare output appends Response values and Generate enriched CSV creates the downloadable file delivered by Form ending and file download. Why use Lookio for high quality RAG? While building a native RAG pipeline in n8n offers granular control, achieving consistently high-quality and reliable results requires significant effort in data processing, chunking strategy, and retrieval logic optimization. Lookio is designed to address these challenges by providing a managed RAG service accessible via a simple API. It handles the entire backend pipeline—from processing various document formats to employing advanced retrieval techniques—allowing you to integrate a production-ready knowledge source into your workflows. This approach lets you focus on building your automation in n8n, rather than managing the complexities of a RAG infrastructure. How to set up Create a Lookio assistant: Sign up at https://www.lookio.app/, upload documents, and create an assistant. Get credentials: Copy your Lookio API Key and Assistant ID. Configure the workflow nodes: In the Lookio API call HTTP Request node, replace the apikey header value with your Lookio API Key and update assistantid with your Assistant ID (replace placeholders like <your-lookio-api-key> and <your-assistant-id>). Ensure the Form Trigger is enabled and accepts a .csv file. CSV format: Ensure the input CSV has a column named Query (case-sensitive as configured). Activate the workflow: Run a test upload and download the enriched CSV. Requirements An n8n instance with the ability to host Forms and run workflows A Lookio account (API Key) and an Assistant ID How to take it further Add rate limiting / retries: Insert error handling and delay nodes to respect API limits for large batches. Improve the speed: You could drastically reduce the processing time by parallelizing the queries instead of doing them one after the other in the loop. For that, you could use HTTP request nodes that would trigger your sort of sub-workflow. Store results: Add an Airtable or Google Sheets node to archive questions and responses for audit and reuse. Post-process answers: Add an LLM node to summarize or standardize responses, or to add confidence flags. Trigger variations: Replace the Form Trigger with a Google Drive or Airtable trigger to process CSVs automatically from a folder or table.

Guillaume DuvernayBy Guillaume Duvernay
293