URL and IP Threat Scanning Workflow

Name: URL and IP Threat Scanning Workflow
Rating: 3.0 (1 reviews)
Author: Free N8N

Beginner

0 nodes connected

detail.loadingPreview

Free N8N Temples

33 views

0 downloads

Securityautomationgreynoiseip scanningreportingsecuritythreat intelligenceurl scanningvirustotal

Scans provided URLs and IPs for malicious activity using VirusTotal and Greynoise, then reports findings via email and Slack.

🚀Ready to Deploy This Workflow?

⚡Deploy on Zeabur 🎁Get $200 Credit on DigitalOcean

About This Workflow

Overview

This n8n workflow automates the process of scanning URLs and IP addresses for potential threats. It leverages the VirusTotal API for comprehensive analysis and Greynoise to check for known malicious activity. The results are then consolidated and sent as a report to a specified email address and a Slack channel for immediate notification and review.

Key Features

Receives a list of URLs and/or IPs via webhook.
Determines if an input is an IP address or a URL.
Performs DNS lookups for URLs to resolve them to IP addresses.
Scans URLs and IPs using VirusTotal for threat intelligence.
Checks for threat information using Greynoise.
Merges results from both VirusTotal and Greynoise.
Sends a detailed report to a specified email address.
Notifies a Slack channel with a summary of the findings.

How To Use

Configure Webhook: Set up the "Webhook" node with your desired path and HTTP method (POST is recommended).
Input Data: Send a POST request to the webhook URL with a JSON body containing an array of data (each with a url field) and an email field for the report recipient. Example:

{ "data": [{"url": "1.1.1.1"}, {"url": "88.204.59.2"}, {"url": "facebook.com"}], "email": "your.email@example.com" }
Set up Credentials: Configure the necessary API credentials for VirusTotal and potentially Greynoise in n8n.
Configure Nodes: Update the API_BASE_URL and BASE_URL environment variables for the VirusTotal and DNS lookup nodes respectively.
Review Slack Channel: Ensure the "Send Report Slack" node is configured with the correct channel name (#notifications in the example).
Run Workflow: Activate the workflow and send data to the webhook.

Apps Used

automation

greynoise

ip scanning

reporting

security

threat intelligence

url scanning

virustotal

Workflow JSON

{
  "id": "40d8763b-ec27-434e-8761-2b874cfde060",
  "name": "URL and IP Threat Scanning Workflow",
  "nodes": 0,
  "category": "Security",
  "status": "active",
  "version": "1.0.0"
}

Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.

Get This Workflow

ID: 40d8763b-ec27...

About the Author

Free n8n Workflows Official

System Admin

The official repository for verified enterprise-grade workflows.

Statistics

Downloads0

Rating

3/5

Verification Info

📄

Source

nateherk_bulk

Get Custom Workflow

Need a specific automation? Our experts can build it for you.

Trusted by top companies
7+ years experience

Automate Qualys vulnerability scans and report generation directly from Slack.

0 nodes

161

View Workflow

Browse All n8n Workflows