EnumX:サブドメイン自動DNSクエリとMarkdownエクスポート
中級
これはSecOps分野の自動化ワークフローで、13個のノードを含みます。主にSet, Code, Gmail, Merge, HttpRequestなどのノードを使用。 HackerTarget APIとGmailを使用した自動化されたサブドメインDNSレコード照会
前提条件
- •Googleアカウント + Gmail API認証情報
- •ターゲットAPIの認証情報が必要な場合あり
カテゴリー
ワークフロープレビュー
ノード接続関係を可視化、ズームとパンをサポート
ワークフローをエクスポート
以下のJSON設定をn8nにインポートして、このワークフローを使用できます
{
"id": "RNNkYFKdsO7f3dSi",
"meta": {
"instanceId": "6feff41aadeb8409737e26476f9d0a45f95eec6a9c16afff8ef87a662455b6df",
"templateCredsSetupCompleted": true
},
"name": "EnumX: Auto DNS Lookup for Subdomains with Markdown Export",
"tags": [
{
"id": "gGA3sGFynnEJEGfZ",
"name": "Enumeration Engine",
"createdAt": "2025-07-24T00:23:37.375Z",
"updatedAt": "2025-07-24T00:23:37.375Z"
}
],
"nodes": [
{
"id": "18df8e48-3d79-413e-bac0-a08fdd167866",
"name": "ワークフロー実行時",
"type": "n8n-nodes-base.manualTrigger",
"position": [
-2120,
20
],
"parameters": {},
"typeVersion": 1
},
{
"id": "2ec4a837-11f3-4af3-ac37-345ce4fa9947",
"name": "🌐 ターゲットドメイン",
"type": "n8n-nodes-base.set",
"position": [
-1920,
20
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "0383ffe1-377f-48ad-a476-8e67eabdfefa",
"name": "domain",
"type": "string",
"value": "example.com"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "8d9989c2-4f04-4a12-8eae-04a89152bae2",
"name": "📡 サブドメイン列挙",
"type": "n8n-nodes-base.httpRequest",
"position": [
-1700,
20
],
"parameters": {
"url": "=https://api.hackertarget.com/hostsearch/?q={{$json[\"domain\"]}}",
"options": {
"response": {
"response": {
"responseFormat": "text",
"outputPropertyName": ""
}
}
}
},
"typeVersion": 4.2
},
{
"id": "1b26f151-215a-4898-b5a0-5e6f0ed2d39d",
"name": "🧠 サブドメイン解析",
"type": "n8n-nodes-base.code",
"position": [
-1480,
20
],
"parameters": {
"jsCode": "// Get the first item (raw output from Subdomain Enum)\nconst item = $items(\"📡 Subdomain Enum\")[0];\nconst rawText = Object.values(item.json)[0]; // the unnamed field\n\nconst lines = rawText.split(\"\\n\");\n\nreturn lines\n .filter(line => line.trim() !== \"\")\n .map(line => {\n const [subdomain, ip] = line.split(\",\");\n return { json: { subdomain, ip } };\n });"
},
"typeVersion": 2
},
{
"id": "e9c560c3-4cb9-42f2-9cac-000f71c700d6",
"name": "🌐 DNSレコード",
"type": "n8n-nodes-base.httpRequest",
"position": [
-1240,
160
],
"parameters": {
"url": "=https://api.hackertarget.com/dnslookup/?q={{$json[\"subdomain\"]}}",
"options": {
"response": {
"response": {
"responseFormat": "text",
"outputPropertyName": "dns"
}
}
}
},
"typeVersion": 4.2,
"alwaysOutputData": true
},
{
"id": "3e10f83e-3ec6-41fe-8a9f-c2a62d077f72",
"name": "📝 DNS Markdownフォーマット",
"type": "n8n-nodes-base.code",
"position": [
-640,
40
],
"parameters": {
"mode": "runOnceForEachItem",
"jsCode": "const input = $input.item.json;\nconst subdomain = input.subdomain || \"unknown.subdomain\";\n\n// Explicitly access each DNS record type\nconst dnsRecords = {\n A: input.a || [],\n AAAA: input.aaaa || [],\n CNAME: input.cname || [],\n TXT: input.txt || [],\n MX: input.mx || [],\n NS: input.ns || [],\n SOA: input.soa || []\n};\n\nlet markdown = `### DNS Records for: ${subdomain}\\n\\n`;\n\nfor (const [type, records] of Object.entries(dnsRecords)) {\n if (Array.isArray(records) && records.length > 0) {\n const formatted = records.map(r => `- ${r}`).join('\\n');\n markdown += `**${type}**:\\n${formatted}\\n\\n`;\n } else {\n markdown += `**${type}**:\\n- No records found.\\n\\n`;\n }\n}\n\nreturn {\n json: {\n subdomain,\n dns_markdown: markdown.trim()\n }\n};\n"
},
"typeVersion": 2
},
{
"id": "c25357fb-a67b-49dc-8614-28d2d0760884",
"name": "🔗 DNS + サブドメイン統合",
"type": "n8n-nodes-base.merge",
"position": [
-840,
40
],
"parameters": {
"mode": "combine",
"options": {},
"joinMode": "keepEverything",
"fieldsToMatchString": "subdomain"
},
"typeVersion": 3.2
},
{
"id": "c55d3e8f-0d07-4e57-a2e7-6658f74edba7",
"name": "🧠 DNSレコード解析",
"type": "n8n-nodes-base.code",
"position": [
-1020,
160
],
"parameters": {
"jsCode": "// Get raw text from DNS Lookup node\nconst dnsText = $json.dns || \"No data\";\n\n// Prepare output object\nconst recordTypes = ['A', 'AAAA', 'CNAME', 'TXT', 'MX', 'NS', 'SOA'];\nconst result = {\n subdomain: $json.subdomain || \"unknown.subdomain\"\n};\n\n// Initialize arrays for each type\nfor (const type of recordTypes) {\n result[type.toLowerCase()] = [];\n}\n\n// Parse each line\ndnsText.split('\\n').forEach(line => {\n const match = line.match(/^(\\w+)\\s*:\\s*(.*)$/);\n if (match) {\n const type = match[1].toUpperCase();\n const value = match[2].trim();\n if (recordTypes.includes(type)) {\n result[type.toLowerCase()].push(value);\n }\n }\n});\n\n// If no values found, insert \"No records found\"\nfor (const type of recordTypes) {\n if (result[type.toLowerCase()].length === 0) {\n result[type.toLowerCase()].push(\"No records found.\");\n }\n}\n\nreturn [ { json: result } ];"
},
"typeVersion": 2
},
{
"id": "b4878f12-57b1-48ed-8662-d84227209abe",
"name": "Gmail",
"type": "n8n-nodes-base.gmail",
"position": [
-240,
40
],
"webhookId": "e825199e-fc30-4a63-8b93-8a874b7755a7",
"parameters": {
"sendTo": "security-team@example.com",
"message": "=<pre style=\"font-family: monospace; white-space: pre-wrap;\">{{$json[\"full_report\"]}}</pre>\n<p>—<br>This email was sent automatically with n8n<br><a href=\"https://n8n.io\">https://n8n.io</a></p>",
"options": {},
"subject": "=🧠 DNS Report: All Subdomains"
},
"credentials": {
"gmailOAuth2": {
"id": "wbHKmSEka16PTXzD",
"name": "xiantani"
}
},
"typeVersion": 2.1
},
{
"id": "ff036e1c-a60a-471d-a094-9dad49df4b82",
"name": "🧩 全Markdown統合",
"type": "n8n-nodes-base.code",
"position": [
-440,
40
],
"parameters": {
"jsCode": "const combinedMarkdown = items\n .map(item => item.json.dns_markdown)\n .join('\\n\\n---\\n\\n'); // separator for readability\n\nreturn [\n {\n json: {\n full_report: combinedMarkdown.trim()\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "77583a90-95c4-4150-893f-c35c280e67d7",
"name": "付箋",
"type": "n8n-nodes-base.stickyNote",
"position": [
0,
0
],
"parameters": {
"color": 7,
"width": 700,
"height": 1280,
"content": "\n\n🎯 Purpose\n\nThis workflow automatically scans and collects DNS records for all known subdomains associated with a given domain (e.g., example.com) and emails a formatted markdown report.\n\n🛠️ What It Does\nTakes a list of subdomains\n\nPerforms DNS lookups for records like:\n\nA\n\nAAAA\n\nCNAME\n\nTXT\n\nMX\n\nNS\n\nSOA\n\nFormats the result in Markdown\n\nSends an email report to a designated recipient\n\n🌟 Benefits\nVisibility: Provides ongoing awareness of DNS configurations for each subdomain\n\nSecurity: Helps detect misconfigured, stale, or malicious DNS records\n\nAutomation: Reduces manual checking or use of third-party services\n\nAudit-ready: Output can be stored or forwarded to SOC or IT security\n\nEasy to read: Markdown formatting allows both tech and non-tech users to review reports\n\n🔒 Compliance Alignment\nThis workflow supports compliance and best practices across multiple frameworks:\n| Framework | Relevance |\n| ------------------- | --------------------------------------------------------------------------- |\n| **ISO 27001** | A.12.6.1: Technical vulnerability management (external exposure monitoring) |\n| **NIST CSF** | DE.CM-7: Monitoring for unauthorized connections |\n| **Essential Eight** | Supports vulnerability awareness and passive monitoring |\n| **SOC 2** | Security & Availability — monitoring of system components |\n| **CIS Controls** | Control 1 & 8: Inventory and DNS monitoring of assets |\n\n📬 Current Output Destination\nEmail: abc@gmail.com\n(Editable for any internal SOC, DevOps, or security contact)\n\n📅 Recommended Schedule\nDaily or weekly execution via Cron node\n\nOptional Slack or SIEM integration (future scope)\n\n📌 Tags\n#dns-monitoring #compliance #email-report #subdomain-check #automation #n8n\n"
},
"typeVersion": 1
},
{
"id": "c732eca8-5fb8-439b-900e-567e8f00f86e",
"name": "付箋1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1980,
-140
],
"parameters": {
"color": 7,
"width": 260,
"height": 340,
"content": "\n\n\n✏️ Set your target domain here. \nDefault is \"example.com\". \nYou can also connect this to an external trigger or cron node for periodic scans.\n"
},
"typeVersion": 1
},
{
"id": "9f7c3150-286d-4c67-9230-312c72c119e3",
"name": "付箋2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-300,
-120
],
"parameters": {
"color": 7,
"width": 280,
"height": 360,
"content": "\n\n\n📧 This sends the final DNS Markdown report via email. \nUpdate the recipient address to your own inbox. \nYou can replace Gmail with Slack, Notion, or webhook as needed.\n"
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "beedf29e-0d17-4c06-bb30-fdb9e35053bf",
"connections": {
"e9c560c3-4cb9-42f2-9cac-000f71c700d6": {
"main": [
[
{
"node": "c55d3e8f-0d07-4e57-a2e7-6658f74edba7",
"type": "main",
"index": 0
}
]
]
},
"2ec4a837-11f3-4af3-ac37-345ce4fa9947": {
"main": [
[
{
"node": "8d9989c2-4f04-4a12-8eae-04a89152bae2",
"type": "main",
"index": 0
}
]
]
},
"8d9989c2-4f04-4a12-8eae-04a89152bae2": {
"main": [
[
{
"node": "1b26f151-215a-4898-b5a0-5e6f0ed2d39d",
"type": "main",
"index": 0
}
]
]
},
"1b26f151-215a-4898-b5a0-5e6f0ed2d39d": {
"main": [
[
{
"node": "e9c560c3-4cb9-42f2-9cac-000f71c700d6",
"type": "main",
"index": 0
},
{
"node": "c25357fb-a67b-49dc-8614-28d2d0760884",
"type": "main",
"index": 0
}
]
]
},
"c55d3e8f-0d07-4e57-a2e7-6658f74edba7": {
"main": [
[
{
"node": "c25357fb-a67b-49dc-8614-28d2d0760884",
"type": "main",
"index": 1
}
]
]
},
"ff036e1c-a60a-471d-a094-9dad49df4b82": {
"main": [
[
{
"node": "b4878f12-57b1-48ed-8662-d84227209abe",
"type": "main",
"index": 0
}
]
]
},
"3e10f83e-3ec6-41fe-8a9f-c2a62d077f72": {
"main": [
[
{
"node": "ff036e1c-a60a-471d-a094-9dad49df4b82",
"type": "main",
"index": 0
}
]
]
},
"c25357fb-a67b-49dc-8614-28d2d0760884": {
"main": [
[
{
"node": "3e10f83e-3ec6-41fe-8a9f-c2a62d077f72",
"type": "main",
"index": 0
}
]
]
},
"18df8e48-3d79-413e-bac0-a08fdd167866": {
"main": [
[
{
"node": "2ec4a837-11f3-4af3-ac37-345ce4fa9947",
"type": "main",
"index": 0
}
]
]
}
}
}よくある質問
このワークフローの使い方は?
上記のJSON設定コードをコピーし、n8nインスタンスで新しいワークフローを作成して「JSONからインポート」を選択、設定を貼り付けて認証情報を必要に応じて変更してください。
このワークフローはどんな場面に適していますか?
中級 - セキュリティ運用
有料ですか?
このワークフローは完全無料です。ただし、ワークフローで使用するサードパーティサービス(OpenAI APIなど)は別途料金が発生する場合があります。
関連ワークフロー
PCI 制御評価を自動化
Google Sheetsを使ってPCI DSSコントロールの評価とコンプライアンス追跡を自動化する
If
Set
Code
+
If
Set
Code
19 ノードAdnan Tariq
セキュリティ運用
GRC - セキュリティアンケートの自動回答
自動化したセキュリティアンケートの回答:GPT-4oとGoogle Sheets
If
Set
Code
+
If
Set
Code
11 ノードAdnan Tariq
セキュリティ運用
CyberScan GitHub クローン
Nessus、リスク階層化、Google Sheetsレポートを活用したAI脆弱性スキャナー
If
Set
Code
+
If
Set
Code
39 ノードAdnan Tariq
セキュリティ運用
CYBERPULSEBlueOps_モジュール1 クライアントコピー1
自動CVEおよびIOCデータソース摄取、OpenAIによるリスク評価とメールアラート付き
If
Code
Merge
+
If
Code
Merge
21 ノードAdnan Tariq
セキュリティ運用
🔴 RedOps モジュール 6 - 自動レポート
Google Sheets から Gmail へ 1 日ごとの RedOps セキュリティシミュレーション報告書を自動生成
Code
Gmail
Google Sheets
+
Code
Gmail
Google Sheets
6 ノードAdnan Tariq
セキュリティ運用
🔴 RedOps モジュール 1 – PhishForge
OpenAIとGoogleスプレッドシートを基盤とした内部フィッシングシミュレーションセキュリティ研修
Set
Gmail
Webhook
+
Set
Gmail
Webhook
12 ノードAdnan Tariq
セキュリティ運用
ワークフロー情報
難易度
中級
ノード数13
カテゴリー1
ノードタイプ7
作成者
Adnan Tariq
@adnantariqFounder of CYBERPULSE AI — helping security teams and SMEs eliminate repetitive tasks through modular n8n automations. I build workflows for vulnerability triage, compliance reporting, threat intel, and Red/Blue/GRC ops. Book a session if you'd like custom automation for your use case. https://linkedin.com/in/adnan-tariq-4b2a1a47
外部リンク
n8n.ioで表示 →
このワークフローを共有