钓鱼分析_URLScan_io 和 VirusTotal_
高级
这是一个SecOps领域的自动化工作流,包含 23 个节点。主要使用 If, Code, Wait, Merge, Slack 等节点。 钓鱼分析 - URLScan.io 和 VirusTotal
前置要求
- •Slack Bot Token 或 Webhook URL
- •可能需要目标 API 的认证凭证
使用的节点 (23)
分类
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "8EmNhftXznAGV3dR",
"meta": {
"instanceId": "03e9d14e9196363fe7191ce21dc0bb17387a6e755dcc9acc4f5904752919dca8"
},
"name": "钓鱼分析_URLScan_io 和 VirusTotal_",
"tags": [
{
"id": "GCHVocImoXoEVnzP",
"name": "🛠️ In progress",
"createdAt": "2023-10-31T02:17:21.618Z",
"updatedAt": "2023-10-31T02:17:21.618Z"
},
{
"id": "QPJKatvLSxxtrE8U",
"name": "Secops",
"createdAt": "2023-10-31T02:15:11.396Z",
"updatedAt": "2023-10-31T02:15:11.396Z"
}
],
"nodes": [
{
"id": "f170068a-4540-4fbd-bd17-00a6367989d1",
"name": "当点击\"执行工作流\"时",
"type": "n8n-nodes-base.manualTrigger",
"position": [
-1760,
560
],
"parameters": {},
"typeVersion": 1
},
{
"id": "5a1e0490-6971-4490-a806-46da5e226365",
"name": "发送 slack 消息",
"type": "n8n-nodes-base.slack",
"position": [
-360,
1280
],
"parameters": {
"text": "=*Email Analysis*\n\nSubject: {{ $('Microsoft Outlook').item.json[\"subject\"] }}\nFrom: {{ $('Microsoft Outlook').item.json[\"sender\"][\"emailAddress\"][\"address\"] }}\nDate: {{ $('Microsoft Outlook').item.json[\"sentDateTime\"] }}\n\nReport:\n\n*URLScan Report URL:* {{ $('urlscan.io').item.json.result ? $('urlscan.io').item.json.result : \"N/A\" }}\n*Virustotal report:* https://www.virustotal.com/gui/url/{{ $json[\"data\"][\"id\"].split(\"-\")[1] }}\n*Virustotal Verdict:* {{ $json.data.attributes.stats.malicious + $json.data.attributes.stats.suspicious }} / {{ Object.keys($json.data.attributes.results).length }}",
"select": "channel",
"channelId": {
"__rl": true,
"mode": "name",
"value": "test-giulio-public"
},
"otherOptions": {}
},
"credentials": {
"slackApi": {
"id": "252",
"name": "Slack Bot Token | Giulio [✅ Share ok]"
}
},
"typeVersion": 2
},
{
"id": "65e70f8a-7514-455e-97bf-b11514b4eec2",
"name": "分批处理",
"type": "n8n-nodes-base.splitInBatches",
"position": [
-1020,
480
],
"parameters": {
"options": {},
"batchSize": 1
},
"typeVersion": 2
},
{
"id": "35084825-f3b2-4a01-b953-712c099a6451",
"name": "标记为已读",
"type": "n8n-nodes-base.microsoftOutlook",
"position": [
-1300,
560
],
"parameters": {
"messageId": "={{ $json.id }}",
"operation": "update",
"updateFields": {
"isRead": true
}
},
"credentials": {
"microsoftOutlookOAuth2Api": {
"id": "Zeu3LbjDbkwiCUik",
"name": "Microsoft Outlook | Giulio [✅ Share ok]"
}
},
"typeVersion": 1
},
{
"id": "62098c94-5735-4eed-a712-3f9887e0400f",
"name": "VirusTotal:扫描 URL",
"type": "n8n-nodes-base.httpRequest",
"position": [
-220,
700
],
"parameters": {
"url": "https://www.virustotal.com/api/v3/urls",
"method": "POST",
"options": {},
"sendQuery": true,
"authentication": "predefinedCredentialType",
"queryParameters": {
"parameters": [
{
"name": "url",
"value": "={{ $json.domain }}"
}
]
},
"nodeCredentialType": "virusTotalApi"
},
"credentials": {
"virusTotalApi": {
"id": "hVTFFXxLV4oWPOb0",
"name": "Virus Total | Giulio [✅ Share ok]"
}
},
"typeVersion": 4.1
},
{
"id": "55b7ce97-3609-4a16-b998-8bec77cffb59",
"name": "VirusTotal:获取报告",
"type": "n8n-nodes-base.httpRequest",
"position": [
200,
700
],
"parameters": {
"url": "=https://www.virustotal.com/api/v3/analyses/{{ $json.data.id }}",
"options": {},
"sendQuery": true,
"authentication": "predefinedCredentialType",
"queryParameters": {
"parameters": [
{
"name": "resource",
"value": "https://developers.virustotal.com/v2.0/reference/url-report"
}
]
},
"nodeCredentialType": "virusTotalApi"
},
"credentials": {
"virusTotalApi": {
"id": "hVTFFXxLV4oWPOb0",
"name": "Virus Total | Giulio [✅ Share ok]"
}
},
"typeVersion": 4.1
},
{
"id": "7bf3c7a0-94f9-410b-b0fe-e0d15d0ba895",
"name": "计划触发器",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-1760,
380
],
"parameters": {
"rule": {
"interval": [
{}
]
}
},
"typeVersion": 1.1
},
{
"id": "741f3221-bb73-4004-801e-e9c3030740f8",
"name": "查找入侵指标",
"type": "n8n-nodes-base.code",
"position": [
-780,
440
],
"parameters": {
"language": "python",
"pythonCode": "try:\n from ioc_finder import find_iocs\nexcept ImportError:\n import micropip\n await micropip.install(\"ioc-finder\")\n from ioc_finder import find_iocs\n\ntext = _input.first().json['body']['content']\nprint(text)\n\niocs = find_iocs(text)\n\nreturn [{\"json\": { \"domain\": item }} for item in iocs[\"urls\"]]"
},
"typeVersion": 2,
"alwaysOutputData": true
},
{
"id": "bf8ba285-e824-4104-82e0-fa2dba80f301",
"name": "URLScan:获取报告",
"type": "n8n-nodes-base.urlScanIo",
"position": [
640,
60
],
"parameters": {
"scanId": "={{ $json.scanId }}",
"operation": "get"
},
"credentials": {
"urlScanIoApi": {
"id": "eva7ViJyyrpmJDe3",
"name": "urlscan.io | Giulio [✅ Share ok]"
}
},
"typeVersion": 1
},
{
"id": "eb3b06e8-ffe3-4472-a70c-08fb2555e0fb",
"name": "URLScan:扫描 URL",
"type": "n8n-nodes-base.urlScanIo",
"position": [
-100,
120
],
"parameters": {
"url": "={{ $json.domain }}",
"additionalFields": {}
},
"credentials": {
"urlScanIoApi": {
"id": "eva7ViJyyrpmJDe3",
"name": "urlscan.io | Giulio [✅ Share ok]"
}
},
"typeVersion": 1,
"continueOnFail": true
},
{
"id": "34157694-635a-481b-b7d2-dcd4628b26fe",
"name": "有 URL 吗?",
"type": "n8n-nodes-base.if",
"position": [
-520,
440
],
"parameters": {
"conditions": {
"string": [
{
"value1": "={{ $json.domain }}",
"operation": "isNotEmpty"
}
]
}
},
"typeVersion": 1
},
{
"id": "33cad369-0598-433e-90f8-0e7333ec5e92",
"name": "没有错误?",
"type": "n8n-nodes-base.if",
"position": [
240,
120
],
"parameters": {
"conditions": {
"string": [
{
"value1": "={{ $json.error }}",
"operation": "isNotEmpty"
}
]
}
},
"typeVersion": 1
},
{
"id": "cba20d52-a56c-4ac0-99f2-d9b54adb342e",
"name": "不为空?",
"type": "n8n-nodes-base.filter",
"position": [
-640,
1280
],
"parameters": {
"conditions": {
"string": [
{
"value1": "={{ $json.data }}",
"operation": "isNotEmpty"
}
]
}
},
"typeVersion": 1
},
{
"id": "449c31e3-e098-43ec-a31b-1e383c6add57",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
-2051.228008430503,
-251.94391274976795
],
"parameters": {
"width": 474.5187061049208,
"height": 1008.8561536646063,
"content": ""
},
"typeVersion": 1
},
{
"id": "a8921212-aec4-422d-9f04-f402d7591475",
"name": "便签1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1560,
107
],
"parameters": {
"width": 397.3953488372091,
"height": 647.1076277970203,
"content": ""
},
"typeVersion": 1
},
{
"id": "fbad734e-4502-4d1b-8890-b05c486a1f70",
"name": "便签2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1140,
15.062288067451163
],
"parameters": {
"width": 859.9418604651164,
"height": 836.8098049558043,
"content": ""
},
"typeVersion": 1
},
{
"id": "8603fe5b-ad6b-4980-a28b-01531c6629f3",
"name": "便签3",
"type": "n8n-nodes-base.stickyNote",
"position": [
-260,
-313.5039999999999
],
"parameters": {
"width": 1099.116279069767,
"height": 618.8295813953489,
"content": ""
},
"typeVersion": 1
},
{
"id": "33299274-9f02-4ea0-af60-5dee53db2c34",
"name": "等待 1 分钟",
"type": "n8n-nodes-base.wait",
"position": [
480,
60
],
"webhookId": "469a8b5e-8b5a-4360-bc9d-3b253cc0ae24",
"parameters": {
"unit": "seconds",
"amount": 60
},
"typeVersion": 1
},
{
"id": "757ad81d-ae24-4b26-98ba-a571670be2a3",
"name": "便签4",
"type": "n8n-nodes-base.stickyNote",
"position": [
-260,
318.64011851851865
],
"parameters": {
"width": 1435.7278194659766,
"height": 540.6919228251508,
"content": "发送审核"
},
"typeVersion": 1
},
{
"id": "8e2cbf69-6c9e-4a98-ba5e-29b93eb2742f",
"name": "便签5",
"type": "n8n-nodes-base.stickyNote",
"position": [
-680,
880
],
"parameters": {
"width": 1213.8313506082789,
"height": 575.5779026440933,
"content": ""
},
"typeVersion": 1
},
{
"id": "a2a0dc81-b1f0-4d7b-b818-71bae58512a9",
"name": "获取所有未读消息",
"type": "n8n-nodes-base.microsoftOutlook",
"position": [
-1520,
560
],
"parameters": {
"operation": "getAll",
"additionalFields": {
"filter": "isRead eq false"
}
},
"credentials": {
"microsoftOutlookOAuth2Api": {
"id": "Zeu3LbjDbkwiCUik",
"name": "Microsoft Outlook | Giulio [✅ Share ok]"
}
},
"typeVersion": 1
},
{
"id": "a5793014-9575-4e05-b467-f295a09f0945",
"name": "便签6",
"type": "n8n-nodes-base.stickyNote",
"position": [
-260,
320
],
"parameters": {
"width": 615.527819465977,
"height": 540.6919228251508,
"content": ""
},
"typeVersion": 1
},
{
"id": "c8d5c248-77ba-4a7f-ab21-19ff8d60ed55",
"name": "合并报告",
"type": "n8n-nodes-base.merge",
"position": [
1040,
680
],
"parameters": {
"mode": "combine",
"options": {},
"combinationMode": "mergeByPosition"
},
"typeVersion": 2.1
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "02ba918c-5fee-4d3e-824f-1160881716b6",
"connections": {
"Has URL?": {
"main": [
[
{
"node": "URLScan: Scan URL",
"type": "main",
"index": 0
},
{
"node": "VirusTotal: Scan URL",
"type": "main",
"index": 0
}
],
[
{
"node": "Split In Batches",
"type": "main",
"index": 0
}
]
]
},
"No error?": {
"main": [
[
{
"node": "Merge Reports",
"type": "main",
"index": 0
}
],
[
{
"node": "Wait 1 Minute",
"type": "main",
"index": 0
}
]
]
},
"Not empty?": {
"main": [
[
{
"node": "sends slack message",
"type": "main",
"index": 0
}
]
]
},
"Mark as read": {
"main": [
[
{
"node": "Split In Batches",
"type": "main",
"index": 0
}
]
]
},
"Merge Reports": {
"main": [
[
{
"node": "Split In Batches",
"type": "main",
"index": 0
}
]
]
},
"Wait 1 Minute": {
"main": [
[
{
"node": "URLScan: Get report",
"type": "main",
"index": 0
}
]
]
},
"Schedule Trigger": {
"main": [
[
{
"node": "Get all unread messages",
"type": "main",
"index": 0
}
]
]
},
"Split In Batches": {
"main": [
[
{
"node": "Find indicators of compromise",
"type": "main",
"index": 0
}
],
[
{
"node": "Not empty?",
"type": "main",
"index": 0
}
]
]
},
"URLScan: Scan URL": {
"main": [
[
{
"node": "No error?",
"type": "main",
"index": 0
}
]
]
},
"URLScan: Get report": {
"main": [
[
{
"node": "Merge Reports",
"type": "main",
"index": 0
}
]
]
},
"VirusTotal: Scan URL": {
"main": [
[
{
"node": "VirusTotal: Get report",
"type": "main",
"index": 0
}
]
]
},
"VirusTotal: Get report": {
"main": [
[
{
"node": "Merge Reports",
"type": "main",
"index": 1
}
]
]
},
"Get all unread messages": {
"main": [
[
{
"node": "Mark as read",
"type": "main",
"index": 0
}
]
]
},
"Find indicators of compromise": {
"main": [
[
{
"node": "Has URL?",
"type": "main",
"index": 0
}
]
]
},
"When clicking \"Execute Workflow\"": {
"main": [
[
{
"node": "Get all unread messages",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
高级 - 安全运维
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
潜在客户开发与邮件工作流
使用Google Maps、SendGrid和AI自动化B2B潜在客户开发与邮件营销
If
Set
Code
+21
141 节点Ezema Kingsley Chibuzo
潜在客户开发
在可视化参考库中探索n8n节点
在可视化参考库中探索n8n节点
If
Ftp
Set
+93
113 节点I versus AI
其他
公司邮箱查找器新版本
使用 Serper.dev 和 AnyMailFinder 查找 B2B 决策者邮箱并构建潜在客户数据库
If
Set
Code
+11
33 节点Alexandra Spalato
AI 摘要总结
(Duc)深度研究市场模板
集成PerplexityAI研究和OpenAI内容的多层级WordPress博客生成器
If
Set
Xml
+28
132 节点Daniel Ng
人工智能
🕵️♂️ 自动GitHub扫描器 - 检测暴露的AWS IAM密钥
自动GitHub扫描器 - 检测暴露的AWS IAM密钥
If
Code
Wait
+6
18 节点Niranjan G
安全运维
电话销售循环
AI驱动电话销售自动化,集成Vapi.ai、GPT-4o和Google Sheets
If
Set
Wait
+8
38 节点Amit Mehta
销售
工作流信息
难度等级
高级
节点数量23
分类1
节点类型13
作者
n8n Team
@n8n-teamMeet the official n8n team. We specialize in building workflows that transform intricate tasks into seamless operations.
外部链接
在 n8n.io 查看 →
分享此工作流