ScriptSentry:检测JavaScript中的敏感信息
中级
这是一个SecOps、AI Summarization领域的自动化工作流,包含 14 个节点。主要使用 Set、Code、Gmail、Aggregate、FormTrigger 等节点。 ScriptSentry:检测JavaScript中的敏感信息
前置要求
- •Google 账号和 Gmail API 凭证
- •OpenAI API Key
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"meta": {
"instanceId": "01ae5aeb0f03250e714391f10c410bfe49fcc3d6c533f86b8ecaa9248deb7305",
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "37579c21-cc34-4bf0-afb1-1ab27b724083",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
260,
-640
],
"parameters": {
"width": 320,
"height": 200,
"content": "## JavaScript 扫描和电子邮件模板"
},
"typeVersion": 1
},
{
"id": "ac3fc532-39de-4a5d-b32d-0add527e6a80",
"name": "便签1",
"type": "n8n-nodes-base.stickyNote",
"position": [
740,
-600
],
"parameters": {
"content": "## Gmail 说明"
},
"typeVersion": 1
},
{
"id": "2260d825-f031-4855-a16c-b5437b37ecab",
"name": "Sticky Note2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-820,
-600
],
"parameters": {
"content": "## 目标 URL"
},
"typeVersion": 1
},
{
"id": "62d27256-173e-4b99-aad1-ac0bdf29fbd0",
"name": "Sticky Note3",
"type": "n8n-nodes-base.stickyNote",
"position": [
-540,
-600
],
"parameters": {
"content": "## Puppeteer"
},
"typeVersion": 1
},
{
"id": "d58ed46c-b951-437c-8ad5-665d5bc08dbf",
"name": "便签4",
"type": "n8n-nodes-base.stickyNote",
"position": [
-180,
-540
],
"parameters": {
"height": 80,
"content": "## JavaScript 爬虫"
},
"typeVersion": 1
},
{
"id": "391acacc-b664-4c6e-a8db-66aa179ce27a",
"name": "Landing Page Url1",
"type": "n8n-nodes-base.formTrigger",
"position": [
-680,
-400
],
"webhookId": "1513fa86-f085-4f19-9d99-2ff9c68b1429",
"parameters": {
"options": {},
"formTitle": "Website Security Scanner",
"formFields": {
"values": [
{
"fieldLabel": "Landing Page Url",
"placeholder": "https://example.com",
"requiredField": true
}
]
},
"formDescription": "Check your website for security vulnerabilities and get a detailed report"
},
"typeVersion": 2.2
},
{
"id": "72423ed3-8c31-4bdb-9795-5e9dcac8240b",
"name": "Puppeteer1",
"type": "n8n-nodes-puppeteer.puppeteer",
"position": [
-480,
-400
],
"parameters": {
"url": "={{ $json['Landing Page Url'] }}",
"options": {
"waitUntil": "networkidle2"
}
},
"typeVersion": 1
},
{
"id": "6e3de382-6380-4759-99fd-e09e59a4af18",
"name": "JavaScript Extractor1",
"type": "n8n-nodes-base.code",
"position": [
-260,
-400
],
"parameters": {
"jsCode": "// Extract script URLs from HTML\n// Return only JavaScript links\nconst output = [];\nconst html = $input.first()?.json?.body || '';\nconst regex = /<script[^>]*src=\"([^\"]+)\"[^>]*>/g;\nlet match;\nwhile ((match = regex.exec(html)) !== null) {\n output.push({ json: { URL: match[1] } });\n}\nreturn output;"
},
"typeVersion": 2
},
{
"id": "d1ce9376-bf71-4124-8bd6-1ed303a1e92b",
"name": "聚合1",
"type": "n8n-nodes-base.aggregate",
"position": [
-40,
-400
],
"parameters": {
"options": {},
"aggregate": "aggregateAllItemData"
},
"typeVersion": 1
},
{
"id": "90af1eee-9203-4cc7-b550-5ae1e83d4b68",
"name": "Data Mapper1",
"type": "n8n-nodes-base.set",
"position": [
180,
-400
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"name": "data[0]",
"type": "object",
"value": "={{ $json.data[0] }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "7f65efcd-c68b-4240-b606-0a9477d3aa0e",
"name": "Format Report for Email1",
"type": "n8n-nodes-base.code",
"position": [
600,
-400
],
"parameters": {
"jsCode": "const aiReport = $json.output || 'No AI report.';\n\nreturn [{\n json: {\n htmlReport: `<html><body><h1>AI Report</h1><pre>${aiReport}</pre></body></html>`\n }\n}];"
},
"typeVersion": 2
},
{
"id": "5d9fed26-4933-4218-b18e-410d44e80e0f",
"name": "发送消息1",
"type": "n8n-nodes-base.gmail",
"position": [
800,
-400
],
"webhookId": "a9f5eae2-5ae7-447a-9572-659ab7db4303",
"parameters": {
"sendTo": "admin@example.com",
"message": "={{ $json.htmlReport }}",
"options": {
"senderName": "n8n"
},
"subject": "Static subject (edit manually)"
},
"credentials": {
"gmailOAuth2": {
"id": "D27Ngmpoop90smsf",
"name": "Gmail account"
}
},
"typeVersion": 2.1
},
{
"id": "429e56c8-376a-41e7-86b2-43e7aed912e0",
"name": "OpenAI 聊天模型",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
360,
-220
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "gpt-4.1-mini"
},
"options": {}
},
"credentials": {
"openAiApi": {
"id": "JEFyM2VFpoopcWVKno",
"name": "OpenAi account"
}
},
"typeVersion": 1.2
},
{
"id": "e2f270c0-c036-44be-ba02-abbf69ec6a25",
"name": "JavaScript Search Agent w/Email Template1",
"type": "@n8n/n8n-nodes-langchain.agent",
"position": [
320,
-380
],
"parameters": {
"text": "=You are a cybersecurity expert supporting an ethical hacker in a security assessment of the website {{ $('Landing Page Url1').item.json['Landing Page Url'] }}. Your task is to analyze the content of JavaScript files listed in the input data: {{ JSON.stringify($input.all()) }}. Include only URLs with a 'JavaScript' category or ending in '.js' that originate from the domain of the searched website ({{ $('Landing Page Url1').item.json['Landing Page Url'] }}). For each relevant JavaScript file, use the provided content in the 'body' field to check for sensitive information, such as API keys (e.g., 'api_key', 'x-api-token'), email addresses (e.g., 'user@example.com'), personal names (e.g., 'adminUser'), and configuration details (e.g., endpoints like 'https://api.example.com'). \n\nGenerate a professionally formatted email summarizing the findings, addressed to User and signed by Admin. The email should include:\n- The assessed website: {{ $('Landing Page Url1').item.json['Landing Page Url'] }}.\n- A numbered list of JavaScript URLs from the target domain, each with:\n - Sensitive data found (e.g., type and keywords, not full content).\n - A concise, actionable recommendation (e.g., relocate hardcoded credentials to a secure vault).\n- For URLs with no sensitive data, state \"No sensitive data identified\" and recommend ongoing monitoring.\n- If no relevant JavaScript URLs are found, explicitly state: \"No JavaScript files from the target domain were identified.\"\n\nDo not include the full content of the JavaScript files or these instructions. Format the output as a plain text email for use in a subsequent email node, following this structure:\n\nSubject: Security Assessment: JavaScript Files for {{ $('Landing Page Url1').item.json['Landing Page Url'] }}\n\nDear User,\n\nAs part of a security assessment for {{ $('Landing Page Url1').item.json['Landing Page Url'] }}, I analyzed the JavaScript files linked from the website to identify potential sensitive information exposures. Below is a summary of the findings, detailing any sensitive data detected in JavaScript files from the target domain, along with remediation recommendations.\n\nFindings:\n1. [URL]\n - Sensitive Data: [Type, e.g., API Key ('api_key'), Email ('user@example.com')]\n - Recommendation: [Action, e.g., Relocate hardcoded credentials to a secure vault]\n2. [URL]\n - Sensitive Data: [Type or \"No sensitive data identified\"]\n - Recommendation: [Action or \"Continue monitoring for changes\"]\n\nNext Steps:\nPlease review the listed JavaScript files for the identified keywords and implement the recommended actions to mitigate security risks. Contact me for further assistance or to discuss remediation strategies.\n\nBest regards,\nAdmin\n\nHere are the links:\n{{ $('Aggregate1').item.json.data[0].URL }}\n{{ $('Aggregate1').item.json.data[1].URL }}\n{{ $('Aggregate1').item.json.data[2].URL }}\n{{ $('Aggregate1').item.json.data[3].URL }}\n{{ $('Aggregate1').item.json.data[4].URL }}\n{{ $('Aggregate1').item.json.data[5].URL }}\n{{ $('Aggregate1').item.json.data[6].URL }}\n{{ $('Aggregate1').item.json.data[7].URL }}\n{{ $('Aggregate1').item.json.data[8].URL }}\n{{ $('Aggregate1').item.json.data[9].URL }}\n{{ $('Aggregate1').item.json.data[10].URL }}\n{{ $('Aggregate1').item.json.data[11].URL }}\n{{ $('Aggregate1').item.json.data[12].URL }}\n{{ $('Aggregate1').item.json.data[13].URL }}\n{{ $('Aggregate1').item.json.data[14].URL }}\n{{ $('Aggregate1').item.json.data[15].URL }}\n{{ $('Aggregate1').item.json.data[16].URL }}\n{{ $('Aggregate1').item.json.data[17].URL }}\n{{ $('Aggregate1').item.json.data[18].URL }}\n{{ $('Aggregate1').item.json.data[19].URL }}\n{{ $('Aggregate1').item.json.data[20].URL }}\n{{ $('Aggregate1').item.json.data[21].URL }}\n{{ $('Aggregate1').item.json.data[22].URL }}\n{{ $('Aggregate1').item.json.data[23].URL }}\n{{ $('Aggregate1').item.json.data[24].URL }}\n{{ $('Aggregate1').item.json.data[25].URL }}\n{{ $('Aggregate1').item.json.data[26].URL }}\n{{ $('Aggregate1').item.json.data[27].URL }}\n{{ $('Aggregate1').item.json.data[28].URL }}\n{{ $('Aggregate1').item.json.data[29].URL }}\n{{ $('Aggregate1').item.json.data[30].URL }}\n{{ $('Aggregate1').item.json.data[31].URL }}\n{{ $('Aggregate1').item.json.data[32].URL }}",
"options": {},
"promptType": "define"
},
"typeVersion": 2
}
],
"pinData": {},
"connections": {
"Aggregate1": {
"main": [
[
{
"node": "Data Mapper1",
"type": "main",
"index": 0
}
]
]
},
"Puppeteer1": {
"main": [
[
{
"node": "JavaScript Extractor1",
"type": "main",
"index": 0
}
]
]
},
"Data Mapper1": {
"main": [
[
{
"node": "JavaScript Search Agent w/Email Template1",
"type": "main",
"index": 0
}
]
]
},
"Landing Page Url1": {
"main": [
[
{
"node": "Puppeteer1",
"type": "main",
"index": 0
}
]
]
},
"OpenAI Chat Model": {
"ai_languageModel": [
[
{
"node": "JavaScript Search Agent w/Email Template1",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"JavaScript Extractor1": {
"main": [
[
{
"node": "Aggregate1",
"type": "main",
"index": 0
}
]
]
},
"Format Report for Email1": {
"main": [
[
{
"node": "Send a message1",
"type": "main",
"index": 0
}
]
]
},
"JavaScript Search Agent w/Email Template1": {
"main": [
[
{
"node": "Format Report for Email1",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
这是一个中级难度的工作流,适用于SecOps、AI Summarization等场景。适合有一定经验的用户,包含 6-15 个节点的中等复杂度工作流
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
使用 Tavily 的职位发布
基于 Tavily 的自动化职位搜索
Set
Code
Gmail
+8
17 节点May Ramati Kroitero
Miscellaneous
使用AI分析检测病毒式YouTube视频并发送邮件报告
使用AI分析检测病毒式YouTube视频并发送邮件报告
Set
Code
Sort
+14
26 节点gclbck
Miscellaneous
使用Bright Data MCP和AIAgents搜索和分析社交媒体资料
使用AI生成360度社交媒体报告 - Bright Data MCP
Set
Code
Form
+13
50 节点Romuald Członkowski
Lead Generation
选题捕手模板
使用Gemini分析Reddit、YouTube和X生成内容策略报告
If
Set
Code
+14
34 节点Sheryl
Market Research
AI线索培育、资质判定与跟进
使用GPT-4o、Google Workspace和自动跟进的线索生成与资质判定
If
Set
Code
+10
41 节点Franz
Lead Generation
WebSecScan:AI驱动的网站安全审计器
WebSecScan:AI驱动的网站安全审计器
Code
Gmail
Merge
+6
19 节点Dale Dunlop
AI
工作流信息
难度等级
中级
节点数量14
分类2
节点类型9
作者
Sean Birmingham
@knuteI am seeking opportunities where I can leverage my skills and experience to contribute effectively. I thrive in environments that value adaptability, routine, and clear communication. I am excited to explore new opportunities and bring my unique perspective and determination to a forward-thinking organization.
外部链接
在 n8n.io 上查看 →
分享此工作流