🎯 Threat Intelligence
======================

🛠️ Tool

Executive summary: A curated catalog of 100 n8n workflow ideas
targeting Red Team, Blue Team (SOC/DFIR/TI), AppSec/DevSecOps and
general platform security. Each entry maps a specific objective to
integrations and a node-level flow outline suitable for direct
implementation in n8n.

Technical scope and components: The collection spans reconnaissance
(subfinder, amass, DNSDB), active scanning (nmap, naabu, masscan),
telemetry enrichment (Shodan, Censys, GeoIP, AbuseIPDB), offensive
tooling orchestration (GoPhish, custom IdP for lab credential sprays),
artifact lifecycle (S3/TimescaleDB/PostgreSQL), and C2/event
forwarding (CS/Havoc/Sliver webhooks). Flows consistently use common
n8n primitives: Cron/Webhook triggers, Exec/HTTP request nodes,
IF/Switch logic, database upserts, and batching/merge nodes for scale.

Implementation considerations: Several ideas assume controlled lab
environments (credential spraying, EDR evasion tests, malicious macro
builders). The patterns emphasize separation of concerns:
scanning/extraction → enrichment → dedupe/persistence → alerting/issue
creation. Integrations call for credential handling via secret stores
and rate-limiting (delay/wait nodes) to avoid false positives and
service throttling.

Detection and defensive value: For Blue Team use-cases, flows include
automated ingestion of C2 events, decoy link tracking with GeoIP and
reputation scoring, exfiltration simulation to cloud storage for DLP
tuning, and continuous attack-surface change detection that creates
tickets for new/changed hosts or open ports. These provide repeatable
pipelines for measurement and tuning of SOC detections.

Operational risks and guardrails: Several recipes are explicitly
offensive and must remain confined to testbeds. Logging and artifact
management recommendations include hashing artifacts at ingest,
storing evidence in immutable buckets, and tagging DB records with
provenance to support IR workflows.

Concluding assessment: This collection is a practical playbook for
security teams seeking to automate repetitive reconnaissance, testing
and monitoring tasks using n8n. It lowers implementation friction by
providing ready-to-adapt node sequences and integration patterns.

🔹 n8n #automation #subfinder #gophish #bookmark

🔗 Source: https://github.com/CyberSecurityUP/n8n-CyberSecurity-Workflows

The second #OSINT and #recon tool I want to share is #subfinder by @pdiscoveryio.

It is a tool for passively enumerating subdomains and can be extended by using APIs like Shodan.
Subdomains are a vital part of an organizations attack surface and this tools makes it easy to find them.

Check it out here:

https://github.com/projectdiscovery/subfinder

If you want to learn about the other tools, I have highlighted: Check my profile and follow me to get the rest of this small series.

#infosec #bugbounty

Simple Script for Finding Cross
Site Scripting (XSS) vulns

#!/bin/bash

subfinder -d $1 -o domains_subfinder_$1
amass enum --passive -d $1 -o domains_$1

cat domains_subfinder_$1 | tee -a domain_$1
cat domains_$1 | filter-resolved | tee -a domains_$1.txt

cat domains_$1.txt | httprobe -p http:81 -p http:8080 -p https:8443 | waybackurls | kxss | tee xss.txt

https://github.com/projectdiscovery/subfinder
https://github.com/OWASP/Amass
https://github.com/tomnomnom/hacks/tree/master/filter-resolved
https://github.com/tomnomnom/httprobe
https://github.com/tomnomnom/waybackurls
https://github.com/tomnomnom/hacks/tree/master/kxss

#bugbounty #bugbountytips #xss #subfinder #httprobe #waybackurls #kxss #amass

Scanning for CISA Top exploited vulnerabilities

subfinder -d site.com -all -silent | httpx -silent | nuclei -rl 50 -c 15 -timeout 10 -tags cisa -vv

https://github.com/projectdiscovery/subfinder
https://github.com/projectdiscovery/httpx
https://github.com/projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei-templates
#bugbounty #bugbountytips #subfinder #nuclei #httpx #cisa