WebSecScan: AI-powered website security auditor
WebSecScan: AI-Powered Website Security Auditor This n8n workflow provides comprehensive website security analysis by leveraging OpenAI's models to detect vulnerabilities, configuration issues, and security misconfigu...
Template notes
WebSecScan: AI-Powered Website Security Auditor
This n8n workflow provides comprehensive website security analysis by leveraging OpenAI's models to detect vulnerabilities, configuration issues, and security misconfigurations. The workflow generates a professional HTML security report delivered directly via Gmail.
Key Features
- Dual-Layer Security Analysis: Performs parallel security audits using specialized OpenAI agents: - Header Configuration Audit: Analyzes HTTP headers, CORS policies, CSP implementation, and cookie security - Vulnerability Assessment: Identifies XSS vectors, information disclosure, and client-side weaknesses - Detailed Security Grading: Automatically calculates a security grade (A+ to F) based on findings severity and quantity
- Professional Report Generation: Creates a comprehensive HTML report with: - Security grade visualization - Color-coded vulnerability categories - Detailed recommendations with example configuration fixes - Header presence/absence indicators - Implementation guidance for remediation
- Non-Invasive Testing: Performs analysis without active scanning or exploitation attempts
Technical Implementation
- Multi-Agent Architecture: Utilizes two specialized OpenAI agents with custom prompts tailored for security analysis - Advanced Header Analysis: Detects presence and proper implementation of critical security headers: - Content-Security-Policy - Strict-Transport-Security - X-Content-Type-Options - X-Frame-Options - Referrer-Policy - Permissions-Policy