{ "id": "Mg7AXksWUAkq3gfL", "meta": { "templateCredsSetupCompleted": true }, "name": "CVE Shoten", "tags": [], "nodes": [ { "id": "3f9c06b8-41e5-4328-bea9-f58408b6b944", "name": "Schedule Trigger", "type": "n8n-nodes-base.scheduleTrigger", "position": [ -672, 192 ], "parameters": { "rule": { "interval": [ { "field": "hours" } ] } }, "typeVersion": 1.2 }, { "id": "5e7e6a0f-8ae6-4190-b85d-c0615b5af6ff", "name": "\ud83d\udcd2 Overview", "type": "n8n-nodes-base.stickyNote", "position": [ -1360, 128 ], "parameters": { "color": 4, "width": 556, "height": 228, "content": "## \ud83c\udfaf CVE Shoten - Bug Bounty CVE Monitor\n\nAutomatically monitors new CVEs from NIST and generates AI-powered bug bounty relevance assessments.\n\n**Setup required:**\n1. Configure Google Gemini API credentials\n2. Set up Slack webhook/bot credentials\n3. Customize Slack channel ID" }, "typeVersion": 1 }, { "id": "3f6d4779-9fef-47ef-8ac4-ba4f57a8caf3", "name": "HTTP Request", "type": "n8n-nodes-base.httpRequest", "position": [ -448, 192 ], "parameters": { "url": "https://services.nvd.nist.gov/rest/json/cves/2.0", "options": {}, "sendQuery": true, "queryParameters": { "parameters": [ { "name": "pubStartDate", "value": "={{ new Date(Date.now() - 60 * 60 * 1000).toISOString() }}" }, { "name": "pubEndDate", "value": "={{ new Date().toISOString() }}" }, { "name": "resultsPerPage", "value": "20" }, { "name": "startIndex", "value": "0" } ] } }, "typeVersion": 4.2 }, { "id": "534cbfa4-7db1-4a70-92e8-0b07fc0fa07a", "name": "\ud83d\udcd2 NIST API", "type": "n8n-nodes-base.stickyNote", "position": [ -560, -160 ], "parameters": { "color": 2, "width": 344, "height": 204, "content": "## \ud83d\udd0d NIST CVE API\n\n**No credentials needed** - public API\n\nFetches CVEs published in the last hour:\n- Maximum 20 results per run\n- Includes severity scores and descriptions\n- Free to use with no rate limits" }, "typeVersion": 1 }, { "id": "a61a8245-ac38-4b35-8ad3-398c1a3209ff", "name": "Split Out", "type": "n8n-nodes-base.splitOut", "position": [ -256, 192 ], "parameters": { "options": {}, "fieldToSplitOut": "vulnerabilities" }, "typeVersion": 1 }, { "id": "0909109e-ae80-48ee-80f0-6e003b3cbb92", "name": "Edit Fields", "type": "n8n-nodes-base.set", "position": [ -48, 192 ], "parameters": { "options": {}, "assignments": { "assignments": [ { "id": "56767386-f217-4b9e-ba8d-518dd98e5a25", "name": "cve", "type": "string", "value": "={{ $json.cve.id }}" }, { "id": "74c34102-5090-4bc5-99d3-4403366eff89", "name": "published", "type": "string", "value": "={{ \n new Date($json.cve.published).toLocaleString('en-GB', { \n timeZone: 'UTC',\n weekday: 'short',\n year: 'numeric',\n month: 'short',\n day: 'numeric',\n hour: '2-digit',\n minute: '2-digit',\n hour12: false\n }) + ' (UTC)' \n}}" }, { "id": "a23a198f-fac6-425a-9f0a-2aa48cf5225b", "name": "cve_descriptions", "type": "string", "value": "={{ $json.cve.descriptions[0].value }}" }, { "id": "ed88ec1b-7b98-477f-87f0-e7353b794129", "name": "severity", "type": "string", "value": "={{\n $json.cve.metrics.cvssMetricV40\n ? $json.cve.metrics.cvssMetricV40[0].cvssData.baseSeverity + ' (' + $json.cve.metrics.cvssMetricV40[0].cvssData.baseScore + ')'\n : $json.cve.metrics.cvssMetricV31\n ? $json.cve.metrics.cvssMetricV31[0].cvssData.baseSeverity + ' (' + $json.cve.metrics.cvssMetricV31[0].cvssData.baseScore + ')'\n : $json.cve.metrics.cvssMetricV30\n ? $json.cve.metrics.cvssMetricV30[0].cvssData.baseSeverity + ' (' + $json.cve.metrics.cvssMetricV30[0].cvssData.baseScore + ')'\n : $json.cve.metrics.cvssMetricV2\n ? $json.cve.metrics.cvssMetricV2[0].cvssData.baseSeverity + ' (' + $json.cve.metrics.cvssMetricV2[0].cvssData.baseScore + ')'\n : 'Unknown'\n}}" }, { "id": "992a9a62-3980-4287-8a47-4fb2e46220a5", "name": "references", "type": "string", "value": "={{ $json.cve.references[0].url }}" } ] } }, "typeVersion": 3.4 }, { "id": "45d4125a-338b-4821-a40f-7b95000e9a1d", "name": "\ud83d\udcd2 Processing", "type": "n8n-nodes-base.stickyNote", "position": [ -320, 448 ], "parameters": { "color": 3, "width": 298, "height": 226, "content": "## \u2699\ufe0f Data Processing\n\nExtracts key CVE information:\n- CVE ID and publication date\n- CVSS severity scores (v2-v4)\n- Vulnerability descriptions\n- Reference URLs\n\nFormats data for AI analysis" }, "typeVersion": 1 }, { "id": "c03e59c1-16ba-4d19-8c8c-0a029158ce35", "name": "Google Gemini Chat Model", "type": "@n8n/n8n-nodes-langchain.lmChatGoogleGemini", "position": [ 32, 400 ], "parameters": { "options": {}, "modelName": "models/gemini-2.5-pro" }, "credentials": { "googlePalmApi": { "name": "" } }, "typeVersion": 1 }, { "id": "65ffe2f0-c788-44c4-b8cd-d0b49a3ef6ea", "name": "CVE Summarizer", "type": "@n8n/n8n-nodes-langchain.agent", "position": [ 160, 192 ], "parameters": { "text": "=CVE: {{ $json.cve }}\nSeverity: {{ $json.severity }}\nPublished: {{ $json.published }}\nDescription: {{ $json.cve_descriptions }}\nRef: {{ $json.references }}`", "options": { "systemMessage": "=You are a CVE relevance analyzer for elite bug bounty hunters. You analyze CVE data and return **well-structured, Slack-ready assessments** with high exploitation value.\n\nYour audience is an elite-level bug bounty hunter. Your job is to extract only what helps them:\n* Decide if this CVE is worth their time\n* Find similar patterns on their targets \n* Use actionable testing strategies\n\n---\n\n**Mindset & Output Philosophy**\n\n* Focus only on real, actionable techniques for bug bounty testing\n* Do not explain basic vulnerability concepts\n* Think modularly - what can be reused, chained, or tested on other targets?\n* Your assessment should help the hunter immediately decide:\n -> \"Can I use this on my targets?\"\n -> \"Should I prioritize this?\"\n -> \"What should I test?\"\n\n---\n\n**Required Output Format** (Slack-Optimized)\n\n\n*CVE:* | *Severity:* SEVERITY-LEVEL\n\n\ud83c\udfaf *Bug Bounty Relevance:* HIGH/MEDIUM/LOW/NONE\n\n[1-2 precise lines explaining why this matters for bug bounty based on the exact CVE description - be specific to the vulnerability, not generic]\n\n*Strategy:* [One actionable technique - mass scan targets, test specific endpoints, check for patterns, etc.]\n\n\n---\n\n**Critical Formatting Rules**\n\n* Use Slack hyperlink format: `` \n* This creates a clickable \"Display Text\" that links to the URL\n* The URL itself will NOT be visible in Slack\n* Use asterisks for bold: `*Bold Text*`\n* Keep total response under 5 lines\n* Always include the exact CVE description as provided\n* Be brutally honest about bounty relevance\n\n---\n\n**Example Output:**\n\n\n*CVE:* | *Severity:* MEDIUM (5.1)\n\n\ud83c\udfaf *Bug Bounty Relevance:* HIGH\n\nObsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account.\n\n*Strategy:* Target apps with GitHub integrations; check localStorage, sessionStorage, and API responses for exposed tokens.\n\n\n**Low Relevance Example:**\n\n\n*CVE:* | *Severity:* HIGH (8.2)\n\n\ud83c\udfaf *Bug Bounty Relevance:* NONE\n\nKernel-level privilege escalation requiring local system access. Not testable through web interfaces or external attack surface.\n\n*Strategy:* Skip - infrastructure vulnerability outside bounty scope.\n\n\n---\n\n**Reminder**\n\nKeep all output Slack-safe, well-formatted, and directly useful for offensive testing. Your job is to surface only the **most operationally valuable** content for bug bounty hunting.\n\nAlways think: **\"What would a skilled bounty hunter test differently because of this CVE?\"**" }, "promptType": "define" }, "typeVersion": 2.2 }, { "id": "f8617b9c-00af-4d63-b652-0ecc30893058", "name": "\ud83d\udcd2 AI Analysis", "type": "n8n-nodes-base.stickyNote", "position": [ 96, -176 ], "parameters": { "color": 6, "width": 376, "height": 304, "content": "## \ud83e\udd16 AI Analysis\n\n**Setup:**\n1. Get Google Gemini API key from https://aistudio.google.com/\n2. Add to Google Gemini credentials\n\n**Features:**\n- Analyzes CVE relevance for bug bounty\n- Provides actionable testing strategies\n- Slack-formatted output\n- Filters noise from valuable insights" }, "typeVersion": 1 }, { "id": "e7efc350-1476-44c9-a1c4-269f5bd030b8", "name": "Send a message", "type": "n8n-nodes-base.slack", "position": [ 512, 192 ], "parameters": { "text": "={{ $json.output }}", "select": "channel", "channelId": { "__rl": true, "mode": "list", "value": "", "cachedResultName": "your-channel" }, "otherOptions": { "includeLinkToWorkflow": false } }, "credentials": { "slackApi": { "name": "" } }, "typeVersion": 2.3 }, { "id": "8483eb0f-02c9-4314-8264-551980e46053", "name": "\ud83d\udcd2 Slack Setup", "type": "n8n-nodes-base.stickyNote", "position": [ 768, 128 ], "parameters": { "color": 5, "width": 464, "height": 240, "content": "## \ud83d\udcac Slack Integration\n\n**Setup:**\n1. Create Slack app at https://api.slack.com/apps\n2. Add bot token scopes: chat:write, channels:read\n3. Install app to workspace\n4. Add bot token to Slack credentials\n5. Update channelId with your target channel\n\n**Receives formatted CVE assessments**" }, "typeVersion": 1 } ], "active": false, "settings": { "executionOrder": "v1" }, "versionId": "84076fbc-d57e-45a5-9dae-6d4379a950ea", "connections": { "Split Out": { "main": [ [ { "node": "Edit Fields", "type": "main", "index": 0 } ] ] }, "Edit Fields": { "main": [ [ { "node": "CVE Summarizer", "type": "main", "index": 0 } ] ] }, "HTTP Request": { "main": [ [ { "node": "Split Out", "type": "main", "index": 0 } ] ] }, "CVE Summarizer": { "main": [ [ { "node": "Send a message", "type": "main", "index": 0 } ] ] }, "Schedule Trigger": { "main": [ [ { "node": "HTTP Request", "type": "main", "index": 0 } ] ] }, "Google Gemini Chat Model": { "ai_languageModel": [ [ { "node": "CVE Summarizer", "type": "ai_languageModel", "index": 0 } ] ] } } }