Cybershield — Attack Executor

The workflow JSON

Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →

{
  "name": "CyberShield \u2014 Attack Executor",
  "nodes": [
    {
      "parameters": {
        "httpMethod": "POST",
        "path": "attack-execute",
        "responseMode": "responseNode",
        "options": {}
      },
      "id": "node-webhook",
      "name": "Webhook",
      "type": "n8n-nodes-base.webhook",
      "typeVersion": 1,
      "position": [
        240,
        300
      ]
    },
    {
      "parameters": {
        "resource": "document",
        "operation": "find",
        "collection": "attack_templates",
        "query": "={{ JSON.stringify({ id: $json.body.attack_id }) }}",
        "options": {
          "limit": 1
        }
      },
      "id": "node-mongodb",
      "name": "MongoDB \u2014 Buscar plantilla",
      "type": "n8n-nodes-base.mongoDb",
      "typeVersion": 1,
      "position": [
        460,
        300
      ],
      "credentials": {
        "mongoDb": {
          "name": "<your credential>"
        }
      }
    },
    {
      "parameters": {
        "jsCode": "const webhookData = $('Webhook').first().json.body;\nconst raw = $('MongoDB \u2014 Buscar plantilla').first().json;\nconst tmpl = Array.isArray(raw) ? raw[0] : raw;\n\nconst parameters = webhookData.parameters || {};\nconst companyName = webhookData.company_name || 'Empresa Auditada';\nconst reportId = 'CS-RPT-' + new Date().toISOString().slice(0,10) + '-' + webhookData.attack_id;\n\nfunction buildCommand(str, params) {\n  if (!str) return '';\n  return Object.entries(params).reduce((cmd, [key, value]) => {\n    return cmd.replace(new RegExp('\\\\{\\\\{' + key + '\\\\}\\\\}', 'g'), value || '');\n  }, str);\n}\n\nconst useAlt = parameters.target_ip && parameters.target_ip.trim() !== '';\nconst finalCommand = buildCommand(\n  useAlt && tmpl.command_alt ? tmpl.command_alt : tmpl.command,\n  parameters\n);\n\nreturn [{\n  json: {\n    attack_id: webhookData.attack_id,\n    attack_name: tmpl.name,\n    mitre_id: tmpl.mitre_id,\n    risk_level: tmpl.risk_level,\n    wazuh_rule_id: tmpl.wazuh_rule_id,\n    description: tmpl.description,\n    command: finalCommand,\n    parameters: parameters,\n    company_name: companyName,\n    report_id: reportId,\n    start_timestamp: new Date().toISOString()\n  }\n}];"
      },
      "id": "node-code",
      "name": "Code \u2014 Construir comandos",
      "type": "n8n-nodes-base.code",
      "typeVersion": 2,
      "position": [
        680,
        300
      ]
    },
    {
      "parameters": {
        "resource": "command",
        "operation": "execute",
        "command": "={{ $json.command }}"
      },
      "id": "node-ssh-attack",
      "name": "SSH \u2014 Ejecutar ataque en Kali",
      "type": "n8n-nodes-base.ssh",
      "typeVersion": 1,
      "position": [
        900,
        300
      ],
      "credentials": {
        "sshPassword": {
          "name": "<your credential>"
        }
      }
    },
    {
      "parameters": {
        "method": "POST",
        "url": "http://host.docker.internal:3010/api/reports/generate",
        "sendHeaders": true,
        "headerParameters": {
          "parameters": [
            {
              "name": "Content-Type",
              "value": "application/json"
            }
          ]
        },
        "sendBody": true,
        "bodyContentType": "json",
        "jsonBody": "={{ JSON.stringify({ report_id: $('Code \u2014 Construir comandos').first().json.report_id, company_name: $('Code \u2014 Construir comandos').first().json.company_name, attack_id: $('Code \u2014 Construir comandos').first().json.attack_id, attack_name: $('Code \u2014 Construir comandos').first().json.attack_name, mitre_id: $('Code \u2014 Construir comandos').first().json.mitre_id, risk_level: $('Code \u2014 Construir comandos').first().json.risk_level, description: $('Code \u2014 Construir comandos').first().json.description, command_executed: $('Code \u2014 Construir comandos').first().json.command, parameters: $('Code \u2014 Construir comandos').first().json.parameters, ssh_output: $('SSH \u2014 Ejecutar ataque en Kali').first().json.stdout || '', ssh_exit_code: $('SSH \u2014 Ejecutar ataque en Kali').first().json.exitCode || 0, start_timestamp: $('Code \u2014 Construir comandos').first().json.start_timestamp, end_timestamp: new Date().toISOString(), wazuh_rule_id: $('Code \u2014 Construir comandos').first().json.wazuh_rule_id }) }}"
      },
      "id": "node-report",
      "name": "HTTP \u2014 Generar PDF",
      "type": "n8n-nodes-base.httpRequest",
      "typeVersion": 4,
      "position": [
        1120,
        300
      ]
    },
    {
      "parameters": {
        "respondWith": "json",
        "responseBody": "={{ JSON.stringify({ success: true, attack_id: $('Code \u2014 Construir comandos').first().json.attack_id, report_id: $('Code \u2014 Construir comandos').first().json.report_id, pdf_url: $json.pdf_url || '', ssh_exit_code: $('SSH \u2014 Ejecutar ataque en Kali').first().json.exitCode || 0, wazuh_rule_id: $('Code \u2014 Construir comandos').first().json.wazuh_rule_id, start_timestamp: $('Code \u2014 Construir comandos').first().json.start_timestamp }) }}",
        "options": {}
      },
      "id": "node-response",
      "name": "Webhook Response",
      "type": "n8n-nodes-base.respondToWebhook",
      "typeVersion": 1,
      "position": [
        1340,
        300
      ]
    }
  ],
  "connections": {
    "Webhook": {
      "main": [
        [
          {
            "node": "MongoDB \u2014 Buscar plantilla",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "MongoDB \u2014 Buscar plantilla": {
      "main": [
        [
          {
            "node": "Code \u2014 Construir comandos",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Code \u2014 Construir comandos": {
      "main": [
        [
          {
            "node": "SSH \u2014 Ejecutar ataque en Kali",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "SSH \u2014 Ejecutar ataque en Kali": {
      "main": [
        [
          {
            "node": "HTTP \u2014 Generar PDF",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "HTTP \u2014 Generar PDF": {
      "main": [
        [
          {
            "node": "Webhook Response",
            "type": "main",
            "index": 0
          }
        ]
      ]
    }
  },
  "settings": {
    "executionOrder": "v1"
  }
}

Credentials you'll need

Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.

• mongoDb
• sshPassword

About this workflow

CyberShield — Attack Executor. Uses mongoDb, ssh, httpRequest. Webhook trigger; 6 nodes.

Source: https://github.com/alexgc04/CyberShield-TFG/blob/7834323d7e19db1d166d84bc4520d4e401f21a5b/infrastructure/n8n-flows/attack-executor.json — original creator credit. Request a take-down →

More Data & Sheets workflows → · Browse all categories →

Related workflows

Workflows that share integrations, category, or trigger type with this one. All free to copy and import.