🛡️ n8n Phishing URL Checker

This project uses n8n and the VirusTotal API to determine if a submitted URL is malicious, suspicious, or harmless.

🔍 Features

• Accepts URLs via a public webhook
• Encodes and submits them to VirusTotal
• Extracts detailed scan results
• Sends a summarized report to your email

🛠️ Tools Used

• n8n (Self-hosted)
• VirusTotal API
• Gmail SMTP
• cURL for testing

🧰 Workflow Overview

1. Webhook accepts JSON input:

   {
     "suspicious_url": "http://example.com/phish"
   }

2. Function Node encodes the URL to base64.
3. HTTP Request sends encoded URL to VirusTotal:

   https://www.virustotal.com/api/v3/urls/{{encoded_url}}

4. Set Node extracts malicious, harmless, suspicious, undetected counts.
5. Email Node sends report to your inbox.

📊 Sample Output

Malicious: 0
Suspicious: 0
Harmless: 85
Undetected: 8
  

📷 Workflow Diagram

🔄 Try It Locally

curl -X POST http://localhost:5678/webhook-test/phishing-check \
  -H "Content-Type: application/json" \
  -d '{"suspicious_url": "http://example.com/phish"}'
  

🚰 Setup Notes

• Use Gmail App Passwords (not your main password)
• VirusTotal has request limits on free accounts
• Keep API keys secure. Never push secrets to GitHub