npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

n8n-nodes-dfir-platform

v0.1.0

Published

n8n community node for the DFIR Platform API — phishing analysis, IOC enrichment, exposure scanning, and AI triage

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dfir-labdfir-lab

Keywords

n8nn8n-community-node-packagenodemationdfirphishingiocsecuritythreat-intelligenceincident-responseexposure-scanai-triage

Readme

n8n-nodes-dfir-platform

An n8n community node for the DFIR Platform API by DFIR Lab.

Automate security operations directly from your n8n workflows: analyze phishing emails, enrich IOCs, scan domain attack surfaces, and triage alerts with AI.

Prerequisites

  • An n8n instance (self-hosted or cloud)
  • A DFIR Platform API key -- sign up at platform.dfir-lab.ch
  • API credits (each operation consumes credits from your account)

Installation

Via n8n Community Nodes UI

  1. Go to Settings > Community Nodes
  2. Click Install a community node
  3. Enter n8n-nodes-dfir-platform
  4. Click Install

Manual Installation

cd ~/.n8n/nodes
npm install n8n-nodes-dfir-platform

Restart your n8n instance after installation.

Configuration

  1. Open any workflow in n8n
  2. Add the DFIR Platform node
  3. Create new credentials:
    • Enter your DFIR Platform API key
    • The connection is tested automatically against the API health endpoint
  4. Select a resource and operation

Operations

Phishing Analysis

Analyze phishing emails using 26+ analysis modules.

  • Input: EML file as binary data
  • Output: Comprehensive analysis including headers, URLs, attachments, sender reputation, and more
  • Endpoint: POST /v1/phishing/analyze

IOC Enrichment

Enrich indicators of compromise from 14+ intelligence sources.

  • Input: IOC value + type (IP, domain, hash, or URL)
  • Output: Aggregated threat intelligence data, risk scores, and context
  • Endpoint: POST /v1/ioc/enrich

Exposure Scan

Scan a domain's attack surface using 11 providers.

  • Input: Domain name
  • Output: Open ports, subdomains, certificates, DNS records, technologies, and vulnerabilities
  • Endpoint: POST /v1/exposure/scan

AI Triage

AI-powered security alert triage with MITRE ATT&CK mapping.

  • Input: Alert data as JSON (title, description, raw logs, etc.)
  • Output: Severity classification, MITRE ATT&CK technique mapping, recommended response actions
  • Endpoint: POST /v1/ai/triage

Usage Examples

Phishing Analysis Workflow

  1. Email Trigger (IMAP) -- receive forwarded suspicious emails
  2. DFIR Platform (Phishing Analysis) -- analyze the EML
  3. IF node -- check if verdict is malicious
  4. Slack -- notify the SOC channel with findings

IOC Enrichment Workflow

  1. Webhook -- receive IOC from SIEM/SOAR
  2. DFIR Platform (IOC Enrichment) -- enrich the indicator
  3. Google Sheets -- log results to a tracker
  4. TheHive -- create an alert if risk score is high

Automated Exposure Monitoring

  1. Schedule Trigger -- run weekly
  2. DFIR Platform (Exposure Scan) -- scan your domains
  3. Compare -- diff against previous scan
  4. Email -- send report of new findings

Credits

Each API call consumes credits from your DFIR Platform account. Credit usage varies by operation:

| Operation | Credits per call | |-------------------|-----------------| | Phishing Analysis | 5 | | IOC Enrichment | 1 | | Exposure Scan | 10 | | AI Triage | 3 |

Monitor your credit balance at platform.dfir-lab.ch.

Screenshots

Screenshots coming soon.

Support

License

MIT