researcher

n8n Research Pipeline

Webhook → Perplexity (sonar-pro) → Claude → Obsidian markdown note

Companion workflow JSON: [[researcher_workflow.json]]

Setup

1. Import the Workflow

Open n8n → Workflows → Import from file
Select researcher_workflow.json
Save and activate

2. Create Credentials

Perplexity API Key

Get key: perplexity.ai/settings/api

In n8n → Credentials → New → HTTP Header Auth:

Name:   Authorization
Value:  Bearer YOUR_PERPLEXITY_API_KEY

Then in the Perplexity Research node → select this credential.

Claude (Anthropic)

Get key: console.anthropic.com

In the Claude Structure node HTTP headers:

x-api-key: YOUR_ANTHROPIC_API_KEY

Or create an HTTP Header Auth credential and reference it.

Swap to OpenAI instead: Change the Claude Structure node URL to https://api.openai.com/v1/chat/completions, add Authorization: Bearer YOUR_OPENAI_KEY, change body to messages format and model: gpt-4o-mini.

3. Confirm Output Path

In the Build Markdown node (Code node), verify this line matches your vault:

const vaultBase = '/Users/tester/Documents/atoz/Published/3. LLM/3.5 n8n/Research Output';

Create the folder if it doesn't exist:

mkdir -p "/Users/tester/Documents/atoz/Published/3. LLM/3.5 n8n/Research Output"

4. Docker Note (if applicable)

If running n8n in Docker, add a volume mount:

docker run -v /Users/tester/Documents/atoz:/vault n8nio/n8n

Then change vaultBase to:

const vaultBase = '/vault/Published/3. LLM/3.5 n8n/Research Output';

Usage

Send a POST request to the webhook:

# Basic query
curl -X POST http://localhost:5678/webhook/research \
  -H "Content-Type: application/json" \
  -d '{"topic": "Kerberoasting attack techniques"}'

# Cloud topic (auto-classified)
curl -X POST http://localhost:5678/webhook/research \
  -H "Content-Type: application/json" \
  -d '{"topic": "AWS IAM privilege escalation assume role"}'

# Web topic
curl -X POST http://localhost:5678/webhook/research \
  -H "Content-Type: application/json" \
  -d '{"topic": "SSRF bypass techniques in cloud environments"}'

The webhook URL is shown in n8n under the Webhook Trigger node → Production URL.

Success Response

{
  "status": "success",
  "topic": "Kerberoasting attack techniques",
  "category": "Active Directory",
  "filename": "2026-02-20-kerberoasting-attack-techniques.md",
  "filePath": "/Users/tester/.../Research Output/2026-02-20-kerberoasting-attack-techniques.md",
  "charCount": 4821,
  "citations": 7,
  "message": "Note saved to Obsidian: 2026-02-20-kerberoasting-attack-techniques.md"
}

The note appears in Obsidian immediately.

Pipeline

Node	Type	Purpose
Webhook Trigger	Webhook	Receives POST `{"topic": "..."}`
Parse & Classify	Code	Extracts topic, auto-detects category (AD / Cloud / Web / Exploit Dev / OSINT)
Perplexity Research	HTTP Request	`sonar-pro` with citations, recency filter
Merge Research Data	Code	Merges Perplexity output with metadata
Claude Structure	HTTP Request	Formats into 8-section cheatsheet markdown
Build Markdown	Code	Adds YAML frontmatter, assembles final `.md`
Prepare File Binary	Code	Encodes markdown as base64 binary
Write to Obsidian	Write Binary File	Saves `.md` to vault path
Return Confirmation	Respond to Webhook	Returns JSON with file path and status

Category Auto-Detection

Keywords in topic	Detected Category	Prompt tuning
AD, Kerberos, DACL, BloodHound, NTLM...	Active Directory	AD chain: enum → exploit → persist
AWS, Azure, GCP, IAM, S3, bucket...	Cloud	IAM escalation, metadata, storage misconfigs
XSS, SQLi, SSRF, RCE, IDOR, JWT, API...	Web	Webapp chains, payloads, bypass
CVE, exploit, buffer overflow, heap, ROP...	Exploit Dev	Vuln class, bug mechanics, PoC
OSINT, recon, Shodan, subfinder, amass...	OSINT	Passive/active recon, pivots
(anything else)	General	Generic attack techniques

Output Note Structure

Each generated note has:

---
dg-publish: true
topic: "..."
category: ...
generated: 2026-02-20T...
source: n8n-researcher
citations: N
---

## BLUF
## Background
## Attack Flow
## Commands & Payloads
## Tools
## CVEs & Vulnerabilities
## Misconfigurations Checklist
## Detection
## References

Cost Estimate

Call	Model	~Cost
Perplexity research	`sonar-pro`	~$0.04
Claude structuring	`claude-3-5-sonnet`	~$0.05
Per query total		~$0.09

Phase Roadmap

Phase 1: Webhook trigger → Perplexity → Claude → Obsidian (current)
Phase 2: WhatsApp Business Cloud trigger + reply confirmation
Phase 3: Per-category prompt specialization + query history log
Phase 4: Embed notes into vector DB (pgvector/Chroma) → RAG queries against your own vault