Welcome back! In the previous chapter, Tool Use - Read Recon Data, our agent successfully loaded the "blueprint" of the website. It now knows where every page and input box is located.
But knowing where a door is located doesn't tell you if the lock is broken. We need deeper technical details. We need to know how the website reacts when we poke it.
Imagine you are a locksmith trying to open a locked safe.
That "clicking sound" is a clue. In software security, "Injection Analysis" is a report detailing how the website behaves when we send it confusing data (like unexpected symbols or code).
Our agent is targeting http://localhost:33081. It knows there is a search bar (from Recon). Now, it needs to read a specific report (deliverables/injection_analysis_deliverable.md) to see if anyone has already tested that search bar for Injection Vulnerabilities—weaknesses that let us sneak commands into the server.
')." This suggests the server is confused—a potential weakness!We are going to use the agent's file-reading capability again. This time, we are targeting the most technical document in our arsenal.
We tell the agent where to find the technical analysis file.
# The path to the deep analysis report
analysis_path = "deliverables/injection_analysis_deliverable.md"
print(f"Loading technical analysis from: {analysis_path}")
Output: Loading technical analysis from: deliverables/injection_analysis_deliverable.md
We command the agent to ingest the text.
# The agent reads the file into its memory
analysis_data = agent.tools.read_file(analysis_path)
# Verify we got data
print(f"Analysis loaded. Size: {len(analysis_data)} characters.")
Output:
Analysis loaded. Size: 3200 characters.
Let's see what kind of information is inside this report.
# Print the first few lines to check the content
print(analysis_data[:150])
Output:
# Injection Analysis
## Parameter: 'id'
- Observation: Inputting ' caused a 500 Server Error.
- Potential: SQL Injection possible.
Interpretation: The agent just learned a crucial fact. The id parameter breaks the server when a single quote is used. This is the "broken lock" we were looking for!
How does the agent distinguish this file from the others? Technically, the reading process is the same, but the destination in the agent's brain is different.
The agent reads the file and categorizes it as "Vulnerability Context."
The code uses the standard file reader we've seen before, but let's look at how the agent might decide to store this specific data. This logic usually lives in shannon/agent_core.py.
class Agent:
def gather_injection_data(self):
path = "deliverables/injection_analysis_deliverable.md"
# 1. Use the tool to get raw text
content = self.tools.read_file(path)
# 2. Save it to a specific part of memory
self.knowledge_base["injection_analysis"] = content
return "Analysis Ingested"
Explanation:
self.tools.read_file(path): This reuses the code from previous chapters to handle the operating system operations (opening/closing files).self.knowledge_base["injection_analysis"]: This is the key difference. The agent doesn't just read the text; it files it away in a specific "folder" in its brain labeled "Injection Analysis." When it needs to attack later, it will look in this specific folder for clues.Let's review what our Agent has:
The agent is now fully informed. It has studied the target completely. It is time to stop reading and start thinking.
The next step is to take all these clues (the map + the weakness report) and officially decide: "Yes, this is a vulnerability."
In the next chapter, we will learn how the agent processes this data to confirm a security hole.
Next Chapter: Vulnerability Identification
Generated by Code IQ