Skip to main content

Cyberstrike is now open source! AI-powered penetration testing for security professionals. Star on GitHub

On this page

Memory Tool

The Memory tool provides persistent storage for findings, context, and information that should be retained across sessions.

📸 SCREENSHOT: memory-storage.png

Memory tool storage interface

Overview

The Memory tool enables:

  • Storing security findings
  • Tracking tested assets
  • Maintaining target information
  • Preserving context across sessions
  • Building knowledge bases

Basic Usage

Store Information 

> Remember that the target uses PostgreSQL 14.2 on port 5432

Retrieve Information 

> What do we know about the target's database?

List All Memories 

> Show all stored memories

Storage Types

Findings 

> Remember: SQL injection found in /api/users?id= parameter

Stored with:

  • Finding details
  • Severity
  • Evidence
  • Timestamp

Target Information 

> Remember the target's technology stack: React frontend, Node.js backend, PostgreSQL database

Credentials 

> Remember discovered credentials: admin:Welcome123 (hash: 5f4dcc3b5aa765d61d8327deb882cf99)

Caution

Credentials are stored locally. Ensure proper security of your workstation.

Attack Surface 

> Remember discovered endpoints:
- /api/users (GET, POST, DELETE)
- /api/admin (GET) - requires auth
- /api/config (GET) - returns sensitive data

Memory Organization

Categories

Organize memories by category:

> Remember [recon]: Subdomain api.target.com resolves to 104.21.50.123
> Remember [vulns]: XSS in search parameter on main site
> Remember [creds]: Service account found in config file

Tags

Add tags for easy retrieval:

> Remember #critical: RCE vulnerability in upload function

Priority

Mark important findings:

> Remember as high priority: Unauthenticated admin endpoint discovered

Retrieval

By Category 

> Show all vulnerability findings

By Keyword 

> What do we know about authentication?

By Tag 

> Show all #critical memories

Recent Memories 

> Show memories from this session

Security Testing Workflow

Reconnaissance Phase 

> Remember discovered subdomains:
- api.target.com (live)
- admin.target.com (login page)
- staging.target.com (test environment)
- dev.target.com (development)

Enumeration Phase 

> Remember open ports on 192.168.1.100:
- 22/tcp SSH OpenSSH 8.2p1
- 80/tcp HTTP Apache 2.4.41
- 443/tcp HTTPS Apache 2.4.41
- 3306/tcp MySQL 8.0.23

Vulnerability Phase 

> Remember confirmed vulnerabilities:
1. SQL Injection in /login (Critical)
2. XSS in /search (High)
3. IDOR in /api/users/{id} (High)
4. Information disclosure in /api/config (Medium)

Exploitation Phase 

> Remember exploitation results:
- SQLi exploited: extracted users table
- Admin access achieved via IDOR
- Shell obtained through upload bypass

Cross-Session Persistence

Session Continuity 

> Continue from last session - what were we testing?

The agent recalls:

  • Previous target
  • Discovered information
  • Pending tests
  • Findings

Project Memory

Memories are scoped to projects:

project-a/
  .cyberstrike/
    memory/
      findings.json
      targets.json
      context.json

Memory Management

Delete Memory 

> Forget the old database credentials

Clear All 

> Clear all memories for this project

Export Memories 

> Export all findings to findings-export.json

Import Memories 

> Import memories from previous-assessment.json

Structured Data

JSON Storage 

> Remember target configuration:
{
  "host": "192.168.1.100",
  "ports": [22, 80, 443],
  "services": ["ssh", "http", "https"],
  "os": "Ubuntu 20.04"
}

Tables 

> Remember port scan results as table:
| Port | Service | Version | Vulnerability |
|------|---------|---------|---------------|
| 22 | SSH | OpenSSH 8.2p1 | None |
| 80 | HTTP | Apache 2.4.41 | CVE-2021-41773 |

Integration with Agents

Web Application Agent

Automatically stores:

  • Discovered endpoints
  • Form parameters
  • Authentication flows
  • Vulnerability findings

Bug Hunter Agent

Automatically stores:

  • Subdomains
  • Technologies
  • Interesting parameters
  • Potential vulnerabilities

Internal Network Agent

Automatically stores:

  • Live hosts
  • Open ports
  • Service versions
  • Credential findings

Reporting

Generate Report from Memory 

> Generate security report from all findings

Uses stored memories to create:

  • Executive summary
  • Technical findings
  • Evidence compilation
  • Remediation recommendations

Timeline 

> Show timeline of findings

Displays chronological view of discoveries.

Best Practices

  1. Store immediately - Record findings as you discover them
  2. Be specific - Include details for reproducibility
  3. Categorize - Use consistent categories
  4. Include evidence - Reference screenshots and logs
  5. Regular review - Check and clean up memories

Tip

Use memory to track which assets have been tested to avoid duplicate work.

Related Documentation