CalvinBackup/shannon
1
0
Fork 0
mirror of https://github.com/KeygraphHQ/shannon.git synced 2026-02-12 17:22:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: update injection display name and add max tokens docs

Browse Source 
- Change agent prefix from [SQLi/Cmd] to [Injection] to reflect expanded scope
- Add README documentation for CLAUDE_CODE_MAX_OUTPUT_TOKENS environment variable

This update aligns the display naming with the expanded injection analysis scope
that now covers SQLi, Command Injection, LFI/RFI, SSTI, Path Traversal, and
Insecure Deserialization vulnerabilities.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
ajmallesh
2025-11-03 10:21:17 -08:00
parent 4224d1c4f4
commit 939398074f
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -99,6 +99,16 @@ Shannon is available in two editions:
You need either a **Claude Code OAuth token** or an **Anthropic API key** to run Shannon. Get your token from the [Anthropic Console](https://console.anthropic.com) and pass it to Docker via the `-e` flag.
### Environment Configuration (Optional)
To prevent Claude Code from hitting token limits during long report generation, set the max output tokens before running Shannon:
```bash
export CLAUDE_CODE_MAX_OUTPUT_TOKENS=64000
```
This is especially useful for extensive penetration testing reports or when analyzing large codebases.
### Quick Start with Docker
#### Build the Container

6
src/utils/output-formatter.js
View File

@@ -45,12 +45,12 @@ function summarizeTodoUpdate(input) {
export function getAgentPrefix(description) {
// Map agent names to their prefixes
const agentPrefixes = {
'injection-vuln': '[SQLi/Cmd]',
'injection-vuln': '[Injection]',
'xss-vuln': '[XSS]',
'auth-vuln': '[Auth]',
'authz-vuln': '[Authz]',
'ssrf-vuln': '[SSRF]',
'injection-exploit': '[SQLi/Cmd]',
'injection-exploit': '[Injection]',
'xss-exploit': '[XSS]',
'auth-exploit': '[Auth]',
'authz-exploit': '[Authz]',
@@ -65,7 +65,7 @@ export function getAgentPrefix(description) {
}
// Fallback to partial matches for backwards compatibility
if (description.includes('injection')) return '[SQLi/Cmd]';
if (description.includes('injection')) return '[Injection]';
if (description.includes('xss')) return '[XSS]';
if (description.includes('authz')) return '[Authz]'; // Check authz before auth
if (description.includes('auth')) return '[Auth]';