WEBVTT

00:00.720 --> 00:02.280
Hello everyone and welcome.

00:02.280 --> 00:08.200
From this video onwards we will start creating a project for running the web security vulnerability

00:08.360 --> 00:09.680
using crew I.

00:10.160 --> 00:16.680
For that, we'll first create the agent and the task that would do the execution and the logic and thinking

00:16.800 --> 00:18.560
behind the agent experience.

00:18.840 --> 00:23.320
For that, I have created Pentest agent as a project in my IDE.

00:23.880 --> 00:24.960
As a source directory.

00:24.960 --> 00:29.560
In my source directory I will create another directory by the name config.

00:30.280 --> 00:35.800
In here I will go ahead and create a yml file by the name Pentest agent.

00:37.320 --> 00:40.480
So in here we'll create a planner agent to begin with.

00:40.640 --> 00:43.400
So this will be Pentest planner agent.

00:43.760 --> 00:45.960
Each agent has different components to it.

00:46.400 --> 00:47.760
One of them is the role.

00:48.040 --> 00:53.360
So I'm going to give it a role and say that this is a web application Pentest agent.

00:53.840 --> 00:57.920
This defines the agent's function and expertise within the crew.

00:58.400 --> 00:59.600
Then there is a goal.

00:59.830 --> 01:03.830
So the goal defines an objective that guides the agent's decision making.

01:04.750 --> 01:08.190
So since this was a long text, I copied it over.

01:08.630 --> 01:16.790
The goal is to perform comprehensive penetration testing on web applications to uncover and report vulnerability

01:16.870 --> 01:18.510
using advanced techniques.

01:19.070 --> 01:22.830
Then the other component of the planner agent is a back story.

01:23.230 --> 01:28.670
Back story provides context and personality to the agent for enriching the interactions.

01:29.550 --> 01:34.670
So here I again used an existing text since it's a long text to write.

01:35.030 --> 01:42.870
So as a seasoned web application, pentester you excel at simulated cyber attacks, pinpoint the weakness

01:42.870 --> 01:50.150
in the web application, and use knowledge of the web technologies and security practices to safeguard

01:50.150 --> 01:53.350
numerous application and their potential threats.

01:53.750 --> 01:57.550
That's the back story for this particular planner agent.

01:57.790 --> 02:01.660
Now that we have created an agent, let's go ahead and create a task.

02:01.900 --> 02:07.660
So for that, I'll create another yml file by the name Pentest tasks.

02:08.740 --> 02:15.740
So here the task is basically a specific assignment that will be used by an agent to complete its task.

02:16.180 --> 02:21.260
So here this task is specifically around web security vulnerability scan.

02:21.460 --> 02:23.380
That's the task that we want to give.

02:23.620 --> 02:28.940
And there is description to it as to what exactly we want this task to do.

02:29.380 --> 02:31.140
I used an existing text.

02:31.180 --> 02:32.420
I'll walk you over this.

02:32.460 --> 02:37.900
It says analyze the results of a recent cybersecurity scan from the Hackthissite.

02:37.900 --> 02:45.220
Org, and conduct thorough internet research to fact check and identify potential solutions for the

02:45.220 --> 02:48.740
issues and vulnerability highlighted in the scan.

02:49.740 --> 02:51.460
So that's the description of this.

02:51.460 --> 02:54.460
And then we can also say how we want to get the output.

02:54.460 --> 02:56.500
So we say expected output.

02:56.660 --> 03:00.410
So in this scenario I will use an existing text.

03:00.690 --> 03:01.530
Copy it.

03:01.730 --> 03:08.370
It says produce a detailed report that includes both original cybersecurity scan results and the findings

03:08.370 --> 03:09.490
from your research.

03:10.290 --> 03:17.090
And then you say the report should explain identified vulnerability, assess its potential impact and

03:17.090 --> 03:19.770
the purpose relevant mitigation strategies.

03:20.170 --> 03:26.970
So what this expected output does is gives a needed description of what the task completion should look

03:26.970 --> 03:27.450
like.

03:28.370 --> 03:35.810
So now we have created a gigantic task and a web planner agent here that would help us execute the agent

03:35.810 --> 03:41.170
experience, where we would run the web security vulnerability task with the agent.

03:41.530 --> 03:48.050
Now let's go ahead and create a tool which will execute the Zap proxy tool and get us the results.

03:48.450 --> 03:53.770
Using that results, the agent will do the agent take calls and create a report out of it.

03:53.850 --> 03:55.970
So I'll see you in the next video.