In reality, an attacker won't find every possible piece of information about a system during reconnaissance. In fact, it is unlikely they will even try to. They are more likely to look for systems which they know have vulnerabilities, which is where the cross-over with weaponization occurs.
An attacker will want to know the easiest, least costly, lowest risk path to their aims. In terms of the castle attack, the attacking force may have identified that the castle walls are of a certain construction. The weaponization phase might involve finding that this particular design has shallow foundations, which would allow a tunnel to be dug beneath it.
Again, we need to recognize that the attacker's aims may not just be technological (data theft, compromise, or denial). If an attacker's aim is to discredit the organization, an attack might consist of simply demonstrating that an organization has a security blind spot, even if they don't attempt to leverage it at all.
During weaponization, the attacker looks to find an exploit that might be effective against the vulnerable systems that have been identified during reconnaissance. For example, if the reconnaissance showed up Java files, they may look for exploits for vulnerabilities in Java rather than a hardware vulnerability that might be rarer and harder to access.
A popular tool is the Metasploit framework, which includes a searchable list of vulnerabilities that the attacker can match against the technologies that are found in reconnaissance.
Alternatively, Nessus can be used to uncover vulnerabilities during a scan and automatically map possible exploits. Note that, because this system is performing both a scan and identifying exploits, this crosses over between reconnaissance and weaponization.
In terms of personnel, the attacker may already have weapons (for example, incriminating information which could be used to blackmail them), but it's likely they would have to figure out a way to weaponize it. Therefore, an attacker may have discovered that a particularly high-value target often goes to a certain pub. They may then also attend the pub to find more information (still reconnaissance), with the aim of finding a vulnerability (weaponization).