1337skills.com

Appearance

Baby-naptime Cheat Sheet

Find vulnerabilities while you sleep! - An open source implementation of Google's Project Naptime for automated vulnerability discovery using Large Language Models.

Quick Start

Installation

bash
# Clone the repository
git clone https://github.com/faizann24/baby-naptime.git
cd baby-naptime

# Install dependencies
pip install -r requirements.txt

# Install system dependencies (Ubuntu/Debian)
sudo apt-get install gdb g++ colorama

# Set up OpenAI API key
export OPENAI_API_KEY='your-openai-key-here'

Basic Usage

bash
# Analyze a C/C++ file
python run.py -c code/vulnerable.cpp

# Use specific LLM model
python run.py -c code/test.cpp -l gpt-4o

# Advanced analysis with custom settings
python run.py -c code/test.cpp -l o3-mini -k 15 -m 50

Command Line Options

Required Parameters

bash
# Specify source code file to analyze
python run.py -c <code_file>
python run.py --code_file <code_file>

Optional Parameters

bash
# Set code directory for additional source files
python run.py -c main.cpp -d /path/to/source/

# Set maximum analysis iterations
python run.py -c main.cpp -m 100

# Choose LLM model
python run.py -c main.cpp -l gpt-4o
python run.py -c main.cpp -l gpt-4o-mini
python run.py -c main.cpp -l o3-mini
python run.py -c main.cpp -l o1-preview

# Set entry function for analysis
python run.py -c main.cpp -f main

# Control conversation history
python run.py -c main.cpp -k 14

LLM Model Options

Available Models

bash
# GPT-3.5 Turbo (fastest, basic analysis)
python run.py -c code.cpp -l gpt-3.5-turbo

# GPT-4o (balanced performance and accuracy)
python run.py -c code.cpp -l gpt-4o

# GPT-4o Mini (cost-effective option)
python run.py -c code.cpp -l gpt-4o-mini

# O3 Mini (optimized for code analysis)
python run.py -c code.cpp -l o3-mini

# O1 Preview (advanced reasoning)
python run.py -c code.cpp -l o1-preview

Analysis Workflow

Step-by-Step Process

bash
# 1. Prepare your vulnerable code
echo '#include <stdio.h>
int main() {
    char buffer[10];
    gets(buffer);  // Vulnerable function
    printf("Input: %s\n", buffer);
    return 0;
}' > vulnerable.c

# 2. Run baby-naptime analysis
python run.py -c vulnerable.c -l gpt-4o

# 3. Check results
ls results/
cat results/vulnerable_summary.md

Advanced Analysis

bash
# Analyze complex project with multiple files
python run.py -c main.cpp -d ./src/ -m 200 -k 20

# Focus on specific function
python run.py -c auth.cpp -f authenticate_user -l o3-mini

# Extended analysis with detailed history
python run.py -c network.cpp -k 30 -m 150

Environment Setup

API Key Configuration

bash
# Set OpenAI API key (required)
export OPENAI_API_KEY='sk-your-api-key-here'

# Verify API key is set
echo $OPENAI_API_KEY

# Alternative: Create .env file
echo "OPENAI_API_KEY=sk-your-api-key-here" > .env

System Dependencies

bash
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install gdb g++ python3-pip

# CentOS/RHEL
sudo yum install gdb gcc-c++ python3-pip

# macOS (with Homebrew)
brew install gdb
xcode-select --install

Debugging and Analysis

GDB Integration

bash
# Baby-naptime automatically uses GDB for:
# - Memory layout analysis
# - Crash reproduction
# - Exploit validation
# - Stack trace generation

# Manual GDB debugging (if needed)
gdb ./compiled_binary
(gdb) run
(gdb) bt
(gdb) info registers

Binary Compilation

bash
# Baby-naptime compiles with security mitigations disabled:
# -fno-stack-protector (disable stack canaries)
# -z execstack (enable executable stack)
# -no-pie (disable position independent executable)

# Manual compilation for testing
gcc -fno-stack-protector -z execstack -no-pie vulnerable.c -o vulnerable

Output and Reporting

Result Files

bash
# Check generated reports
ls results/
cat results/[filename]_summary.md

# View detailed analysis
less results/[filename]_summary.md

# Copy results to another location
cp results/*.md /path/to/reports/

Report Structure

bash
# Each report contains:
# - Executive summary
# - Technical analysis
# - Exploitation methodology
# - Working payload
# - Proof of concept

Common Use Cases

Buffer Overflow Analysis

bash
# Analyze buffer overflow vulnerabilities
python run.py -c buffer_overflow.c -l gpt-4o

# Focus on memory corruption
python run.py -c heap_overflow.cpp -l o3-mini -k 20

Format String Vulnerabilities

bash
# Analyze format string bugs
python run.py -c format_string.c -l gpt-4o-mini

# Extended analysis for complex cases
python run.py -c printf_vuln.c -m 100 -k 25

Use After Free Detection

bash
# Analyze memory management issues
python run.py -c use_after_free.cpp -l o1-preview

# Focus on heap analysis
python run.py -c heap_vuln.c -l gpt-4o -k 30

Troubleshooting

Common Issues

bash
# API key not set
export OPENAI_API_KEY='your-key-here'

# Missing dependencies
pip install -r requirements.txt
sudo apt-get install gdb g++

# Permission issues
chmod +x run.py
sudo chown $USER:$USER -R baby-naptime/

# Python version issues
python3 --version  # Should be 3.7+
pip3 install -r requirements.txt

Debug Mode

bash
# Enable verbose output
python run.py -c code.cpp -l gpt-4o --verbose

# Check system compatibility
python -c "import sys; print(sys.version)"
gdb --version
gcc --version

Performance Optimization

Efficient Analysis

bash
# Use faster models for initial screening
python run.py -c code.cpp -l gpt-3.5-turbo

# Optimize context history for speed
python run.py -c code.cpp -k 10 -m 50

# Use targeted analysis
python run.py -c code.cpp -f vulnerable_function

Resource Management

bash
# Limit iterations for large codebases
python run.py -c large_project.cpp -m 75

# Manage memory usage
python run.py -c code.cpp -k 8

# Batch processing multiple files
for file in *.cpp; do
    python run.py -c "$file" -l gpt-4o-mini
done

Integration Examples

CI/CD Pipeline

bash
# Add to GitHub Actions
name: Security Analysis
run: |
  export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}
  python run.py -c src/main.cpp -l gpt-4o-mini
  
# Jenkins integration
sh 'python run.py -c ${WORKSPACE}/src/main.cpp'

Automated Scanning

bash
# Scan all C/C++ files in project
find . -name "*.cpp" -o -name "*.c" | while read file; do
    echo "Analyzing $file"
    python run.py -c "$file" -l gpt-4o-mini
done

# Generate combined report
cat results/*_summary.md > combined_security_report.md

Best Practices

Effective Usage

bash
# Start with faster models for initial assessment
python run.py -c code.cpp -l gpt-3.5-turbo

# Use advanced models for detailed analysis
python run.py -c critical_code.cpp -l o1-preview -k 25

# Maintain reasonable iteration limits
python run.py -c code.cpp -m 100  # Good balance

# Focus analysis on specific functions
python run.py -c auth.cpp -f login_handler

Security Considerations

bash
# Always test in isolated environment
# Never run on production systems
# Obtain proper authorization before testing
# Review generated exploits carefully
# Use for educational/research purposes only

Repository: https://github.com/faizann24/baby-naptime
License: GPL-3.0
Language: Python (94.7%), C++ (4.6%), C (0.7%)
Stars: 151+ | Forks: 19+