Zum Inhalt

Baby-naptime Cheat Sheet

Baby-naptime Spickzettel

```bash # Clone the repository git clone https://github.com/faizann24/baby-naptime.git cd baby-naptime # Install dependencies pip install -r requirements.txt # Install system dependencies (Ubuntu/Debian) sudo apt-get install gdb g++ colorama # Set up OpenAI API key export OPENAI_API_KEY='your-openai-key-here' 
  </div>
</div>

> **Finde Schwachstellen während du schläfst!** - Eine Open-Source-Implementierung von Google's Project Naptime für automatisierte Schwachstellenentdeckung mit Large Language Models.

## Schnellstart

### Installation
```bash
# Analyze a C/C++ file
python run.py -c code/vulnerable.cpp

# Use specific LLM model
python run.py -c code/test.cpp -l gpt-4o

# Advanced analysis with custom settings
python run.py -c code/test.cpp -l o3-mini -k 15 -m 50
### Grundlegende Nutzung 
# Specify source code file to analyze
python run.py -c <code_file>
python run.py --code_file <code_file>
## Befehlszeilenoptionen ### Erforderliche Parameter 
# Set code directory for additional source files
python run.py -c main.cpp -d /path/to/source/

# Set maximum analysis iterations
python run.py -c main.cpp -m 100

# Choose LLM model
python run.py -c main.cpp -l gpt-4o
python run.py -c main.cpp -l gpt-4o-mini
python run.py -c main.cpp -l o3-mini
python run.py -c main.cpp -l o1-preview

# Set entry function for analysis
python run.py -c main.cpp -f main

# Control conversation history
python run.py -c main.cpp -k 14
### Optionale Parameter 
# GPT-3.5 Turbo (fastest, basic analysis)
python run.py -c code.cpp -l gpt-3.5-turbo

# GPT-4o (balanced performance and accuracy)
python run.py -c code.cpp -l gpt-4o

# GPT-4o Mini (cost-effective option)
python run.py -c code.cpp -l gpt-4o-mini

# O3 Mini (optimized for code analysis)
python run.py -c code.cpp -l o3-mini

# O1 Preview (advanced reasoning)
python run.py -c code.cpp -l o1-preview
## LLM Model-Optionen ### Verfügbare Modelle 
# 1. Prepare your vulnerable code
echo '#include <stdio.h>
int main() \\\\{
    char buffer[10];
    gets(buffer);  // Vulnerable function
    printf("Input: %s\n", buffer);
    return 0;
\\\\}' > vulnerable.c

# 2. Run baby-naptime analysis
python run.py -c vulnerable.c -l gpt-4o

# 3. Check results
ls results/
cat results/vulnerable_summary.md
## Analyseablauf ### Schritt-für-Schritt-Prozess 
# Analyze complex project with multiple files
python run.py -c main.cpp -d ./src/ -m 200 -k 20

# Focus on specific function
python run.py -c auth.cpp -f authenticate_user -l o3-mini

# Extended analysis with detailed history
python run.py -c network.cpp -k 30 -m 150
### Erweiterte Analyse 
# Set OpenAI API key (required)
export OPENAI_API_KEY='sk-your-api-key-here'

# Verify API key is set
echo $OPENAI_API_KEY

# Alternative: Create .env file
echo "OPENAI_API_KEY=sk-your-api-key-here" > .env
## Umgebungseinrichtung ### API-Schlüssel-Konfiguration 
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install gdb g++ python3-pip

# CentOS/RHEL
sudo yum install gdb gcc-c++ python3-pip

# macOS (with Homebrew)
brew install gdb
xcode-select --install
### Systemabhängigkeiten 
# Baby-naptime automatically uses GDB for:
# - Memory layout analysis
# - Crash reproduction
# - Exploit validation
# - Stack trace generation

# Manual GDB debugging (if needed)
gdb ./compiled_binary
(gdb) run
(gdb) bt
(gdb) info registers
## Debugging und Analyse ### GDB-Integration 
# Baby-naptime compiles with security mitigations disabled:
# -fno-stack-protector (disable stack canaries)
# -z execstack (enable executable stack)
# -no-pie (disable position independent executable)

# Manual compilation for testing
gcc -fno-stack-protector -z execstack -no-pie vulnerable.c -o vulnerable
### Binäre Kompilierung 
# Check generated reports
ls results/
cat results/[filename]_summary.md

# View detailed analysis
less results/[filename]_summary.md

# Copy results to another location
cp results/*.md /path/to/reports/
## Ausgabe und Berichterstattung ### Ergebnisdateien 
# Each report contains:
# - Executive summary
# - Technical analysis
# - Exploitation methodology
# - Working payload
# - Proof of concept
### Berichtsstruktur 
# Analyze buffer overflow vulnerabilities
python run.py -c buffer_overflow.c -l gpt-4o

# Focus on memory corruption
python run.py -c heap_overflow.cpp -l o3-mini -k 20
## Häufige Anwendungsfälle ### Buffer Overflow-Analyse 
# Analyze format string bugs
python run.py -c format_string.c -l gpt-4o-mini

# Extended analysis for complex cases
python run.py -c printf_vuln.c -m 100 -k 25
### Format-String-Schwachstellen 
# Analyze memory management issues
python run.py -c use_after_free.cpp -l o1-preview

# Focus on heap analysis
python run.py -c heap_vuln.c -l gpt-4o -k 30
### Use After Free-Erkennung 
# API key not set
export OPENAI_API_KEY='your-key-here'

# Missing dependencies
pip install -r requirements.txt
sudo apt-get install gdb g++

# Permission issues
chmod +x run.py
sudo chown $USER:$USER -R baby-naptime/

# Python version issues
python3 --version  # Should be 3.7+
pip3 install -r requirements.txt
## Fehlerbehebung ### Häufige Probleme 
# Enable verbose output
python run.py -c code.cpp -l gpt-4o --verbose

# Check system compatibility
python -c "import sys; print(sys.version)"
gdb --version
gcc --version
### Debug-Modus 
# Use faster models for initial screening
python run.py -c code.cpp -l gpt-3.5-turbo

# Optimize context history for speed
python run.py -c code.cpp -k 10 -m 50

# Use targeted analysis
python run.py -c code.cpp -f vulnerable_function
### Resource Management 
# Limit iterations for large codebases
python run.py -c large_project.cpp -m 75

# Manage memory usage
python run.py -c code.cpp -k 8

# Batch processing multiple files
for file in *.cpp; do
    python run.py -c "$file" -l gpt-4o-mini
done
## Integration Examples ### CI/CD Pipeline 
# Add to GitHub Actions
name: Security Analysis
run:|
  export OPENAI_API_KEY=$\\\\{\\\\{ secrets.OPENAI_API_KEY \\\\}\\\\}
  python run.py -c src/main.cpp -l gpt-4o-mini

# Jenkins integration
sh 'python run.py -c $\\\\{WORKSPACE\\\\}/src/main.cpp'
### Automated Scanning 
# Scan all C/C++ files in project
find . -name "*.cpp" -o -name "*.c"|while read file; do
    echo "Analyzing $file"
    python run.py -c "$file" -l gpt-4o-mini
done

# Generate combined report
cat results/*_summary.md > combined_security_report.md
## Best Practices ### Effective Usage 
# Start with faster models for initial assessment
python run.py -c code.cpp -l gpt-3.5-turbo

# Use advanced models for detailed analysis
python run.py -c critical_code.cpp -l o1-preview -k 25

# Maintain reasonable iteration limits
python run.py -c code.cpp -m 100  # Good balance

# Focus analysis on specific functions
python run.py -c auth.cpp -f login_handler
### Security Considerations 
# Always test in isolated environment
# Never run on production systems
# Obtain proper authorization before testing
# Review generated exploits carefully
# Use for educational/research purposes only
--- **Repository:** [https://github.com/faizann24/baby-naptime](https://github.com/faizann24/baby-naptime) **License:** GPL-3.0 **Language:** Python (94.7%), C++ (4.6%), C (0.7%) **Stars:** 151+|**Forks:** 19+