Zum Inhalt

Baby-Naptime Cheat Sheet

generieren

** Verwundbarkeiten beim Schlafen finden!* - Eine Open-Source-Implementierung von Google's Project Naptime zur automatisierten Verwundbarkeitsentdeckung mit Large Language Models.

Schneller Start

Installation

```bash

Clone the repository

git clone https://github.com/faizann24/baby-naptime.git cd baby-naptime

Install dependencies

pip install -r requirements.txt

Install system dependencies (Ubuntu/Debian)

sudo apt-get install gdb g++ colorama

Set up OpenAI API key

export OPENAI_API_KEY='your-openai-key-here' ```_

Basisnutzung

```bash

Analyze a C/C++ file

python run.py -c code/vulnerable.cpp

Use specific LLM model

python run.py -c code/test.cpp -l gpt-4o

Advanced analysis with custom settings

python run.py -c code/test.cpp -l o3-mini -k 15 -m 50 ```_

Kommandozeilenoptionen

Erforderliche Parameter

```bash

Specify source code file to analyze

python run.py -c python run.py --code_file ```_

Optionale Parameter

```bash

Set code directory for additional source files

python run.py -c main.cpp -d /path/to/source/

Set maximum analysis iterations

python run.py -c main.cpp -m 100

Choose LLM model

python run.py -c main.cpp -l gpt-4o python run.py -c main.cpp -l gpt-4o-mini python run.py -c main.cpp -l o3-mini python run.py -c main.cpp -l o1-preview

Set entry function for analysis

python run.py -c main.cpp -f main

Control conversation history

python run.py -c main.cpp -k 14 ```_

LLM Modelloptionen

Verfügbare Modelle

```bash

GPT-3.5 Turbo (fastest, basic analysis)

python run.py -c code.cpp -l gpt-3.5-turbo

GPT-4o (balanced performance and accuracy)

python run.py -c code.cpp -l gpt-4o

GPT-4o Mini (cost-effective option)

python run.py -c code.cpp -l gpt-4o-mini

O3 Mini (optimized for code analysis)

python run.py -c code.cpp -l o3-mini

O1 Preview (advanced reasoning)

python run.py -c code.cpp -l o1-preview ```_

Analyse-Workflow

Schritt für Schritt Prozess

```bash

1. Prepare your vulnerable code

echo '#include int main() \\{ char buffer[10]; gets(buffer); // Vulnerable function printf("Input: %s\n", buffer); return 0; \\}' > vulnerable.c

2. Run baby-naptime analysis

python run.py -c vulnerable.c -l gpt-4o

3. Check results

ls results/ cat results/vulnerable_summary.md ```_

Erweiterte Analyse

```bash

Analyze complex project with multiple files

python run.py -c main.cpp -d ./src/ -m 200 -k 20

Focus on specific function

python run.py -c auth.cpp -f authenticate_user -l o3-mini

Extended analysis with detailed history

python run.py -c network.cpp -k 30 -m 150 ```_

Umwelt Setup

API Schlüsselkonfiguration

```bash

Set OpenAI API key (required)

export OPENAI_API_KEY='sk-your-api-key-here'

Verify API key is set

echo $OPENAI_API_KEY

Alternative: Create .env file

echo "OPENAI_API_KEY=sk-your-api-key-here" > .env ```_

Systemabhängigkeiten

```bash

Ubuntu/Debian

sudo apt-get update sudo apt-get install gdb g++ python3-pip

CentOS/RHEL

sudo yum install gdb gcc-c++ python3-pip

macOS (with Homebrew)

brew install gdb xcode-select --install ```_

Debugging und Analyse

GDB Integration

```bash

Baby-naptime automatically uses GDB for:

- Memory layout analysis

- Crash reproduction

- Exploit validation

- Stack trace generation

Manual GDB debugging (if needed)

gdb ./compiled_binary (gdb) run (gdb) bt (gdb) info registers ```_

Binary Compilation

```bash

Baby-naptime compiles with security mitigations disabled:

-fno-stack-protector (disable stack canaries)

-z execstack (enable executable stack)

-no-pie (disable position independent executable)

Manual compilation for testing

gcc -fno-stack-protector -z execstack -no-pie vulnerable.c -o vulnerable ```_

Ausgabe und Reporting

Ergebnisse

```bash

Check generated reports

ls results/ cat results/[filename]_summary.md

View detailed analysis

less results/[filename]_summary.md

Copy results to another location

cp results/*.md /path/to/reports/ ```_

Bericht Struktur

```bash

Each report contains:

- Executive summary

- Technical analysis

- Exploitation methodology

- Working payload

- Proof of concept

```_

Allgemeine Anwendungsfälle

Pufferüberlaufanalyse

```bash

Analyze buffer overflow vulnerabilities

python run.py -c buffer_overflow.c -l gpt-4o

Focus on memory corruption

python run.py -c heap_overflow.cpp -l o3-mini -k 20 ```_

Format String Schwachstellen

```bash

Analyze format string bugs

python run.py -c format_string.c -l gpt-4o-mini

Extended analysis for complex cases

python run.py -c printf_vuln.c -m 100 -k 25 ```_

Verwendung nach freier Erkennung

```bash

Analyze memory management issues

python run.py -c use_after_free.cpp -l o1-preview

Focus on heap analysis

python run.py -c heap_vuln.c -l gpt-4o -k 30 ```_

Fehlerbehebung

Gemeinsame Themen

```bash

API key not set

export OPENAI_API_KEY='your-key-here'

Missing dependencies

pip install -r requirements.txt sudo apt-get install gdb g++

Permission issues

chmod +x run.py sudo chown \(USER:\)USER -R baby-naptime/

Python version issues

python3 --version # Should be 3.7+ pip3 install -r requirements.txt ```_

Debug Mode

```bash

Enable verbose output

python run.py -c code.cpp -l gpt-4o --verbose

Check system compatibility

python -c "import sys; print(sys.version)" gdb --version gcc --version ```_

Leistungsoptimierung

Effiziente Analyse

```bash

Use faster models for initial screening

python run.py -c code.cpp -l gpt-3.5-turbo

Optimize context history for speed

python run.py -c code.cpp -k 10 -m 50

Use targeted analysis

python run.py -c code.cpp -f vulnerable_function ```_

Ressourcenmanagement

```bash

Limit iterations for large codebases

python run.py -c large_project.cpp -m 75

Manage memory usage

python run.py -c code.cpp -k 8

Batch processing multiple files

for file in *.cpp; do python run.py -c "$file" -l gpt-4o-mini done ```_

Integrationsbeispiele

CI/CD Pipeline

```bash

Add to GitHub Actions

name: Security Analysis run:| export OPENAI_API_KEY=$\\{\\{ secrets.OPENAI_API_KEY \\}\\} python run.py -c src/main.cpp -l gpt-4o-mini

Jenkins integration

sh 'python run.py -c $\\{WORKSPACE\\}/src/main.cpp' ```_

Automatisches Scannen

```bash

Scan all C/C++ files in project

find . -name ".cpp" -o -name ".c"|while read file; do echo "Analyzing \(file" python run.py -c "\)file" -l gpt-4o-mini done

Generate combined report

cat results/*summary.md > combined_security_report.md ```

Best Practices

Effektive Nutzung

```bash

Start with faster models for initial assessment

python run.py -c code.cpp -l gpt-3.5-turbo

Use advanced models for detailed analysis

python run.py -c critical_code.cpp -l o1-preview -k 25

Maintain reasonable iteration limits

python run.py -c code.cpp -m 100 # Good balance

Focus analysis on specific functions

python run.py -c auth.cpp -f login_handler ```_

Sicherheitsüberlegungen

```bash

Always test in isolated environment

Never run on production systems

Obtain proper authorization before testing

Review generated exploits carefully

Use for educational/research purposes only

```_

--

** Projektarchiv:** (https://github.com/faizann24/baby-naptime](https://github.com/faizann24/baby-naptime) License: GPL-3.0 Sprache: Python (94,7%), C++ (4,6%), C (0.7%) Stars: 151+|Forks: 19+