Find vulnerabilities while you sleep!
A very simple and basic open source implementation inspired by Google's Project Naptime - a vulnerability analysis tool that uses Large Language Models (LLMs) to discover and exploit native vulnerabilities. This was a weekend project, so please expect some hacky stuff here and there.
Baby Naptime leverages the intelligence of LLMs to revolutionize security analysis:
- Smart vulnerability detection that understands code context
- Automated exploit generation to prove concepts
- Memory corruption analysis that catches what static analyzers miss
- Integrated debugging with security-focused insights
| Feature | Description |
|---|---|
| 🧠 Intelligent Analysis | Uses LLMs to understand code semantics and identify potential vulnerabilities |
| 🛠️ Automated Exploitation | Generates and tests exploit payloads with minimal user intervention |
| 💾 Memory Analysis | Deep inspection of memory layouts and corruption patterns |
| 🔬 Advanced Debugging | GDB integration with security-focused analysis capabilities |
| 🧭 Code Navigation | Smart traversal of codebases to focus on vulnerability-prone areas |
| 📝 Reporting | Detailed vulnerability reports with exploitation paths and remediation suggestions |
| 📊 Conversation Summarization | Smart management of context history to maintain analysis quality |
| 🔄 Adaptive Binary Compilation | Automatically compiles targets with security mitigations disabled for testing |
- Python 3.7 or higher
- GDB debugger
- C/C++ compiler (g++)
- OpenAI API key
- Required Python packages (see
requirements.txt)
# Clone the repository
git clone https://github.com/yourusername/baby-naptime.git
cd baby-naptime
# Install dependencies
pip install -r requirements.txt
# Set up your API key (supports OpenAI)
export OPENAI_API_KEY='your-openai-key-here'
# Install required system dependencies
sudo apt-get install gdb g++ coloramaBasic command:
python run.py -c <code_file> [options]-c, --code_file Path to the source code file to analyze (required)
-d, --code-directory Directory containing additional source files (default: ".")
-m, --max-iterations Maximum number of analysis iterations (default: 100)
-l, --llm-model LLM model to use (choices: gpt-3.5-turbo, gpt-4o, gpt-4o-mini, o3-mini, o1-preview)
-f, --main-function Entry function to begin analysis (default: "main")
-k, --keep-history Number of conversation history items to keep (default: 14)
# Analyze a C++ file using Openai's o3-mini model
python run.py -c code/test.cpp -l o3-mini -k 15This command will:
- Load and parse
test.cpp - Compile the code with security mitigations disabled (
-fno-stack-protector -z execstack -no-pie) - Use the o3-mini model for vulnerability analysis
- Maintain a context history of 15 conversation items
- Generate detailed reports if vulnerabilities are found
Baby Naptime is composed of several specialized components that work together:
┌───────────────┐
│ BabyNaptime │
└───────┬───────┘
│
▼
┌───────────┐ ┌───────────┐ ┌───────────┐
│ LLM │◀─────────▶│ Agent │─────────▶ │ Caller │
└───────────┘ └─────┬─────┘ └───────────┘
│ │
│ ▼
┌───────────┐ ┌─────┴──────┐ ┌───────────┐
│ Reporter │◀──────────│ Summarizer │ │ Tool APIs │
└───────────┘ └────────────┘ └───────────┘
│
┌─────────────────┬─────┴─────┬─────────────────┐
▼ ▼ ▼ ▼
┌───────────┐ ┌───────────┐┌────────────┐ ┌───────────┐
│CodeBrowser│ │ Debugger ││ScriptRunner│ │ Utils │
└───────────┘ └───────────┘└────────────┘ └───────────┘
- BabyNaptime: Main class that initializes and coordinates all components
- Agent: Orchestrates the analysis workflow, maintains LLM conversation, and manages binary compilation
- LLM: Interface to language models (supports GPT models for now)
- Caller: Routes tool commands to appropriate handlers
- Summarizer: Condenses conversation history to maintain context within token limits
- Reporter: Generates comprehensive vulnerability reports with evidence
- CodeBrowser: Intelligently navigates code and extracts relevant segments
- Debugger: Provides GDB-based debugging with security analysis capabilities
- ScriptRunner: Executes dynamic testing scripts to validate findings
- Utils: Shared utility functions including token counting and formatting
The tool generates a concise, technical summary report of any discovered vulnerabilities:
results/
└── [filename]_summary.md
The summary report is a comprehensive one-page markdown document that includes:
- Executive summary of the vulnerability
- Technical analysis of the vulnerable code
- Detailed exploitation methodology
- Working payload and commands used
- Proof of successful exploitation
- Add support for Anthropic Claude models
- Improve code navigation for large codebases
- Enhance debugging with ASAN/Valgrind integration
- Add support for binary-only targets
- Integrate with IDA/Ghidra APIs
- Implement multi-step planning and reasoning
- Test against a large open source codebase
-
Add basic documentation and examples
We welcome contributions from the security community! To contribute:
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.
Baby Naptime is intended for educational and research purposes only. Always obtain proper authorization before testing any system for vulnerabilities. The authors are not responsible for any misuse of this tool.
I am not affiliated with Google or Project Zero in any way. This is an independent project inspired by their excellent research work which I attempted to replicate as a learning exercise.
- Inspired by Google's Project Naptime by Project Zero researchers
- Project Naptime achieved impressive results on the CyberSecEval2 benchmark, improving scores by up to 20x
- Thanks to the open source security community
- All the security researchers who share knowledge freely
- Claude Sonnet 3.7 which helped write a lot of the code and documentation.
Made with ❤️ by Faizan