Unleashing Napalm
Attention, all auditors and security researchers! We’ve got a new tool for you!
You’re a security researcher and you hate repetitive work. So what do you do? You’ve compiled a nice collection of analysis rules and detection modules that automatically do all the repetitive work for you. Life is great, until, …. You’ve got 100+ modules, some for slither, others for semgrep and things are getting out of hand! You have to spend time writing scripts to run the right modules at the right time, and it’s impossible to even keep track of what you can automatically detect.
Does this sound like you? If so, we have the solution you’ve been waiting for: 🔥 Napalm.
🔥 Introducing Napalm
Napalm is a security researcher productivity framework designed to streamline your workflow and boost your productivity.
It does so by solving two core problems with custom detection module usage:
DevEx → Napalm brings huge improvements for rule organisation, and allows you to just focus on writing modules.
UserEx → Napalm takes away all of the struggles that come with using custom modules, making it as easy as running vanilla semgrep or slither !
Napalm doesn’t stop at DX and UX, it also provides enhanced analyses using AI (in a way that makes actual sense). Read on to learn more!
Napalm helps you organise and orchestrate, so you can focus on what matters. Writing modules and finding bugs!
🥷 DevEx: Pure convenience
As a detection module developer you have to worry about many things.
You have organised loads of detection modules, often written for different tools. You’ll have to figure out how python works, and how to hook your modules into Slither! Even if when you’ve taken care of all that, you’ll have to build tons of scripts to orchestrate running the right modules at the right time.
Napalm takes care of all of this! Just run napalm init and you’ll be provided with a project directory where you can just “drop” your detection modules. Napalm will automatically recognise semgrep and slither detection modules and handle the rest for you!
It doesn’t stop there. Napalm encourages you to use a battle tested directory structure to organise your detection modules. It comes with three default collections, but has plenty of room for you to create your own!
.
└── your_module/
├── detectors/ <- drop your detection modules here/
│ └── my_alpha_rich_detection_module.py
├── indicators/ <- drop your rules/ modules that find vuln indicators here
├── optimizations/ <- drop your gas optimisation rules and modules here
└── your_own_collection_name/ <- ofc you can come up with your own collections
Napalm enables module developers to focus on what matters: developing new rules.
🧑💻 UserEx: Pure convenience
Working with custom detection modules is a pain in the ***!
You’ll rarely want to run all the detection modules you’ve gathered at the same time. Doing so will lead to ugly scripts. Scripts which you would have had to update almost every time you worked on your detection modules. Scripts like this:
#/user/you/scripts/run_detectors
semgrep --config /user/you/modules/detectors/some_rules.yml --config <...> ...
slither --detect custom_module_1, custom_module_2, custom_module_3, ...
Not with Napalm! (set fire 🔥 to those scripts)
Napalm completely automates this process. Add a new detection module to detectors/ , and napalm immediately updates. The detect workflow will automatically be updated, and all you need to do is run: napalm run detect.
It doesn’t stop there!
Napalm automatically parses, merges, and enhances the results from the different tools, providing you with a beautiful report.
But wait. There is more! Napalm builds on top of the python packaging system to allow module devs to share their detection modules by simply pushing their napalm project to pypi.
Napalm makes working with (your own) custom detection modules effortless.
🚀 More than the sum of its parts
Being in the center of things enables napalm to become more than just a simple orchestration framework, and extend analysis capabilities and results beyond what individual tools provide.
ai false positive filtering - Napalm uses the latest models to add enhanced false positive filtering, a capability that’s not available in tools such as slither or semgrep.
reporting - Napalm is in the perfect position to clean, analyze, and produce beautiful consistent reports detailing the results of all your analyses!
🔥 Ignite your workflow using Napalm
Writing and using your own custom detection modules can be super easy!
All you need to do is install napalm:
pip install 'napalm-toolbox[slither]'
Check out this post for or a quick get started guide.