I built a Zeek-based Amadey malware detector… and then absolutely did NOT document it.
https://github.com/keithjjones/zeek-amadey-detector
So instead of fixing my own mess, I made Gemini do it.
In this video:
- How to upload your Zeek package into Gemini
- The prompt I use
- How Canvas mode helps write a good README
- How to refine tone (dark humor encouraged)
- And how to NOT lose your mind exporting Markdown
If your docs look like ancient hieroglyphics carved during a power outage, this one’s for you.
Transcript:
00:00:00:17 – 00:00:29:28
Dr. Keith Jones
Hey everyone, it’s Keith. And today I’m here to admit publicly on the record that I write Zeek packages and still refuse to document them like anything resembling a fully functional human adult. My documentation style is basically “I’ll remember what this does later”. And spoiler, I never do. So today I’m going to show you how to use Google Gemini to produce a readme that doesn’t look like a digital ransom note.
00:00:29:28 – 00:00:53:16
Dr. Keith Jones
I wrote a Zeek package. It’s the Zeek Amadey malware detector. Built it myself because apparently I enjoy hunting malware more than I do documenting my own code. I’m about to throw the repo up on the screen so you can witness this creature in its natural habitat. And the readme that I originally wrote was so bad, it should have been quarantined.
00:00:53:18 – 00:01:14:27
Dr. Keith Jones
If the cyber police knocked on my door and charged me with documentation negligence, I would be guilty. So instead of fixing my own disaster, I yeeted this into Gemini like a cursed artifact and said, good luck, Gemini. But it worked disturbingly well. Let me show you how you can outsource your shame the exact same way I did.
00:01:14:27 – 00:01:42:08
Dr. Keith Jones
So here’s where the fun begins. You think you’re going to upload your nice, tidy little Zeek project into Gemini and haha, no. Gemini only allows ten files at a time per prompt, which is adorable considering most packages are more than ten files. There are usually more of them, more files than you want to upload one by one. So let me show you an automated trick that I use to get around this.
00:01:42:10 – 00:02:04:18
Dr. Keith Jones
As you can clearly see, my project has a generous file count. So what are we going to do? We bend the rules like morally flexible adults. Gemini will let you upload a zip as long as that zip file has ten or less files in it. So you see where I’m going with this? I’m going to upload multiple zips with multiple files in them.
00:02:04:18 – 00:02:25:26
Dr. Keith Jones
As long as the zip file has ten or less files. Gemini will be happy with us. So in my case, I’m going to zip up three things. I’m going to zip up the script files, which is the meat of the logic that I wrote, the testing baseline output, which is logs and things like that. And then the test cases itself.
00:02:25:28 – 00:02:43:23
Dr. Keith Jones
And then I’m going to upload the readme the, the bad one that I wrote initially. And I’m going to upload that uncompressed. So Gemini can basically just start reading it and working on it. But before I do any of that I have to actually make these zip files because Gemini won’t take these files just by dragging and dropping.
00:02:43:25 – 00:02:56:11
Dr. Keith Jones
So I create multiple zips and I named them things like, you know, scripts.zip, tests.zip, the baselines.zip. Group them however it makes sense for your project. I just picked this for my project.
00:02:56:11 – 00:03:13:17
Dr. Keith Jones
Then you simply upload these zip files like you’re smuggling contraband across the AI border. Gemini doesn’t check IDs. It just nods. Let’s them in. Boom. More than ten files uploaded. Problem solved, loophole exploited, and researcher satisfied.
00:03:13:18 – 00:03:51:01
Dr. Keith Jones
Okay, before we move on, here’s an important step. Once your files and zips are uploaded, turn on canvas mode inside Google Gemini. What this does is it lets you collaborate with the AI in real time. You can make edits on the fly and shape your whole readme file as it develops. It’s like having an AI editor who doesn’t sigh loudly every time you miss a comma too. Canvas mode gives you space to tweak phrasing, punch up jokes, fix hallucinations, and generally clean up whatever gremlins Gemini sneaks into the first draft.
00:03:51:03 – 00:03:55:14
Dr. Keith Jones
We’ll use it to refine the readme into something you can actually publish without feeling shame.
00:03:55:16 – 00:04:22:13
Dr. Keith Jones
Once all the zip files are uploaded, this is the exact prompt I use. And look. This was my first attempt at making a prompt specifically for documentation, so don’t treat it like some sacred text. Use it as a starting point. Add to it, tweak it, and mutate it into something more useful for your package. Think of it as a template, not a commandment carved into stone by a caffeinated cybersecurity monkey.
00:04:22:13 – 00:04:23:27
Dr. Keith Jones
And I’m going to read the prompt for you.
00:04:23:27 – 00:04:43:02
Dr. Keith Jones
It says, I am the author of this Zeek package and my readme file could be much better. That’s true. Make a readme file with the following items. What this package detects. How this package detects it. The benefits of running this package. How to install this package. Example output from this package.
00:04:43:05 – 00:04:57:17
Dr. Keith Jones
What to do if this package identifies a detection on your network? And do not put emojis in the readme. And when displaying Zeek logs, use the full tab separated value format instead of the JSON format.
00:04:57:17 – 00:05:06:02
Dr. Keith Jones
yes, I did have to tell it to not use emojis because the last thing I need is a readme that looks like it was written by a bunch of middle schoolers.
00:05:06:04 – 00:05:09:17
Dr. Keith Jones
So now copy this prompt into Gemini and let it rip.
00:05:09:17 – 00:05:29:24
Dr. Keith Jones
So here is where Gemini really flexes. It takes your prompt, throws into whatever overclocked cosmic blender it uses to turn raw chaos into documentation, and spits out a readme that is annoyingly better than anything I would have produced on my best day with eight hours of sleep and double espresso.
00:05:29:27 – 00:05:41:13
Dr. Keith Jones
It’s like hiring someone to clean my house, only to discover they didn’t just tidy up. They alphabetized my condiments. They rewired my cable modem, and they found a remote that I lost in 2019.
00:05:41:15 – 00:05:51:12
Dr. Keith Jones
At some point, it stops being helpful and it starts feeling like a personal attack. So Gemini was able to produce clear and accurate detection explanations.
00:05:51:15 – 00:06:04:14
Dr. Keith Jones
Reasonably sane installation instructions. The example logs are TSV instead of JSON, just like I asked, and it has a tone that suggests that the author is well-rested, which is a lie.
00:06:04:14 – 00:06:15:19
Dr. Keith Jones
It even fabricates example Zeek logs so realistic that I had to triple check they weren’t actually from my network. At this point, I’m not sure if Gemini is helping me or quietly staging a coup.
00:06:15:22 – 00:06:49:01
Dr. Keith Jones
And before you paste this masterpiece that it produced in the GitHub, read over it. Make sure Gemini didn’t hallucinate anything hilariously wrong. Like claiming my Zeek package can detect ransomware via vibes, or that it logs data directly into Splunk without the usual 400 step configuration ritual that goes along with it. Once everything looks good, copy it into Readme.md and enjoy the dopamine rush of looking productive without actually doing the work.
00:06:49:04 – 00:07:10:00
Dr. Keith Jones
Now this step is optional. Okay, there’s a trick that I recommend to polish it once Gemini gives you this clean professional, readme. You can then ask it to rewrite the whole thing in whatever tone you want. So if you have a certain tone when you write articles, you can give it example output and say write it in my tone.
00:07:10:03 – 00:07:31:28
Dr. Keith Jones
So for instance, I could go back to Gemini and say Gemini, rewrite this using sarcasm and dark humor. And that’s when your natural tone is, say, a blend of exhausted researcher and stand up comedian. We don’t put this in our original prompt because we want on our first pass just to get the facts out, and we want it clean and accurate.
00:07:32:00 – 00:07:37:16
Dr. Keith Jones
But after that, then you can layer in whatever personal flavor you want to make the content fun.
00:07:37:16 – 00:07:48:17
Dr. Keith Jones
Think of it like cooking. The first version is the recipe. The second version is the version where you say to hell with the measurements and start tossing in spices until it tastes like your personality.
00:07:48:17 – 00:07:52:21
Dr. Keith Jones
Okay, the last step here is actually the hardest step, in my opinion, of everything.
00:07:52:21 – 00:08:14:22
Dr. Keith Jones
When we are done, we want to take this data that we produce with Gemini and copy it into our README.md. So what we do is we need to copy it in markdown format. And if you use just the copy command on this canvas, you’re not going to get markdown. It’s actually a quite involved little process to get the markdown out.
00:08:14:22 – 00:08:20:13
Dr. Keith Jones
So prepare yourself emotionally, because exporting a canvas to markdown is a journey.
00:08:20:13 – 00:08:36:12
Dr. Keith Jones
First thing you’re going to do is you’re going to export this canvas to a Google Doc. Yes, a Google Doc. We’re already off to a weird start. You’re going to open this Google Doc and you’re going to copy everything you know, ctrl-a to select everything,
00:08:36:12 – 00:08:40:16
Dr. Keith Jones
and you’re going to go to the edit button and say copy as Markdown.
00:08:40:19 – 00:08:45:07
Dr. Keith Jones
That’s what’s going to get you your special markdown format that you’re going to put back into your readme.
00:08:45:07 – 00:08:52:00
Dr. Keith Jones
And now you’re going to take this and you’re going to paste it back into your readme.md file, and you’re going to see the markdown as intended.
00:08:52:02 – 00:09:03:25
Dr. Keith Jones
Now once you are done, you have this stupid Google document just sitting around on your drive that you probably don’t need anymore because you only needed the markdown formatted version of your content.
00:09:03:27 – 00:09:27:20
Dr. Keith Jones
So you can actually go up to file and click and say, move this to the trash can so I don’t have to deal with it anymore. So it’s a painful process, needlessly painful, especially when you compare it to the other chats like ChatGPT, where markdown is literally built in and it’s just a button, just a copy button, and you don’t have to worry about making the document and copying it out fancy or anything like that.
00:09:27:23 – 00:09:33:16
Dr. Keith Jones
But here you have to perform a multi-step purification ceremony. But hey, it’s worth it right?
00:09:33:16 – 00:09:52:05
Dr. Keith Jones
And that’s it. That’s how I use Gemini as my unpaid intern, documentation assistant, and emotional support AI. If this helped you produce a readme that doesn’t look like it was typed with someone wearing oven mitts, please feel free to like and subscribe… or don’t. I’m not your boss.
Leave a Reply