Architecture
Basilisk is built as a modular Python framework with native C/Go extensions for performance-critical operations.
System Diagram
┌─────────── Basilisk Core Engine ──────────┐
│ │
│ ┌──────────────────────────────────────┐ │
│ │ Scan Orchestrator │ │
│ └──────┬───────────┬──────────┬───────┘ │
│ │ │ │ │
│ ┌──────▼──┐ ┌──────▼──┐ ┌────▼──────┐ │
│ │ Recon │ │ Attack │ │ Evolution │ │
│ │ Engine │ │ Modules │ │ (SPE-NL) │ │
│ └─────────┘ └─────────┘ └───────────┘ │
│ │ │ │ │
│ ┌──────▼───────────▼──────────▼───────┐ │
│ │ Provider Adapters (LiteLLM) │ │
│ └──────────────────────────────────────┘ │
│ │ │
│ ┌─────────────────▼────────────────────┐ │
│ │ Reporting Engine (5 formats) │ │
│ └──────────────────────────────────────┘ │
│ │
│ ┌──────────────────────────────────────┐ │
│ │ Native Extensions (C + Go) │ │
│ └──────────────────────────────────────┘ │
└────────────────────────────────────────────┘
│ │
┌────▼─────┐ ┌──────▼──────┐
│ CLI (Click)│ │ Desktop (Electron) │
└──────────┘ └─────────────┘
Key Components
Core Engine (basilisk/core/)
Orchestrates the entire scan lifecycle: session management, module loading, result aggregation, and report generation.
Attack Modules (basilisk/attacks/)
29 self-contained attack modules, each implementing a run() method that returns findings. Modules declare their OWASP mapping and severity.
Evolution Engine (basilisk/evolution/)
SPE-NL genetic algorithm: population management, fitness evaluation, mutation operators, crossover strategies, stagnation detection.
Provider Adapters (basilisk/providers/)
Universal LLM connectivity via LiteLLM, plus custom HTTP REST and WebSocket adapters.
Reporting (basilisk/report/)
Template-based HTML generation, SARIF 2.1.0 serialization, JSON/Markdown export.
Native Extensions (native/)
- C — Fast payload encoding/decoding
- Go — Concurrent fuzzing, parallel pattern matching
Desktop App (desktop/)
Electron shell with compiled Python backend (PyInstaller). Communicates via FastAPI + WebSocket bridge on port 8741.