What it is

Barbarik is an autonomous security research engine designed to systematically analyze attack surfaces, synthesize reconnaissance data, and construct evidence-driven exploitation strategies. Rather than relying on isolated scans or signature-based detection, Barbarik integrates multi-stage reconnaissance, ontology-based normalization, exploit intelligence correlation, and agent-driven reasoning to evaluate how real-world systems could be compromised under realistic assumptions. The focus is on traceability, defensibility, and structured reasoning, not blind exploitation.

Why I'm building it

I built Barbarik to explore how automated systems can reason about security the way experienced human testers do, that is, by forming hypotheses, validating evidence, ruling out weak paths, and documenting conclusions clearly.

The project grew out of frustration with tools that either produce noisy, shallow results or overclaim vulnerabilities without defensible evidence.
It wasn't all frustration, however. As someone who has frequented CTFs before, it was also born out of a curiosity to automate the very methods that would sometimes take me days.

Barbarik forced me to think deeply about ontology design, staged reasoning, LLM reliability, tool contracts, and how to balance automation with epistemic honesty. It also pushed me to confront issues like hallucination control, evidence logging, and report credibility.

How it works(High-Level)

At a conceptual level, Barbarik operates as a staged intelligence pipeline rather than a single scanner, where each layer refines uncertainty rather than producing final claims.

• Reconnaissance Layer:
  Performs lightweight and targeted recon using tools like Nmap, WhatWeb, DNS enumeration, directory discovery, and traffic analysis.

• Normalization & Ontology Layer:
  All raw outputs are normalized into a unified knowledge graph representing services, endpoints, parameters, technologies, and observed behaviors.

• Exploit Intelligence Correlation:
  An internal attack engine maps observed services and configurations against curated exploit intelligence to generate ranked possibilities, not claims.

• Strategist Agents:
  Dedicated reasoning agents analyze the ontology to identify realistic attack surfaces, form exploit chains, and define constraints for safe execution.

• Planner & Execution Engine:
  Converts strategic intent into concrete, contract-validated tool actions, executing investigative and validation steps while logging structured evidence.

• Reporting Layer:
  Automatically generates human-readable reports that document findings, suspected vulnerabilities, ruled-out vectors, and reproduction steps with clear justification.

Status:

Barbarik is an active research prototype focused on reasoning quality, evidence integrity, and reporting fidelity rather than fully autonomous exploitation.