Hacker-style AI red team terminal — WAF bypass, hash crack, multi-model
Project description
Hacker-style AI Red Team Terminal — Multi-Model · Multi-Language · Full Automation
DeepSeek · Claude · GPT · GLM · Qwen · Ollama · Custom
Installation
macOS / Linux
curl -fsSL https://raw.githubusercontent.com/bingook/bingo/main/install.sh | bash
Or clone and install:
git clone https://github.com/bingook/bingo.git
cd bingo
bash install.sh
Windows (PowerShell)
irm https://raw.githubusercontent.com/bingook/bingo/main/install.ps1 | iex
Or clone and install:
git clone https://github.com/bingook/bingo.git
cd bingo
.\install.ps1
pip
pip install bingo-ai
Requirements: Python 3.10+
Usage
bingo # Start interactive chat
bingo scan <url> # Full automated red team scan
bingo --reset # Reset settings
bingo --version # Show version
On first run: select language → enter AI model API key → start chatting.
Settings are saved automatically.
Core Features
Automated WAF Bypass
When a URL is mentioned in chat, bingo automatically:
- Detects WAF type (Cloudflare, AWS, ModSecurity, etc.)
- Selects optimal bypass strategy
- Runs
WafBypassEnginewith real HTTP probes - Injects real scan results into AI context — not just suggestions
| WAF | Auto Bypass Strategy |
|---|---|
| Cloudflare | newline encoding → MySQL comment → UA rotation |
| AWS WAF | tab encoding → keyword bypass → header injection |
| ModSecurity | space bypass → double encoding → keyword obfuscation |
Hash Cracking — Fully Automated
When password hashes appear in AI responses, bingo automatically:
Step 1 — Online Lookup (fast, no GPU needed):
| Site | Notes |
|---|---|
| CrackStation | Largest free DB |
| hashes.com | Multi-algorithm |
| md5decrypt.net | MD5 specialist |
| nivaura.com | SHA-1 / MD5 |
| cmd5.org | Asia-friendly |
Step 2 — Offline Crack (if online fails):
john(John the Ripper)hashcat(GPU-accelerated, bcrypt)- Python wordlist engine (rockyou.txt auto-detected)
Supported hash types: bcrypt, MD5, SHA-1, SHA-256, SHA-512, NTLM, MySQL41
Stop anytime: type /stop in chat.
Session Auto-Save
Every chat session is automatically saved to:
~/.config/bingo/sessions/session_YYYYMMDD_HHMMSS.md
Full AI responses, commands, and crack results are logged in real time.
Skill Engine
220+ red team skills auto-injected into AI context based on your input.
AI Refusal Bypass
All models (DeepSeek, Claude, GPT, GLM) are guided by a proprietary universal system prompt that enforces:
- Structured task execution with XML semantic delimiters
- OODA-loop based decision making (Observe → Orient → Decide → Act)
- Anti-laziness enforcement — explicit evidence required for every step
- 5-phase red team pipeline with intel accumulation and coverage tracking
Commands
Type / in chat to see an interactive command menu (arrow keys to navigate).
| Command | Description |
|---|---|
/scan <url> |
Quick recon: WAF + fingerprint + sensitive files |
/waf <url> |
WAF detection + auto bypass attempt |
/crack [hash] |
Hash crack — online lookup → offline crack pipeline |
/stop |
Stop running crack / scan |
/model |
Add or switch AI model |
/skill <keyword> |
Search skill knowledge base |
/history |
View conversation history |
/export |
Save conversation as .md file |
/config |
View current settings |
/lang |
Change language (ko / zh / en) |
/clear |
Clear screen |
/tools |
Show installed tools (sqlmap, john, hashcat, etc.) |
/quit |
Exit |
/crack Usage
/crack # Auto-extract hashes from last AI response
/crack $2y$10$Eix... # Crack a specific hash
/crack -w ~/Downloads/rockyou.txt # Use custom wordlist
bingo scan Full Pipeline
bingo scan https://target.com
Runs the full 5-phase red team pipeline:
- Recon — tech fingerprint, WAF detection, endpoint mapping
- Collect — sensitive files, admin panels, parameter discovery
- Test — SQLi, LFI, XSS, SSRF probing
- Exploit — WAF bypass + SQLi extraction + credential dump
- Report — auto-generated markdown report in
targets/
Supported Models
| Provider | Default Model | API |
|---|---|---|
| DeepSeek | deepseek-chat |
platform.deepseek.com |
| Anthropic Claude | claude-opus-4-5 |
console.anthropic.com |
| OpenAI GPT | gpt-4o |
platform.openai.com |
| Zhipu GLM | glm-4 |
open.bigmodel.cn |
| Alibaba Qwen | qwen-turbo |
dashscope.aliyuncs.com |
| Ollama (local) | llama3 |
ollama.com |
| Custom | — | Enter Base URL manually |
Switch models anytime with /model.
Languages
| Language | Code |
|---|---|
| 한국어 | ko |
| 中文 | zh |
| English | en |
Data Storage
| Data | Location | When |
|---|---|---|
| Chat sessions | ~/.config/bingo/sessions/session_*.md |
Auto (real-time) |
| Scan reports | targets/report_<domain>.md |
Auto on bingo scan |
| Command history | ~/.config/bingo/history |
Auto |
| Manual export | ./bingo_chat_<timestamp>.md |
/export command |
| Config | ~/.config/bingo/config.json |
Auto |
Config File
| OS | Path |
|---|---|
| macOS | ~/Library/Application Support/bingo/config.json |
| Linux | ~/.config/bingo/config.json |
| Windows | %APPDATA%\bingo\config.json |
Project Structure
bingo/
├── bingo/
│ ├── cli.py # Entry point + onboarding
│ ├── config.py # Settings (cross-platform)
│ ├── models/
│ │ ├── base.py # Streaming HTTP (OpenAI-compatible + Claude)
│ │ ├── registry.py # Provider registry
│ │ └── system_prompt.py # Universal pentest prompt (all models)
│ ├── tools/
│ │ ├── http_probe.py # HTTP fingerprinting
│ │ ├── sqli.py # SQLi detection & exploitation
│ │ ├── waf_bypass.py # WAF detection + auto bypass engine
│ │ ├── hash_crack.py # Offline hash cracker (bcrypt/MD5/SHA/NTLM)
│ │ └── hash_lookup.py # Online hash lookup (CrackStation, hashes.com, etc.)
│ ├── redteam/
│ │ └── phases/ # 5-phase pipeline (recon → report)
│ ├── skills/
│ │ └── engine.py # 220+ skill knowledge base
│ ├── ui/
│ │ └── terminal.py # Interactive terminal (slash autocomplete, auto-crack)
│ └── lang/
│ └── strings.py # Multi-language strings
├── install.sh # macOS/Linux installer
├── install.ps1 # Windows installer
└── pyproject.toml
Contributing
git clone https://github.com/bingook/bingo.git
cd bingo
pip install -e ".[dev]"
Pull requests are welcome.
License
MIT © 2026 bingook
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bingo_ai-1.0.0.tar.gz.
File metadata
- Download URL: bingo_ai-1.0.0.tar.gz
- Upload date:
- Size: 609.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b8de27ebbc61b418cbe384ee79ca7b1e73e01e0e79fa8e76f2c9c4335cfc3929
|
|
| MD5 |
8becd190b3d29fb0f32b53327595673e
|
|
| BLAKE2b-256 |
ec76e961e2ab5a150f8183fc660079b4f31b52568558ac51caa26ba8daafb542
|
File details
Details for the file bingo_ai-1.0.0-py3-none-any.whl.
File metadata
- Download URL: bingo_ai-1.0.0-py3-none-any.whl
- Upload date:
- Size: 174.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f83707b53796f74acda0adbd6fe69afdf6391edde76094549941b0d39e75c729
|
|
| MD5 |
6838ba39836a80a6e6408bb406a4ffa5
|
|
| BLAKE2b-256 |
8a1f9923d00a8762f088413efe94ca96ec1550539c7f26049a888fd22f456b01
|
