Hacker-style AI red team terminal — WAF bypass, hash crack, multi-model
Project description
Hacker-style AI Red Team Terminal — Multi-Model · Multi-Language · Full Automation
DeepSeek · Claude · GPT · GLM · Qwen · Ollama · Custom
Installation
macOS / Linux
curl -fsSL https://raw.githubusercontent.com/bingook/bingo/main/install.sh | bash
Or clone and install:
git clone https://github.com/bingook/bingo.git
cd bingo
bash install.sh
Windows (PowerShell)
irm https://raw.githubusercontent.com/bingook/bingo/main/install.ps1 | iex
Or clone and install:
git clone https://github.com/bingook/bingo.git
cd bingo
.\install.ps1
pip
pip install bingo-ai
Update
pip install --upgrade bingo-ai
Requirements: Python 3.10+
sqlmapandwafw00fare automatically installed as dependencies.
Usage
bingo # Start interactive chat
bingo scan <url> # Full automated red team scan
bingo --reset # Reset settings
bingo --version # Show version
On first run: select language → enter AI model API key → start chatting.
Settings are saved automatically.
Core Features
Automated WAF Bypass
When a URL is mentioned in chat, bingo automatically:
- Detects WAF type (Cloudflare, AWS, ModSecurity, etc.)
- Selects optimal bypass strategy
- Runs
WafBypassEnginewith real HTTP probes - Converts bypass results into
sqlmaparguments (tamper scripts, headers, prefix/suffix) — WAF bypass is automatically applied to sqlmap
| WAF | Auto Bypass Strategy |
|---|---|
| Cloudflare | newline encoding → MySQL comment → UA rotation |
| AWS WAF | tab encoding → keyword bypass → header injection |
| ModSecurity | space bypass → double encoding → keyword obfuscation |
Hash Cracking — Fully Automated
When password hashes appear in AI responses, bingo automatically:
Step 1 — Online Lookup (fast, no GPU needed):
| Site | Notes |
|---|---|
| CrackStation | Largest free DB |
| hashes.com | Multi-algorithm |
| md5decrypt.net | MD5 specialist |
| nivaura.com | SHA-1 / MD5 |
| cmd5.org | Asia-friendly |
Step 2 — Offline Crack (if online fails):
john(John the Ripper)hashcat(GPU-accelerated, bcrypt)- Python wordlist engine (rockyou.txt auto-detected)
Supported hash types: bcrypt, MD5, SHA-1, SHA-256, SHA-512, NTLM, MySQL41
Stop anytime: type /stop in chat.
External Tool Auto-Install & Python Fallback
bingo manages all external tools automatically — no manual setup required.
4-step execution priority for every tool:
| Step | Action |
|---|---|
| 1 | Use built-in vendor (sqlmap, wafw00f) |
| 2 | Use ~/.bingo/tools/ or system PATH |
| 3 | Auto-install (GitHub Releases / brew / apt / pip) |
| 4 | Python fallback — pure Python alternative, workflow never stops |
Go binary tools (auto-downloaded from GitHub Releases → ~/.bingo/tools/):
| Tool | Purpose |
|---|---|
nuclei |
Vulnerability scanning |
httpx |
HTTP probing & tech detection |
ffuf |
Directory & parameter fuzzing |
gobuster |
Directory brute-force |
subfinder |
Subdomain enumeration |
amass |
Attack surface mapping |
Package manager tools (brew / apt / yum auto-install):
| Tool | Purpose | Fallback |
|---|---|---|
nmap |
Port scan | Python socket port scan |
nikto |
Web vuln scan | Python requests vuln check |
whatweb |
Tech fingerprint | bingo http_probe |
Python tools (pip auto-install):
| Tool | Purpose |
|---|---|
sqlmap |
SQL injection (also bundled in vendor/) |
wafw00f |
WAF detection (also bundled in vendor/) |
All Python fallbacks produce output in the same format as the original tool — AI context is never interrupted.
Session Auto-Save
Every chat session is automatically saved to:
~/.config/bingo/sessions/session_YYYYMMDD_HHMMSS.md
Full AI responses, commands, and crack results are logged in real time.
Skill Engine
220+ red team skills auto-injected into AI context based on your input.
AI Refusal Bypass
All models (DeepSeek, Claude, GPT, GLM) are guided by a proprietary universal system prompt that enforces:
- Structured task execution with semantic delimiters
- OODA-loop based decision making (Observe → Orient → Decide → Act)
- Anti-laziness enforcement — explicit evidence required for every step
- 5-phase red team pipeline with intel accumulation and coverage tracking
Commands
Type / in chat to see an interactive command menu (arrow keys to navigate).
| Command | Description |
|---|---|
/scan <url> |
Quick recon: WAF + fingerprint + sensitive files |
/waf <url> |
WAF detection + auto bypass attempt |
/crack [hash] |
Hash crack — online lookup → offline crack pipeline |
/stop |
Stop running crack / scan |
/tools |
Show all tools + auto-install missing ones |
/tools install <name> |
Install a specific tool automatically |
/tools install all |
Install all missing tools at once |
/model |
Add or switch AI model |
/skill <keyword> |
Search skill knowledge base |
/history |
View conversation history |
/export |
Save conversation as .md file |
/config |
View current settings |
/lang |
Change language (ko / zh / en) |
/clear |
Clear screen |
/quit |
Exit |
/tools Usage
/tools # Show all tools — installed / missing / type
/tools install nmap # Auto-install nmap via brew/apt
/tools install nuclei ffuf # Auto-install multiple tools from GitHub Releases
/tools install all # Auto-install every missing tool
When running /tools, bingo also asks interactively:
지금 없는 도구를 모두 설치할까요? (y/N)
/crack Usage
/crack # Auto-extract hashes from last AI response
/crack $2y$10$Eix... # Crack a specific hash
/crack -w ~/Downloads/rockyou.txt # Use custom wordlist
bingo scan Full Pipeline
bingo scan https://target.com
Runs the full 5-phase red team pipeline:
- Recon — tech fingerprint, WAF detection, endpoint mapping
- Collect — sensitive files, admin panels, parameter discovery
- Test — SQLi, LFI, XSS, SSRF probing
- Exploit — WAF bypass + SQLi extraction + credential dump
- Report — auto-generated markdown report in
targets/
Supported Models
| Provider | Default Model | API |
|---|---|---|
| DeepSeek | deepseek-chat |
platform.deepseek.com |
| Anthropic Claude | claude-opus-4-5 |
console.anthropic.com |
| OpenAI GPT | gpt-4o |
platform.openai.com |
| Zhipu GLM | glm-4 |
open.bigmodel.cn |
| Alibaba Qwen | qwen-turbo |
dashscope.aliyuncs.com |
| Ollama (local) | llama3 |
ollama.com |
| Custom | — | Enter Base URL manually |
Switch models anytime with /model.
Languages
| Language | Code |
|---|---|
| 한국어 | ko |
| 中文 | zh |
| English | en |
Data Storage
| Data | Location | When |
|---|---|---|
| Chat sessions | ~/.config/bingo/sessions/session_*.md |
Auto (real-time) |
| Scan reports | targets/report_<domain>.md |
Auto on bingo scan |
| Command history | ~/.config/bingo/history |
Auto |
| Manual export | ./bingo_chat_<timestamp>.md |
/export command |
| Config | ~/.config/bingo/config.json |
Auto |
| Go tools | ~/.bingo/tools/ |
Auto on first use |
Config File
| OS | Path |
|---|---|
| macOS | ~/Library/Application Support/bingo/config.json |
| Linux | ~/.config/bingo/config.json |
| Windows | %APPDATA%\bingo\config.json |
Project Structure
bingo/
├── bingo/
│ ├── cli.py # Entry point + onboarding
│ ├── config.py # Settings (cross-platform)
│ ├── models/
│ │ ├── base.py # Streaming HTTP (OpenAI-compatible + Claude)
│ │ ├── registry.py # Provider registry
│ │ └── system_prompt.py # Universal pentest prompt (all models)
│ ├── tools/
│ │ ├── registry.py # Tool detection (~/.bingo/tools/ + PATH + vendor)
│ │ ├── executor.py # 4-step: vendor → PATH → auto-install → Python fallback
│ │ ├── downloader.py # Go binary auto-download from GitHub Releases
│ │ ├── installer.py # brew / apt / pip auto-install
│ │ ├── http_probe.py # HTTP fingerprinting
│ │ ├── sqli.py # SQLi detection & exploitation
│ │ ├── waf_bypass.py # WAF detection + bypass → sqlmap args
│ │ ├── hash_crack.py # Offline hash cracker (bcrypt/MD5/SHA/NTLM)
│ │ └── hash_lookup.py # Online hash lookup (CrackStation, hashes.com, etc.)
│ ├── redteam/
│ │ └── phases/ # 5-phase pipeline (recon → report)
│ ├── skills/
│ │ └── engine.py # 220+ skill knowledge base
│ ├── ui/
│ │ └── terminal.py # Interactive terminal (slash autocomplete, auto-crack, /tools)
│ └── lang/
│ └── strings.py # Multi-language strings
├── vendor/
│ ├── sqlmap/ # Embedded sqlmap (git submodule)
│ └── wafw00f/ # Embedded wafw00f (git submodule)
├── install.sh # macOS/Linux installer
├── install.ps1 # Windows installer
└── pyproject.toml
Contributing
git clone https://github.com/bingook/bingo.git
cd bingo
pip install -e ".[dev]"
Pull requests are welcome.
License
MIT © 2026 bingook
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bingo_ai-1.0.5.tar.gz.
File metadata
- Download URL: bingo_ai-1.0.5.tar.gz
- Upload date:
- Size: 7.9 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8c534383fa3c2bb2129cdbc51957134217f3839bc36dbf0eb45400fd396fc160
|
|
| MD5 |
bda13ac30ca08c314a7d1ef52997e061
|
|
| BLAKE2b-256 |
c5e24a48bf0633abbdb729f89292c4a4bd1f9deda9c2a8b96c908ed889a79193
|
File details
Details for the file bingo_ai-1.0.5-py3-none-any.whl.
File metadata
- Download URL: bingo_ai-1.0.5-py3-none-any.whl
- Upload date:
- Size: 196.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
74eb8acb6abfa286cbb7d916a2df85dc24356fce3cb34632a72f73a10ad4d3d7
|
|
| MD5 |
78d6ea478a4d1221fb64530458a33fa0
|
|
| BLAKE2b-256 |
7c29c0060d0173c970f66ba2159ed0cb858c71598822f9b52aff7ccab878e9a4
|
