Hacker-style AI Red Team Terminal — Multi-Model · Multi-Language · Full Automation
DeepSeek · Claude · GPT · GLM · Qwen · Ollama · Custom
curl -fsSL https://raw.githubusercontent.com/bingook/bingo/main/install.sh | bashOr clone and install:
git clone https://github.com/bingook/bingo.git
cd bingo
bash install.sh
⚠️ 반드시 PowerShell에서 실행 (CMD 불가) 시작 →PowerShell검색 → 우클릭 → 관리자 권한으로 실행
방법 1 — 자동 설치 (권장):
irm https://raw.githubusercontent.com/bingook/bingo/main/install.ps1 | iex방법 2 — 실행 정책 오류 시:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
irm https://raw.githubusercontent.com/bingook/bingo/main/install.ps1 | iex방법 3 — 수동 설치 (스크립트 없이, 가장 확실):
git clone https://github.com/bingook/bingo.git $env:USERPROFILE\bingo
cd $env:USERPROFILE\bingo
python -m pip install -e .
python -m bingo방법 4 — git 없을 때:
Invoke-WebRequest "https://github.com/bingook/bingo/archive/main.zip" -OutFile "$env:TEMP\bingo.zip" -UseBasicParsing
Expand-Archive "$env:TEMP\bingo.zip" "$env:USERPROFILE" -Force
Rename-Item "$env:USERPROFILE\bingo-main" "$env:USERPROFILE\bingo"
cd "$env:USERPROFILE\bingo"
python -m pip install -e .
python -m bingoRequirements: Python 3.10+, PowerShell 5.1+
bingo # Start interactive chat
bingo scan <url> # Full automated red team scan
bingo --reset # Reset settings
bingo --version # Show versionOn first run: select language → enter AI model API key → start chatting.
Settings are saved automatically.
When a URL is mentioned in chat, bingo automatically:
- AI writes Python code to detect WAF from HTTP headers and response patterns
- Identifies WAF type (Cloudflare, AWS WAF, ModSecurity, Wordfence, etc.)
- Adapts injection payloads with encoding/obfuscation to bypass the WAF
- All steps are executed as real Python scripts — no external tool required
| WAF | Detection Method |
|---|---|
| Cloudflare | cf-ray header, block page signature |
| AWS WAF | x-amzn-requestid header, 403 pattern |
| ModSecurity | Server header, error page content |
When password hashes appear in AI responses, bingo automatically:
Step 1 — Online Lookup (fast, no GPU needed):
| Site | Notes |
|---|---|
| CrackStation | Largest free DB |
| hashes.com | Multi-algorithm |
| md5decrypt.net | MD5 specialist |
| nivaura.com | SHA-1 / MD5 |
| cmd5.org | Asia-friendly |
Step 2 — Offline Crack (if online fails):
john(John the Ripper)hashcat(GPU-accelerated, bcrypt)- Python wordlist engine (rockyou.txt auto-detected)
Supported hash types: bcrypt, MD5, SHA-1, SHA-256, SHA-512, NTLM, MySQL41
Stop anytime: type /stop in chat.
bingo manages all external tools automatically — no manual setup required.
Tool execution priority:
| Step | Action |
|---|---|
| 1 | Use ~/.bingo/tools/ or system PATH |
| 2 | Auto-install (GitHub Releases / brew / apt) |
| 3 | AI-generated Python — AI writes the tool itself, workflow never stops |
Go binary tools (auto-downloaded from GitHub Releases → ~/.bingo/tools/):
| Tool | Purpose |
|---|---|
nuclei |
Vulnerability scanning |
httpx |
HTTP probing & tech detection |
ffuf |
Directory & parameter fuzzing |
gobuster |
Directory brute-force |
subfinder |
Subdomain enumeration |
amass |
Attack surface mapping |
Package manager tools (brew / apt / yum auto-install):
| Tool | Purpose | Fallback |
|---|---|---|
nmap |
Port scan | AI writes Python socket scan |
nikto |
Web vuln scan | AI writes Python vuln check |
whatweb |
Tech fingerprint | bingo http_probe |
AI-generated Python tools run directly — no external binary required.
Every chat session is automatically saved to:
~/.config/bingo/sessions/session_YYYYMMDD_HHMMSS.md
Full AI responses, commands, and crack results are logged in real time.
220+ red team skills auto-injected into AI context based on your input.
All models (DeepSeek, Claude, GPT, GLM) are guided by a proprietary universal system prompt that enforces:
- Structured task execution with semantic delimiters
- OODA-loop based decision making (Observe → Orient → Decide → Act)
- Anti-laziness enforcement — explicit evidence required for every step
- 5-phase red team pipeline with intel accumulation and coverage tracking
Type / in chat to see an interactive command menu (arrow keys to navigate).
| Command | Description |
|---|---|
/scan <url> |
Quick recon: WAF + fingerprint + sensitive files |
/waf <url> |
AI-driven WAF detection + bypass |
/crack [hash] |
Hash crack — online lookup → offline crack pipeline |
/stop |
Stop running crack / scan |
/tools |
Show all tools + auto-install missing ones |
/tools install <name> |
Install a specific tool automatically |
/tools install all |
Install all missing tools at once |
/model |
Add or switch AI model |
/skill <keyword> |
Search skill knowledge base |
/history |
View conversation history |
/export |
Save conversation as .md file |
/config |
View current settings |
/lang |
Change language (ko / zh / en) |
/clear |
Clear screen |
/quit |
Exit |
/tools # Show all tools — installed / missing / type
/tools install nmap # Auto-install nmap via brew/apt
/tools install nuclei ffuf # Auto-install multiple tools from GitHub Releases
/tools install all # Auto-install every missing toolWhen running /tools, bingo also asks interactively:
지금 없는 도구를 모두 설치할까요? (y/N)
/crack # Auto-extract hashes from last AI response
/crack $2y$10$Eix... # Crack a specific hash
/crack -w ~/Downloads/rockyou.txt # Use custom wordlistbingo scan https://target.comRuns the full 5-phase red team pipeline:
- Recon — tech fingerprint, WAF detection, endpoint mapping
- Collect — sensitive files, admin panels, parameter discovery
- Test — SQLi, LFI, XSS, SSRF probing (AI writes Python probes)
- Exploit — WAF bypass + data extraction + credential dump
- Report — auto-generated markdown report in
targets/
| Provider | Default Model | API |
|---|---|---|
| DeepSeek | deepseek-chat |
platform.deepseek.com |
| Anthropic Claude | claude-opus-4-5 |
console.anthropic.com |
| OpenAI GPT | gpt-4o |
platform.openai.com |
| Zhipu GLM | glm-4 |
open.bigmodel.cn |
| Alibaba Qwen | qwen-turbo |
dashscope.aliyuncs.com |
| Ollama (local) | llama3 |
ollama.com |
| Custom | — | Enter Base URL manually |
Switch models anytime with /model.
| Language | Code |
|---|---|
| 한국어 | ko |
| 中文 | zh |
| English | en |
| Data | Location | When |
|---|---|---|
| Chat sessions | ~/.config/bingo/sessions/session_*.md |
Auto (real-time) |
| Scan reports | targets/report_<domain>.md |
Auto on bingo scan |
| Command history | ~/.config/bingo/history |
Auto |
| Manual export | ./bingo_chat_<timestamp>.md |
/export command |
| Config | ~/.config/bingo/config.json |
Auto |
| Go tools | ~/.bingo/tools/ |
Auto on first use |
| OS | Path |
|---|---|
| macOS | ~/Library/Application Support/bingo/config.json |
| Linux | ~/.config/bingo/config.json |
| Windows | %APPDATA%\bingo\config.json |
bingo/
├── bingo/
│ ├── cli.py # Entry point + onboarding
│ ├── config.py # Settings (cross-platform)
│ ├── models/
│ │ ├── base.py # Streaming HTTP (OpenAI-compatible + Claude)
│ │ ├── registry.py # Provider registry
│ │ └── system_prompt.py # Universal pentest prompt (all models)
│ ├── tools/
│ │ ├── registry.py # Tool detection (~/.bingo/tools/ + PATH + vendor)
│ │ ├── executor.py # 4-step: vendor → PATH → auto-install → Python fallback
│ │ ├── downloader.py # Go binary auto-download from GitHub Releases
│ │ ├── installer.py # brew / apt / pip auto-install
│ │ ├── http_probe.py # HTTP fingerprinting
│ │ ├── hash_crack.py # Offline hash cracker (bcrypt/MD5/SHA/NTLM)
│ │ └── hash_lookup.py # Online hash lookup (CrackStation, hashes.com, etc.)
│ ├── redteam/
│ │ └── phases/ # 5-phase pipeline (recon → report)
│ ├── skills/
│ │ └── engine.py # 220+ skill knowledge base
│ ├── ui/
│ │ └── terminal.py # Interactive terminal (slash autocomplete, auto-crack, /tools)
│ └── lang/
│ └── strings.py # Multi-language strings
├── install.sh # macOS/Linux installer
├── install.ps1 # Windows installer
└── pyproject.toml
git clone https://github.com/bingook/bingo.git
cd bingo
bash install.shPull requests are welcome.
MIT © 2026 bingook