bingo  by bingook

AI-powered terminal for automated red teaming and vulnerability analysis

Created 4 weeks ago

New!

292 stars

Top 90.2% on SourcePulse

GitHubView on GitHub
Project Summary

Bingo is an AI-powered red team terminal designed for security professionals and power users, automating complex penetration testing workflows across web, mobile, desktop, and DApp targets. It leverages multiple LLMs to interpret natural language commands, automatically executing reconnaissance, vulnerability detection, exploitation, and post-exploitation phases, significantly accelerating security assessments and reducing manual effort.

How It Works

Bingo employs a hybrid intelligence engine, combining AI-driven strategy with built-in, specialized engines for tasks like SQLi, WAF bypass, and HTTP smuggling. It supports a wide array of AI models (OpenAI, Anthropic, DeepSeek, Ollama, etc.) and features an LLM Orchestrator for dynamic, self-directing attack pipelines. The system includes an anti-hallucination guard, verifying AI-generated findings against real HTTP responses, and a comprehensive, embedded offline knowledge base of CVEs and exploits.

Quick Start & Requirements

  • Primary Install: pip install bingo-ai or clone the repository and run bash install.sh.
  • Prerequisites: Python 3.12 or 3.13. Optional: nmap for enhanced port scanning.
  • Platform: macOS and Linux only. Windows support is discontinued.
  • API Keys: Required for supported AI models (Optional if using local Ollama).
  • Docs: GitHub Repository

Highlighted Details

  • Comprehensive Attack Surface: Supports web targets (SQLi, XSS, SSRF, smuggling, etc.), Android APK, iOS IPA, Windows PE, and DApps/Smart Contracts.
  • Advanced Automation: Features like LLM Orchestrator, 0-day Hunter, AI Spear-Phishing, Supply Chain Scanner, and Recon Module Suite automate complex tasks.
  • Integrated Knowledge: Includes a 115,000+ file offline CVE/Exploit knowledge base and direct CVE lookup via /cve command.
  • Robust Infrastructure: Supports proxy rotation (Tor, SOCKS5, API), WAF bypass techniques, and a Human-In-The-Loop (HITL) gate for dangerous operations.

Maintenance & Community

The project is actively maintained by bingook, with frequent updates and new feature additions detailed in the changelog. Community links such as Discord or Slack are not explicitly mentioned in the README.

Licensing & Compatibility

The project is licensed under the MIT License. This license is permissive and generally compatible with commercial use and closed-source linking.

Limitations & Caveats

Windows operating systems are explicitly not supported. While extensive, the AI's effectiveness can depend on the chosen LLM and the complexity of the target environment. Some advanced features may benefit from optional external tool installations.

Health Check
Last Commit

1 day ago

Responsiveness

Inactive

Pull Requests (30d)
0
Issues (30d)
1
Star History
292 stars in the last 29 days

Explore Similar Projects

Feedback? Help us improve.