gitwtfhub

wtf is bingo?

bingook/bingo — explained in plain English

Analysis updated 2026-05-18

128PythonAudience · developerComplexity · 4/5LicenseSetup · moderate

TL;DR

A command-line AI chat tool that turns plain-language instructions into automated web security testing, combining AI-generated code with tools like Nmap and Hashcat for authorized red team work.

Mindmap

mindmap
  root((Bingo))
    What it does
      AI chat driven scanning
      Hash cracking
      Tool automation
    Tech stack
      Python
      Nmap
      Hashcat
    Use cases
      Five phase scan
      Crack hashes
      Auto install tools
    Audience
      Security professionals
    Backends
      DeepSeek
      Claude
      GPT
      Ollama

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Run a five-phase automated security scan against a target you're authorized to test.

REASON 2

Crack password hashes using online lookups first, then John the Ripper or Hashcat locally.

REASON 3

Have the AI write a replacement tool automatically if a needed security tool can't be installed.

What's in the stack?

Python

How it stacks up

bingook/bingoaripath/arimandosno-ai/llmix
Stars128128128
LanguagePythonPythonPython
Setup difficultymoderatemoderatemoderate
Complexity4/53/53/5
Audiencedevelopergeneraldeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · moderate Time to first run · 30min

Requires Python 3.10+ and installs security tools like Nmap, Nuclei, and FFUF on first run.

Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

Wtf does this do

Bingo is a command-line tool that turns an AI chat session into a security testing terminal. You type questions or give instructions in plain language, and it carries out web security checks using a combination of AI-generated code and established security tools running on your machine. It supports multiple AI backends including DeepSeek, Claude, GPT, Zhipu GLM, Alibaba Qwen, and locally running models via Ollama. The tool is aimed at security professionals doing authorized red team work. Its main automated workflow is a five-phase scan: reconnaissance to identify technologies and defenses, collection of sensitive endpoints and admin panels, probing for common vulnerabilities like SQL injection and cross-site scripting, an exploitation phase with defense bypass techniques, and finally a generated report saved as a markdown file. When a URL appears in conversation, Bingo automatically detects what kind of web application firewall is protecting the site and adapts its testing payloads accordingly. Password hash cracking is another built-in capability. When hashes come up in a session, Bingo first checks several free online lookup databases, then falls back to running John the Ripper or Hashcat locally if online lookup fails. It handles bcrypt, MD5, SHA variants, NTLM, and MySQL hash formats. One of its practical features is tool management. Security testing tools like Nmap, Nuclei, and FFUF can be automatically downloaded and installed from their GitHub releases or through package managers. If a tool cannot be installed, the AI writes a Python replacement that does the same job so the workflow does not stall. Sessions are saved automatically as markdown files. The interface supports Korean, Chinese, and English. Installation is a single script command on macOS, Linux, or Windows. Python 3.10 or newer is required. The project is MIT licensed.

Yoink these prompts

Prompt 1
Run Bingo's five-phase scan against my authorized test target and summarize the report.
Prompt 2
Use Bingo to check if this MD5 hash exists in any online lookup database before cracking locally.
Prompt 3
Set up Bingo with Ollama so it uses a local model instead of a cloud AI backend.
Prompt 4
Explain what web application firewall Bingo detected and how it adapted its payloads.

Frequently asked questions

wtf is bingo?

A command-line AI chat tool that turns plain-language instructions into automated web security testing, combining AI-generated code with tools like Nmap and Hashcat for authorized red team work.

What language is bingo written in?

Mainly Python. The stack also includes Python.

What license does bingo use?

Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

How hard is bingo to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is bingo for?

Mainly developer.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.