Run a five-phase automated security scan against a target you're authorized to test.
Crack password hashes using online lookups first, then John the Ripper or Hashcat locally.
Have the AI write a replacement tool automatically if a needed security tool can't be installed.
| bingook/bingo | sno-ai/llmix | jlevy/strif | |
|---|---|---|---|
| Stars | 128 | 128 | 129 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 4/5 | 3/5 | 1/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Python 3.10+ and installs security tools like Nmap, Nuclei, and FFUF on first run.
Bingo is a command-line tool that turns an AI chat session into a security testing terminal. You type questions or give instructions in plain language, and it carries out web security checks using a combination of AI-generated code and established security tools running on your machine. It supports multiple AI backends including DeepSeek, Claude, GPT, Zhipu GLM, Alibaba Qwen, and locally running models via Ollama. The tool is aimed at security professionals doing authorized red team work. Its main automated workflow is a five-phase scan: reconnaissance to identify technologies and defenses, collection of sensitive endpoints and admin panels, probing for common vulnerabilities like SQL injection and cross-site scripting, an exploitation phase with defense bypass techniques, and finally a generated report saved as a markdown file. When a URL appears in conversation, Bingo automatically detects what kind of web application firewall is protecting the site and adapts its testing payloads accordingly. Password hash cracking is another built-in capability. When hashes come up in a session, Bingo first checks several free online lookup databases, then falls back to running John the Ripper or Hashcat locally if online lookup fails. It handles bcrypt, MD5, SHA variants, NTLM, and MySQL hash formats. One of its practical features is tool management. Security testing tools like Nmap, Nuclei, and FFUF can be automatically downloaded and installed from their GitHub releases or through package managers. If a tool cannot be installed, the AI writes a Python replacement that does the same job so the workflow does not stall. Sessions are saved automatically as markdown files. The interface supports Korean, Chinese, and English. Installation is a single script command on macOS, Linux, or Windows. Python 3.10 or newer is required. The project is MIT licensed.
A command-line AI chat tool that turns plain-language instructions into automated web security testing, combining AI-generated code with tools like Nmap and Hashcat for authorized red team work.
Mainly Python. The stack also includes Python.
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.