The best penetration testers know that with the right tools and a few seconds of physical access, all bets are off. Since 2005 Hak5 has been developing just such tools - combining lethal power elegant simplicity. Now, with the Bash Bunny Mark II, we're taking pentesting to the next level...
The groundbreaking payload platform that introduced multi-vector USB attacks has evolved.
Premium Penetration Test Platform
7 second boot with an 8 GB desktop-class SSD.
MicroSD XC for ultra-high-capacity exfiltration.
Bluetooth LE for remote triggers and geofencing.
Easy 3-way payload switch and RGB LED indicator.
Dedicated Serial interface to an unlocked root shell.
Pull off covert attacks or IT automation tasks faster than ever with just the flick of a switch. The NEW Bash Bunny Mark II goes from plug to pwn in 7 seconds — so when the light turns green it's a hacked machine.
Now with faster performance, wireless geofencing, remote triggers and MicroSD support, the Bash Bunny is an even more impressive tool for your Red Team arsenal.
Simultaneously mimic multiple trusted devices to trick targets into divulging sensitive information without triggering defenses. The Bash Bunny is truly the world's most advanced USB attack platform.
WHEN THE LIGHT TURNS GREEN, IT'S A HACKED MACHINE.
The best red teams know that with the right tools and a few seconds of physical access, all bets are off...
Under the hood it's a full featured Linux computer — so tools you've come to love work out of the box. It's fast too — booting in under 7 seconds thanks to the powerful quad-core CPU and desktop-class SSD. The payload switch and RGB LED make selecting and monitoring attacks convenient — and with a dedicated Serial console, there's always a Linux terminal at the ready.
GIGS AND GIGS OF LOOT
Exfiltrate en masse with new out-of-band techniques and ultra-high-capacity MicroSD cards.
Get gigs of loot (or the entire disk) to make a bold impression on the next engagement.
No traversing the firewall or triggering detection systems.
Limit the scope of engagement by preventing payloads from executing off-site.
Immobilize payloads until it enters the premises.
Even destroy loot based on the wireless environment.
Take social engineering to the next level and trigger multiple payload stages when the target's back is turned.
Trigger from a phone app or any discreet bluetooth device.
Even automate tasks when a device is in proximity.
Pause the payload until your phone's bluetooth is on?
How about injecting keystrokes into the run dialog?
RUN WIN cmd /K color a \& tree c:\\
Fancy a red light? LED R. Blue? LED B.
Seriously, that simple.
Looking for inspiration? Check out the growing library of community developed payloads from our repo!
Diverse targets? Carry multiple payloads and pick the perfect attack with the flick of a switch.
Keep this must-have tool at the ready for opportunistic loot grabbing on your next physical engagement or social engineering exercise.
For the sake of convenience, computers trust a number of devices. Flash drives, Ethernet adapters, serial devices and keyboards to name a few. These have become mainstays of modern computing. Each has their own unique attack vectors. When combined? The possibilities are limitless. The Bash Bunny is all of these things, alone – or in combination – and more!
Each attack, or payload, is written in a simple Ducky Script™ language consisting of text files. A central repository is home to a growing library of community developed payloads. Staying up to date with all of the latest attacks is just a matter of downloading files from git. Then loads ’em onto the Bash Bunny just as you would any ordinary flash drive.
It's a full featured Linux box that'll run your favorite tools even faster now thanks to the optimized quad-core CPU, desktop-class SSD and doubled RAM. Choose and monitor payloads with the selection switch and RGB LED. Access an unlocked root terminal via dedicated Serial console. Exfiltrate gigs of loot via MicroSD. Even remotely trigger or geofence payloads via Bluetooth.
CARRY MULTIPLE PAYLOADS
Flick the switch to your payload of choice, plug in the Bash Bunny and get instant feedback from the multi-color LED. From plug to pwn in 7 seconds with its quad-core CPU and desktop-class SSD.
MIMIC MULTIPLE DEVICES
Mimic trusted devices like keyboards, serial, storage, and Ethernet for multi-vector attacks. From keystroke injection to network hijacking – trick computers into divulging data, exfiltrating files and installing backdoors.
SETUP WITH THE FLICK OF A SWITCH
It's simple. Flick the switch and it turns into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.