• Premium IT-Security Tools
  • RFID Security
  • Digital Forensic
  • LEA & Rugged Products
  • Procurement
  • Premium IT-Security Tools
  • RFID Security
  • Digital Forensic
  • LEA & Rugged Products
  • Procurement

Bash Bunny Mark 2

184.00 €
incl. VAT, plus delivery
In stock
Delivery time: 5 day(s)


Bash Bunny Mark 2 HAK5

USB Bash Bunny Mark 2 Hak5. Mr.Robot hacking tool....USB Keyboard for "auto script" ops - HAK5 Keystroke Injection Attack Platform.

Bash Bunny Hak5 The groundbreaking payload platform that introduced multi-vector USB attacks has evolved.

Pull off covert attacks or IT automation tasks faster than ever with just the flick of a switch.

The NEW Bash Bunny Mark 2 goes from plug to pwn in 7 seconds — so when the light turns green it's a hacked machine.

Now with faster performance, wireless geofencing, remote triggers and MicroSD support, the Bash Bunny is an even more impressive tool for your Red Team arsenal. Simultaneously mimic multiple trusted devices to trick targets into divulging sensitive information without triggering defenses. The Bash Bunny is truly the world's most advanced USB attack platform.


The best penetration testers know that with the right tools and a few seconds of physical access, all bets are off. Since 2005 HAK5 has been developing just such tools - combining lethal power elegant simplicity. Now, with the Bash Bunny Mark 2, we're taking pentesting to the next level...

The best red teams know that with the right tools and a few seconds of physical access, all bets are off...


Compromise a locked machine, capture credentials, exfiltrate loot, plant backdoors...
Or perform vulnerability scans, offline patching — even fix printers... All with simple text-file payloads.
Combined with your favorite Linux pentest tools like nmap, metasploit, responder, impacket on this fast Debian box.


DuckyScript™ makes payloads quick, easy and fun. Toss in the power of bash with familiar Linux tools and it's game on!
Mimic a HID keyboard and USB Ethernet adapter simultaneously? ATTACKMODE HID AUTO_ETHERNET
Need the target computer's hostname?

Powerful Hardware

Under the hood it's a full featured Linux computer — so tools you've come to love work out of the box. It's fast too — booting in under 7 seconds thanks to the powerful quad-core CPU and desktop-class SSD. The payload switch and RGB LED make selecting and monitoring attacks convenient — and with a dedicated Serial console, there's always a Linux terminal at the ready.


Exfiltrate en masse with new out-of-band techniques and ultra-high-capacity MicroSD cards.
Get gigs of loot (or the entire disk) to make a bold impression on the next engagement.
No traversing the firewall or triggering detection systems.

Limit the scope of engagement by preventing payloads from executing off-site.
Immobilize payloads until it enters the premises.
Even destroy loot based on the wireless environment.

Take social engineering to the next level and trigger multiple payload stages when the target's back is turned.
Trigger from a phone app or any discreet bluetooth device.
Even automate tasks when a device is in proximity.

Pause the payload until your phone's bluetooth is on?
WAIT_FOR_PRESENT my-device-name
How about injecting keystrokes into the run dialog?
RUN WIN cmd /K color a \& tree c:\\
Fancy a red light? LED R. Blue? LED B.
Seriously, that simple.

Looking for inspiration? Check out the growing library of community developed payloads from our repo!

Diverse targets? Carry multiple payloads and pick the perfect attack with the flick of a switch.

Keep this must-have tool at the ready for opportunistic loot grabbing on your next physical engagement or social engineering exercise.


For the sake of convenience, computers trust a number of devices. Flash drives, Ethernet adapters, serial devices and keyboards to name a few. These have become mainstays of modern computing. Each has their own unique attack vectors. When combined? The possibilities are limitless. The HAK5 Bash Bunny is all of these things, alone – or in combination – and more!


Each attack, or payload, is written in a simple Ducky Script™ language consisting of text files. A central repository is home to a growing library of community developed payloads. Staying up to date with all of the latest attacks is just a matter of downloading files from git. Then loads ’em onto the BASH BUNNY just as you would any ordinary flash drive.


It's a full featured Linux box that'll run your favorite tools even faster now thanks to the optimized quad-core CPU, desktop-class SSD and doubled RAM. Choose and monitor payloads with the selection switch and RGB LED. Access an unlocked root terminal via dedicated Serial console. Exfiltrate gigs of loot via MicroSD. Even remotely trigger or geofence payloads via Bluetooth.


Flick the switch to your payload of choice, plug in the Bash Bunny Mark 2 and get instant feedback from the multi-color LED. From plug to pwn in 7 seconds with its quad-core CPU and desktop-class SSD.


Mimic trusted devices like keyboards, serial, storage, and Ethernet for multi-vector attacks. From keystroke injection to network hijacking – trick computers into divulging data, exfiltrating files and installing backdoors.


It's simple. Flick the switch and it turns into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.

Hak5 Bash Bunny Mark 2 bei HakMac