Bash Bunny Mark II
Bash Bunny Mark II
WHEN THE LIGHT TURNS GREEN, IT'S A HACKED MACHINE.
The best red teams know that with the right tools and a few seconds of physical access, all bets are off...
The groundbreaking payload platform that introduced multi-vector USB attacks has evolved.
Pull off covert attacks or IT automation tasks faster than ever with just the flick of a switch. The NEW Bash Bunny Mark II goes from plug to pwn in 7 seconds — so when the light turns green it's a hacked machine.
Now with faster performance, wireless geofencing, remote triggers and MicroSD support, the Bash Bunny is an even more impressive tool for your Red Team arsenal.
Simultaneously mimic multiple trusted devices to trick targets into divulging sensitive information without triggering defenses. The Bash Bunny is truly the world's most advanced USB attack platform.
Compromise a locked machine, capture credentials, exfiltrate loot, plant backdoors...
Or perform vulnerability scans, offline patching — even fix printers... All with simple text-file payloads
Combined with your favorite Linux pentest tools like nmap, metasploit, responder, impacket on this fast Debian box.
Exfiltrate en masse with new out-of-band techniques and ultra-high-capacity MicroSD cards.
Get gigs of loot (or the entire disk) to make a bold impression on the next engagement.
No traversing the firewall or triggering detection systems.
GEOFENCING
Limit the scope of engagement by preventing payloads from executing off-site.
Immobilize payloads until it enters the premises.
Even destroy loot based on the wireless environment.
Take social engineering to the next level and trigger multiple payload stages when the target's back is turned.
Trigger from a phone app or any discreet bluetooth device.
Even automate tasks when a device is in proximity.
POWERFUL HARDWARE
7 second boot with an 8 GB desktop-class SSD.
MicroSD XC for ultra-high-capacity exfiltration.
Bluetooth LE for remote triggers and geofencing.
Easy 3-way payload switch and RGB LED indicator.
Dedicated Serial interface to an unlocked root shell.
DuckyScript™ makes payloads quick, easy and fun. Toss in the power of bash with familiar Linux tools and it's game on!
Mimic a HID keyboard and USB Ethernet adapter simultaneously? ATTACKMODE HID AUTO_ETHERNET
Need the target computer's hostname?
GET TARGET_HOSTNAME
Pause the payload until your phone's bluetooth is on?
WAIT_FOR_PRESENT my-device-name
How about injecting keystrokes into the run dialog?
RUN WIN cmd /K color a \& tree c:\\
Fancy a red light? LED R. Blue? LED B.
Seriously, that simple.
Looking for inspiration? Check out the growing library of community developed payloads from the Hak5 Repo.
AT THE READY
Diverse targets? Carry multiple payloads and pick the perfect attack with the flick of a switch.
Keep this must-have tool at the ready for opportunistic loot grabbing on your next physical engagement or social engineering exercise.
BASH BUNNY FEATURES
ADVANCED ATTACKS
For the sake of convenience, computers trust a number of devices. Flash drives, Ethernet adapters, serial devices and keyboards to name a few. These have become mainstays of modern computing. Each has their own unique attack vectors. When combined? The possibilities are limitless. The Bash Bunny is all of these things, alone – or in combination – and more!
SIMPLE PAYLOADS
Each attack, or payload, is written in a simple Ducky Script™ language consisting of text files. A central repository is home to a growing library of community developed payloads. Staying up to date with all of the latest attacks is just a matter of downloading files from git. Then loads ’em onto the Bash Bunny just as you would any ordinary flash drive.
POWERFUL HARDWAR
It's a full featured Linux box that'll run your favorite tools even faster now thanks to the optimized quad-core CPU, desktop-class SSD and doubled RAM. Choose and monitor payloads with the selection switch and RGB LED. Access an unlocked root terminal via dedicated Serial console. Exfiltrate gigs of loot via MicroSD. Even remotely trigger or geofence payloads via Bluetooth.
CARRY MULTIPLE PAYLOADS
Flick the switch to your payload of choice, plug in the Bash Bunny and get instant feedback from the multi-color LED. From plug to pwn in 7 seconds with its quad-core CPU and desktop-class SSD.
MIMIC MULTIPLE DEVICES
Mimic trusted devices like keyboards, serial, storage, and Ethernet for multi-vector attacks. From keystroke injection to network hijacking – trick computers into divulging data, exfiltrating files and installing backdoors.
SETUP WITH THE FLICK OF A SWITCH
It's simple. Flick the switch and it turns into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.