The Bash Bunny by Hak5 is the world's most advanced USB attack platform. Pull off covert pentest attacks and IT automation tasks in mere seconds with simple payload scripts.
By mimicking trusted devices like serial, storage, keyboards and Ethernet, the Bash Bunny exploits multiple attack vectors – from keystroke injection to network hijacking.
With multiple payloads at the flick of a switch, just imagine compromising a locked computer – scanning the system and capturing credentials with your favorite pentest tools like nmap, responder, impacket and metasploit.
Or intelligently exfiltrate documents directly to the Bash Bunny. No traversing the firewall. No triggering intrusion detection systems. Just plug to pwn in 7 seconds, so when the light turns green it's a hacked machine.
Getting started is easy with a huge library of payloads that blend the power of Bash with the simplicity of Ducky Script. Just flip the switch and it turns into a flash drive, so you can copy over a payload.txt file. Even drop into a root shell on this fully equipped quad-core Linux box.
The best penetration testers know that with the right tools and a few seconds of physical access, all bets are off. Since 2005 Hak5 has been developing just such tools – combining lethal power, elegance and simplicity. Now, with the Bash Bunny, we’re taking pentesting to the next level…
Flick the switch to your payload of choice, plug in the Bash Bunny and get instant feedback from the multi-color LED. From plug to pwn in 7 seconds with its quad-core CPU and desktop-class SSD.
Mimic trusted devices like keyboards, serial, storage, and Ethernet for multi-vector attacks. From keystroke injection to network hijacking – trick computers into divulging data, exfiltrating files and installing backdoors.
It's simple. Flick the switch and it turns into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.
For the sake of convenience, computers trust a number of devices. Flash drives, Ethernet adapters, serial devices and keyboards to name a few. These have become mainstays of modern computing. Each has their own unique attack vectors. When combined? The possibilities are limitless. The Bash Bunny is all of these things, alone – or in combination – and more!
Each attack, or payload, is written in a simple “Ducky Script” language consisting of text files. A central repository is home to a growing library of community developed payloads. Staying up to date with all of the latest attacks is just a matter of downloading files from git. Then loads ’em onto the Bash Bunny just as you would any ordinary flash drive.
Under the hood it’s a full featured Linux computer — so tools you’ve come to love work out of the box. It’s fast too — booting in under 7 seconds thanks to the powerful quad-core CPU and desktop-class SSD. The payload switch and RGB LED make selecting and monitoring attacks convenient — and with a dedicated Serial console, there’s always a Linux terminal ready.