Menu
0
    0

    Your Cart is Empty

    BOOKS & ACCESSORIES

    Hak5 – The longest running YouTube show defines Technolust

    ThreatWire – News on security, privacy, and internet freedom!

    Metasploit Minute – The break down on breaking in with Mubix

    HakTip – Essentials for new hackers, enthusiasts, and IT pros

    TRUST YOUR TECHNOLUST

    Since 2005 we've proclaimed our love for technology with this simple mantra – and we invite you to share in our passion. Welcome!

    Previous | Next
    Bash Bunny
    Bash Bunny
    Bash Bunny

    Bash Bunny

    Sold Out

    The Bash Bunny by Hak5 is the world's most advanced USB attack platform. Pull off covert pentest attacks and IT automation tasks in mere seconds with simple payload scripts.

    By mimicking trusted devices like serial, storage, keyboards and Ethernet, the Bash Bunny exploits multiple attack vectors – from keystroke injection to network hijacking.

    With multiple payloads at the flick of a switch, just imagine compromising a locked computer – scanning the system and capturing credentials with your favorite pentest tools like nmap, responder, impacket and metasploit.

    Or intelligently exfiltrate documents directly to the Bash Bunny. No traversing the firewall. No triggering intrusion detection systems. Just plug to pwn in 7 seconds, so when the light turns green it's a hacked machine.

    Getting started is easy with a huge library of payloads that blend the power of Bash with the simplicity of Ducky Script. Just flip the switch and it turns into a flash drive, so you can copy over a payload.txt file. Even drop into a root shell on this fully equipped quad-core Linux box.

    When the light turns green, it's a hacked machine.

    The best penetration testers know that with the right tools and a few seconds of physical access, all bets are off. Since 2005 Hak5 has been developing just such tools – combining lethal power, elegance and simplicity. Now, with the Bash Bunny, we’re taking pentesting to the next level…

    CARRY MULTIPLE PAYLOADS

    Flick the switch to your payload of choice, plug in the Bash Bunny and get instant feedback from the multi-color LED. From plug to pwn in 7 seconds with its quad-core CPU and desktop-class SSD.

    MIMIC MULTIPLE DEVICES

    Mimic trusted devices like keyboards, serial, storage, and Ethernet for multi-vector attacks. From keystroke injection to network hijacking – trick computers into divulging data, exfiltrating files and installing backdoors.

    SETUP WITH THE FLICK OF A SWITCH

    It's simple. Flick the switch and it turns into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.

    With the Bash Bunny, compromising a system is as quick and easy as hopping on a box.

    At the Ready
    At the Ready

    Diverse targets? Carry multiple payloads and pick the perfect attack with the flick of a switch.

    Keep this must-have tool at the ready for opportunistic loot grabbing on your next physical engagement or social engineering exercise.

    SIMPLE SCRIPTING LANGUAGE
    SIMPLE SCRIPTING LANGUAGE

    Ducky Script makes writing payloads quick, easy and fun. Toss in the power of bash and familiar Linux tools and it's game on!

    Want to mimic a HID keyboard and USB Ethernet adapter?
    ATTACKMODE HID AUTO_ETHERNET

    Need to figure out the computer's hostname?
    GET TARGET_HOSTNAME

    How about injecting keystroke into the run dialog?
    RUN WIN cmd /K color a \& tree c:\\

    Fancy a red light? LED R. Blue? LED B. Seriously, that simple.

    POWERFUL HARDWARE
    POWERFUL HARDWARE

    With its Quad-core ARM processor, 512 MB of RAM and a desktop-class 8 GB SSD, the Bash Bunny packs a punch!

    Conveniences are built-in, like the 3-way payload selector switch and multi-color LED status indicator. A Linux terminal is always at the ready via Serial console – so a familiar BASH prompt is never more than a few clicks away.

    Featured Articles

    Getting Root on a Bash Bunny from the Serial Console

    Getting Root on a Bash Bunny from the Serial Console

    Throughout the history of personal computers, serial has been a mainstay for file transfer and console access. To this day it’s widely used, from headless servers to embedded microcontrollers. With the Bash Bunny, we’ve made it convenient as ever – without the need for a serial-to-USB converter.
    Top 5 file stealing

    Top 5 file stealing "exfiltration" payloads for the Bash Bunny

    As anyone in IT knows, two is one — one is none. It’s important to backup your documents. As a pentesters know, exfiltration is a fancy word for an involuntary backup. To that end, the Bash Bunny features at storage attack mode capable of intelligent exfiltration with gigs of high speed storage.
    Writing Keystroke Injection payloads for the Bash Bunny

    Writing Keystroke Injection payloads for the Bash Bunny

    Computers trust humans. Humans interact with keyboards. Hence the Human Interface Device or HID standard used by all modern USB keyboards. To a computer, if the device says it’s a keyboard — it’s a keyboard. So when our Bash Bunny says 'I'm a Keyboard'... You can see where this is going.
    The Hottest Bash Bunny Hot Plug Attack: Network Hijacking

    The Hottest Bash Bunny Hot Plug Attack: Network Hijacking

    Exploiting local network attack vectors, the Bash Bunny emulates specialized Ethernet adapters. This network of two (the Bash Bunny and your target) provides direct access to the target – bypassing any would-be firewalls, countermeasures or intrusion detection systems from the legitimate LAN.

    ADVANCED ATTACKS

    For the sake of convenience, computers trust a number of devices. Flash drives, Ethernet adapters, serial devices and keyboards to name a few. These have become mainstays of modern computing. Each has their own unique attack vectors. When combined? The possibilities are limitless. The Bash Bunny is all of these things, alone – or in combination – and more!

    SIMPLE PAYLOADS

    Each attack, or payload, is written in a simple “Ducky Script” language consisting of text files. A central repository is home to a growing library of community developed payloads. Staying up to date with all of the latest attacks is just a matter of downloading files from git. Then loads ’em onto the Bash Bunny just as you would any ordinary flash drive.

    POWERFUL HARDWARE

    Under the hood it’s a full featured Linux computer — so tools you’ve come to love work out of the box. It’s fast too — booting in under 7 seconds thanks to the powerful quad-core CPU and desktop-class SSD. The payload switch and RGB LED make selecting and monitoring attacks convenient — and with a dedicated Serial console, there’s always a Linux terminal ready.

    HotPlug Attack Combo Kit
    HotPlug Attack Combo Kit

    From plug to pwn in seconds!

    The HotPlug Attack Combo Kit includes the infamous USB Rubber Ducky, Bash Bunny and Shark Jack in our signature Hak5 essential gear wrap.

    Everything you need to execute payloads in seconds against devices and networks.

    SHOP

    Related Products

    Sign up for sales, new releases, payloads and more…

    Sign up today