Hak5 Bash Bunny Mark II + Field Guide

Penetration testing tool pretending to be a keyboard, Ethernet adapter, USB flash drive or other device.

In Stock (6 pcs)
Code: 2908
Brand: HAK5
€189 €156,20 excl. VAT
Category: Pentesting

The groundbreaking payload platform that introduced multi-vector USB attacks has evolved.

Pull off covert attacks or IT automation tasks faster than ever with just the flick of a switch. The NEW Bash Bunny Mark II goes from plug to pwn in 7 seconds — so when the light turns green it's a hacked machine.

Now with faster performance, wireless geofencing, remote triggers and MicroSD support, the Bash Bunny is an even more impressive tool for your Red Team arsenal.

Simultaneously mimic multiple trusted devices to trick targets into divulging sensitive information without triggering defenses. The Bash Bunny is truly the world's most advanced USB attack platform.

POWERFUL PAYLOADS

Compromise a locked machine, capture credentials, exfiltrate loot, plant backdoors...

Or perform vulnerability scans, offline patching — even fix printers... All with simple text-file payloads.

Combined with your favorite Linux pentest tools like nmap, metasploit, responder, impacket on this fast Debian box.

POWERFUL PAYLOADS

GIGS AND GIGS OF LOOT

Exfiltrate en masse with new out-of-band techniques and ultra-high-capacity MicroSD cards.

Get gigs of loot (or the entire disk) to make a bold impression on the next engagement.

No traversing the firewall or triggering detection systems.

GIGS AND GIGS OF LOOT

GEOFENCING

Limit the scope of engagement by preventing payloads from executing off-site.

Immobilize payloads until it enters the premises.

Even destroy loot based on the wireless environment.

GEOFENCING

REMOTE TRIGGERS

Take social engineering to the next level and trigger multiple payload stages when the target's back is turned. 

Trigger from a phone app or any discreet bluetooth device.

Even automate tasks when a device is in proximity.

REMOTE TRIGGERS

POWERFUL HARDWARE

  • 7 second boot with an 8 GB desktop-class SSD.
  • MicroSD XC for ultra-high-capacity exfiltration.
  • Bluetooth LE for remote triggers and geofencing.
  • Easy 3-way payload switch and RGB LED indicator.
  • Dedicated Serial interface to an unlocked root shell.

SIMPLE SCRIPTING LANGUAGE

DuckyScript™ makes payloads quick, easy and fun. Toss in the power of bash with familiar Linux tools and it's game on!

Mimic a HID keyboard and USB Ethernet adapter simultaneously? ATTACKMODE HID AUTO_ETHERNET

Need the target computer's hostname? GET TARGET_HOSTNAME

Pause the payload until your phone's bluetooth is on? WAIT_FOR_PRESENT my-device-name

How about injecting keystrokes into the run dialog? RUN WIN cmd /K color a \& tree c:\\

Fancy a red light? LED R. Blue? LED B. Seriously, that simple.

ADVANCED ATTACKS

For the sake of convenience, computers trust a number of devices. Flash drives, Ethernet adapters, serial devices and keyboards to name a few. These have become mainstays of modern computing. Each has their own unique attack vectors. When combined? The possibilities are limitless. The Bash Bunny is all of these things, alone – or in combination – and more!

SIMPLE PAYLOADS

Each attack, or payload, is written in a simple Ducky Script™ language consisting of text files. A central repository is home to a growing library of community developed payloads. Staying up to date with all of the latest attacks is just a matter of downloading files from git. Then loads ’em onto the Bash Bunny just as you would any ordinary flash drive.

POWERFUL HARDWARE

It's a full featured Linux box that'll run your favorite tools even faster now thanks to the optimized quad-core CPU, desktop-class SSD and doubled RAM. Choose and monitor payloads with the selection switch and RGB LED. Access an unlocked root terminal via dedicated Serial console. Exfiltrate gigs of loot via MicroSD. Even remotely trigger or geofence payloads via Bluetooth.

CARRY MULTIPLE PAYLOADS

Flick the switch to your payload of choice, plug in the Bash Bunny and get instant feedback from the multi-color LED. From plug to pwn in 7 seconds with its quad-core CPU and desktop-class SSD.

MIMIC MULTIPLE DEVICES

Mimic trusted devices like keyboards, serial, storage, and Ethernet for multi-vector attacks. From keystroke injection to network hijacking – trick computers into divulging data, exfiltrating files and installing backdoors.

SETUP WITH THE FLICK OF A SWITCH

It's simple. Flick the switch and it turns into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.

Introducing the Bash Bunny Mark II - Story Time with @Hak5Darren

Be the first who will post an article to this item!

Do not fill out this field: