BASH BUNNY's groundbreaking payload platform, which introduced multi-vector USB attacks, has evolved.
Stop hidden attacks or IT automation tasks faster than ever with a single flick of a switch. The new Bash Bunny Mark II goes from plug to pwn in 7 seconds - so when the light turns green, it's a hacked machine.
Now with faster performance, wireless geofencing, remote triggers and MicroSD support, Bash Bunny is an even more impressive tool for your Red Team arsenal.
Simulate multiple trusted devices at the same time to trick targets into revealing sensitive information without triggering a defense. Bash Bunny is truly the most advanced USB attack platform in the world.
WHEN THE LIGHT IS GREEN, IT IS A HACKED MACHINE.
The best red teams know that with the right tools and a few seconds of physical access, all bets are off ...
POWERFUL UTILITY LOADS
Endanger the locked machine, get credentials, filter out loot, drop down the back door ...
Or perform vulnerability scanning, offline patching - even printer repair ... All with easy text file loading.
Combined with your favorite Linux pentest tools like nmap, metasploit, responder, impacket on this fast Debian box.
GIGS AND GIGS LOOT
Bulk filter with new out-of-band techniques and ultra-high capacity MicroSD cards.
Get loot (or full disc) concerts to make a bold impression on your next encounter.
No firewall browsing or detection systems.
Limit the scope of the engagement by preventing off-site payloads from running.
Immobilize the load until it enters the premises.
Even destroy loot based on the wireless environment.
Take social engineering to the next level and run multiple phases of the payload as the target turns its back.
Launch from the phone app or any discrete Bluetooth device.
Even automate tasks when the device is nearby.
2X RAM FOR RUNNING THE MOST DEMANDING LINUX APPLICATIONS
Boot in 7 seconds with 8 GB SSD for desktops.
MicroSD XC for extra high capacity filtration.
Bluetooth LE for remote launchers and geofencing.
Simple 3-position payload switch and RGB LED indicator.
Dedicated serial interface for unlocked root shell.
SIMPLE SCRIPT LANGUAGE
With DuckyScript ™, payloads are quick, easy and fun. Cast the power of bash with familiar Linux tools and you're ready to go!
Simulate HID keyboard and USB Ethernet adapter at the same time? ATTACKMODE HID AUTO_ETHERNET
Do you need the hostname of the target computer?
Pause payload until bluetooth phone is turned on?
How about inserting a keystroke into the startup dialog?
RUN WIN cmd / K color a & tree c: \
Do you feel like red light? LED R. Blue? LED B.
Seriously, so simple.
WITH BASH, COMPRESSING THE SYSTEM IS AS FAST AND EASIER AS JUMPING.
For convenience, computers trust many devices. Flash drives, Ethernet adapters, serial devices and keyboards, to name a few. These have become the mainstays of modern computing. Each of them has its own unique attack vector. In combination? The possibilities are endless. Bash Bunny's are all these things, alone - or in combination - and more!
SIMPLE YIELD LOADS
Each attack or payload is written in a simple Ducky Script language, which consists of text files. The central repository is home to a growing library of useful data developed by the community. Staying in the picture with all the latest attacks is just a matter of downloading files from git. Then load them into the Bash Bunny as you would on a regular flash drive.
It's a full-featured Linux box that now runs your favorite tools even faster with an optimized quad-core CPU, desktop-level SSD, and double RAM. Select and monitor the payload with the selection switch and RGB LED. Access to the unlocked root terminal via a dedicated serial console. Filter loot from concerts via MicroSD. Even remote launch or geofence payload via Bluetooth.
CARRY MORE COSTS
Switch the switch to the required payload, plug in a Bash Bunny and get instant feedback from the multicolor LED. From plug to pwn in 7 seconds with quad-core CPU and SSD for desktops.
MIMIC MORE EQUIPMENT
Impersonate trusted devices, such as keyboards, serial port, storage, and Ethernet, for multector vector attacks. From keystroke injections to network hijackings - trick computers into disclosure