The Bash Bunny is a simple and powerful multi-function USB attack and automation platform for penetration testers and systems administrators.
It's easy setup & deployment with a simple "Bunny Script" language, multi-position attack switch and a centralized repository of payloads.
It's powerful with multiple attack vectors including HID keyboard, USB Ethernet, Serial and Mass Storage. Simultaneously perform keystroke injection attacks, bring-your-own-network attacks and intelligent exfiltration.
The best penetration testers know that with the right tools and a few seconds of physical access, all bets are off. Since 2005 Hak5 has been developing just such tools – combining lethal power, elegance and simplicity. Now, with the Bash Bunny, we’re taking pentesting to the next level…
CARRY MULTIPLE PAYLOADS
Carrying multiple payloads and getting feedback on each attacks is effortless. Slide the switch to your payload of choice, plug the Bash Bunny into the victim computer and watch the multi-color LED. With a quad-core CPU and desktop-class SSD it goes from plug to pwn in 7 seconds.
EMULATE COMBINATIONS OF TRUST DEVICES.
It opens up attack surfaces that weren’t possible before in one single device. Penetration testing attacks and IT automation tasks are all delivered in seconds with the Bash Bunny. By emulating combinations of trusted USB devices — like gigabit Ethernet, serial, flash storage and keyboards – computers are tricked into divulging data, exfiltrating documents, installing backdoors and many more exploits.
CHOOSE ATTACKS WITH THE FLICK OF A SWITCH.
It features a simple scripting language that you can write in any text editor like notepad. The growing collection of payloads are hosted in a single library – so finding the right attack is quick and easy. Setting up Bash Bunny attacks is just a matter of flicking its switch to arming mode and copying a payload file. It’s the same as you would for an ordinary flash drive — it’s literally that convenient.
Plus, the Bash Bunny is a full featured Linux box with shell access from a dedicated serial console – so all of the pentesting tools you’ve come to know and love are just keystrokes away.