Bash Bunny

MASS-EXFILTRATING, WIRELESS PAYLOAD POWERHOUSE

Quad-Core A7 CPU up to 1.3 GHz

8 GB NAND SSD

MicroSD XC expansion up to 2TB

RGB LED Payload Status

3-Position Mode Switch

Bluetooth Low Energy

WITH THE BASH BUNNY, COMPROMISING A SYSTEM IS AS QUICK AND EASY AS HOPPING ON A BOX.

ADVANCED ATTACKS

For the sake of convenience, computers trust a number of devices. Flash drives, Ethernet adapters, serial devices and keyboards to name a few. These have become mainstays of modern computing. Each has their own unique attack vectors. When combined? The possibilities are limitless. The Bash Bunny is all of these things, alone – or in combination – and more!

SIMPLE PAYLOADS

Each attack, or payload, is written in a simple Ducky Script™ language consisting of text files. A central repository is home to a growing library of community developed payloads. Staying up to date with all of the latest attacks is just a matter of downloading files from git. Then loads ’em onto the Bash Bunny just as you would any ordinary flash drive.

POWERFUL HARDWARE

It's a full featured Linux box that'll run your favorite tools even faster now thanks to the optimized quad-core CPU, desktop-class SSD and doubled RAM. Choose and monitor payloads with the selection switch and RGB LED. Access an unlocked root terminal via dedicated Serial console. Exfiltrate gigs of loot via MicroSD. Even remotely trigger or geofence payloads via Bluetooth.

CARRY MULTIPLE PAYLOADS

Flick the switch to your payload of choice, plug in the Bash Bunny and get instant feedback from the multi-color LED. From plug to pwn in 7 seconds with its quad-core CPU and desktop-class SSD.

MIMIC MULTIPLE DEVICES

Mimic trusted devices like keyboards, serial, storage, and Ethernet for multi-vector attacks. From keystroke injection to network hijacking – trick computers into divulging data, exfiltrating files and installing backdoors.

SETUP WITH THE FLICK OF A SWITCH

It's simple. Flick the switch and it turns into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.