Bash Bunny

  • €109.99 €131.99
    Unit price per 
  • Save €20

World's most powerful USB Attack Platform. Mimic multiple trusted devices simultaneously. Deploy multiple payloads. 

With the Bash Bunny, get physical access to a device, and go from Plug to Pwn in seconds.

Product will be in stock within 7 days

Introduction

If you can physically access a device, the Hak5 Bash Bunny will get you electronic access. In short - it's the world's most powerful USB Attack Platform.

In detail, it is a cross-platform, multi-payload, multi-tool capable of simultaneously emulating and abusing devices trusted by devices - input devices, storage devices, network devices.

Disguised as a normal USB-drive, infinitely configurable, and backed by the Hak5 payload repository, the Bash Bunny is a one-stop physical hacking tool.

Available with or without the official Hak5 Bash Bunny Field Guide (47 pages) - perfect for hitting the ground running.

Platform Overview

Regardless of operating system (MacOS, Linux, Windows, Android) - all modern devices implement the notion of trusted devices - that is devices that a system will automatically trust and accept without the need for confirmation or drivers.

There are several categories of Trusted Devices, including:

  • HID ("Human Input Devices") - Keyboards, Mice, etc
  • Storage Devices - Flash drives, etc
  • Network Devices - Ethernet Adaptors, etc

The Bash Bunny can emulate all these devices, simultaneously - and then abuse this trust via scriptable Payloads.

Easily write or customise your own payload, or use one of the hundreds available in the Bash Bunny repository.

Multiple payloads can be stored and selected via physical switch. The RGB LED provides instantaneous, covert feedback on the payload status.

The Bash Bunny is a powerful quad-core fully-featured Linux machine in a tiny package - accessible over serial interface.

Although it is infinitely configurable, common use cases include:

Network Infiltration

Automatically trusted by locked or unlocked devices as the best network device. Perform QuickCreds attacks. Completely cross-platform (RNDIS & ECM) - backed by a full TCP/IP stack and root-access Linux.

Keystroke Injection

Leverage Keystroke Injection with storage emulation to automatically install payloads, exfiltrate data and more.
The full-featured scripting language provides a huge attack surface.

Data Exfiltration

8GB of high-speed flash storage allows for rapid exfiltration of data and ample space for delivering binary & staged payloads.

Root CLI Access

The Bash Bunny provides a permanent root console over serial - dropping you onto to a fully-featured Linux machine.

What's included

  • 1x Hak5 Bash Bunny
  • 1x Quick-Start Guide
  • 1x Bash Bunny Sticker

Technical Specifications

  • Weight: 30g

  • Quad-core ARM Cortex A7
  • 512MB DDR3 RAM
  • 16MB on-board Flash Memory
  • 8 GB SLC NAND Disk
  • 1x Indicator LED
  • 1x 3-position switch

Shipping & Packaging

  • Each Bash Bunny is dispatched from Europe - no need to worry about slow shipping times, import duties or damaged goods.
  • Packed in a sturdy compact 85x130x45mm box.
  • We provide worldwide shipping with express options.

Bash Bunny Technical Resources

Tutorials & Guides Community Resources

Compatible Systems

  • Windows: XP, 7, 8, 10 (All Versions)
  • OS/X: 10.0 - 10.7 (All Versions)
  • Linux: Debian, Ubuntu, CentOS, etc (All Versions)
  • Android: Requires USB / OTG Support

Bash Bunny Introduction Video


 

Bash Bunny Primer

SHIPPING & PACKAGING

When will I receive my order?

Average order times can be estimated below.

Average shipping estimates can be seen by selecting the destination country / region below.

While actual shipping times may vary - these estimations are built off our real delivery statistics. To receive an order as quickly as possible, we recommend:

  • Use the express delivery shipping method
  • Use same day shipment by placing the order before 12PM GMT+1

Where do you ship from?

All items are dispatched from France. You will receive a tracking number upon item dispatch. The address used on your purchase is printed as a label - please double check your address to avoid mistakes.

When will my order be dispatched?

Lab401 dispatches orders Monday - Friday.
All orders placed before 12PM GMT+1 will be dispatched the same day. All orders placed after this cutoff time will be dispatched the next business day.

For example:

  • An order placed Friday, 9AM GMT+1 will be dispatched the same day.
  • An order placed on Friday, 6PM GMT+1 will be dispatched Monday.
  • An order placed on Saturday will be dispatched Monday

For any questions, please contact customer support.

What shipping options are available?

We provide four types of shipping:

  • EU Standard Post
  • EU Express Post
  • International Standard Post
  • International Express Post

How are import duties / customs handled?

For all European Union destinations, all shipments are DDP - Delivered Duty Paid. This means all applicable VAT/TVA, shipping costs and customs fees are pre-paid. 
You will not be charged by the courier service / post office or customs.

For all destinations outside European Union, all shipments are DDU - Delivered Duty Unpaid. This means that your country's custom service impose a VAT/TVA/Import Duty on your shipment.

I am charged VAT ?

Lab401 (ETOILE 401 SAS) is an EU-Registered entity. VAT is applicable to purchases delivered within the EU, with exceptions for VAT Registered entities.  VAT is calculated at checkout. For your convenience, you can browse Lab401 with prices Including VAT and Excluding VAT.

Sales are contractual

Please note - a purchase is an explicit agreement of our terms and conditions. Any products refused by clients will not be refunded.

Purchase Security Validation may be applied

To protect against credit card fraud, orders may be flagged for Purchase Security Validation. In this instance, we will reach out to the customer to perform a manual verification process.

Orders that are flagged for Purchase Security Validation are considered to be incomplete until validated. Our delivery deadline obligations begin only when an order is validated.

Delivery Protection

Is my delivery protected?

All Lab401 shipments are insured with the carrier.

We also provide an advanced insurance, Lab401 Delivery Protection.

Lab401 Delivery Protection means we remain fully responsible for the package right up to delivery. If the package is lost or damaged, the package can be resent immediately (48 business hours) upon receipt of proof.

For orders without Delivery Protection, lost or damaged packages will pass through the carrier's protocols, which can take up to 30 days.

For orders that are time-sensitive, we recommend Lab401 Delivery Protection.

Delivery Protection can be purchased at checkout easily and cheaply.