Skip to content

Bash Bunny Mark II

€149.00
Original price €129.99 - Original price €139.99
Original price €129.99
€149.00 - €159.00
Current price €149.00
Field Guide: Without
🟢 In Stock
🟢 Dispatched today
Less than 40 minutues remaining for same-day shipping!
In Stock
Dispatched
⏰ Order within for same day shipping

Introduction

If you can physically access a device, the Hak5 Bash Bunny will get you electronic access. In short - it's the world's most powerful USB Attack Platform.

In detail, it is a cross-platform, multi-payload, multi-tool capable of simultaneously emulating and abusing devices trusted by devices - input devices, storage devices, network devices.

Disguised as a normal USB-drive, infinitely configurable, and backed by the Hak5 payload repository, the Bash Bunny is a one-stop physical hacking tool.

This is the Mark II, which includes wireless geofencing, remote triggers, microSD support and faster performance!

Platform Overview

Regardless of operating system (MacOS, Linux, Windows, Android) - all modern devices implement the notion of trusted devices - that is devices that a system will automatically trust and accept without the need for confirmation or drivers.

There are several categories of Trusted Devices, including:

  • HID ("Human Input Devices") - Keyboards, Mice, etc
  • Storage Devices - Flash drives, etc
  • Network Devices - Ethernet Adaptors, etc

The Bash Bunny can emulate all these devices, simultaneously - and then abuse this trust via scriptable Payloads.

Easily write or customise your own payload, or use one of the hundreds available in the Bash Bunny repository.

Multiple payloads can be stored and selected via physical switch. The RGB LED provides instantaneous, covert feedback on the payload status.

The Bash Bunny is a powerful quad-core fully-featured Linux machine in a tiny package - accessible over serial interface.

Although it is infinitely configurable, common use cases include:

Network Infiltration

Automatically trusted by locked or unlocked devices as the best network device. Perform QuickCreds attacks. Completely cross-platform (RNDIS & ECM) - backed by a full TCP/IP stack and root-access Linux.

Keystroke Injection

Leverage Keystroke Injection with storage emulation to automatically install payloads, exfiltrate data and more.
The full-featured scripting language provides a huge attack surface.

Data Exfiltration

MicroSD storage allows for rapid exfiltration of essentially unlimited amounts of data and ample space for delivering binary & staged payloads.

GeoFencing

Prevent payloads from triggering off-site; activate payloads for specific geo-zones; destroy loot based on location.

Remote Triggers

Trigger payloads, macros and exfiltration discretely and remotely via smartphone app or any Bluetooth device! Trigger manually or trigger via proximity.

Root CLI Access

The Bash Bunny provides a permanent root console over serial - dropping you onto to a fully-featured Linux machine.

What's included

  • 1x Hak5 Bash Bunny
  • 1x Quick-Start Guide
  • 1x Bash Bunny Sticker

Technical Specifications

  • Weight: 30g

  • Quad-core ARM Cortex A7
  • 8 GB SLC NAND Disk
  • MicroSD XC (Supports up to 2TB)
  • BLE Connectivity
  • 1x RGB LED
  • 1x 3-position switch

Shipping & Packaging

  • Each Bash Bunny is dispatched from Europe - no need to worry about slow shipping times, import duties or damaged goods.
  • Packed in a sturdy compact 85x130x45mm box.
  • We provide worldwide shipping with express options.

Bash Bunny Technical Resources

Tutorials & Guides Community Resources

Compatible Systems

  • Windows: XP, 7, 8, 10 (All Versions)
  • OS/X: 10.0 - 10.7 (All Versions)
  • Linux: Debian, Ubuntu, CentOS, etc (All Versions)
  • Android: Requires USB / OTG Support

Bash Bunny Mark II - Overview

Getting Started - Exfiltrate Wifi Credentials