The Bash Bunny from Hak5 is a versatile little hacking device for performing USB-based attacks. It’s a tiny Linux computer that emulates various USB devices, like a flash drive or keyboard, in order to inject payloads on a target computer. It’s a fun tool for people who are interested in cracking, but it’s a bit expensive at $100. Using a Raspberry Pi Zero W, Alex Jensen was able to replicate the Bash Bunny for far less money.
Jensens’ “Poor Man’s Bash Bunny” incorporates most of the functionality found on Hak5’s device. That includes the ability to act like a flash drive, a keyboard, a serial device, and an Ethernet adapter. Using a 4 DIP switch, any of 16 boot modes can be selected for different scripts and payloads. Once it has been booted, two buttons can be used to launch specific scripts depending on which boot mode has been selected.
If you want to build your own, you’ll only need a handful of components: a Raspberry Pi Zero W, a USB stem, two push buttons, a 4 DIP switch, a perf board, and some resistors and LEDs. The circuits are simple enough for anyone to understand, and connect the buttons and switches to the Raspberry Pi’s GPIO pins. Then just install Raspbian and Git clone Jensens’ repository and run the setup script. That repository includes a handful of tools that will let you get started with USB attacks.