I created multiple scripts for physical pen-testing using my Bash Bunny, a hotplug attack tool. The bash bunny is one of the most powerful physical attack vectors I’ve ever used, running quick payloads and utilizing tons of futuristic-type capabilities.

Things like bluetooth low energy (BLE) allow it to execute payloads upon a proximity trigger, and it even has multiple payload switches for modifications on the go.

The amount of development and contributions on this project is really something, check out the main github repository and you’ll find hundreds of payloads. My Github repository has a few that I’ve found are the most effective with things like admin access and anti-virus evasion.

I’ll be developing more for that repository in the coming months, but I highly suggest picking up a Bash Bunny anyways if you know a little bit of coding and trying to make some scripts yourself.