HI Guys,
This topic is not about a problem in bash bunny or something more than discussing future ideas to make the bash bunny more malicious.
1. What about installing Metasploit framework on the bunny and automatically launch it with aux/browser_autopwn with a proper payload and combining this scenario with captive_portal bunny payload, plug the bunny to a locked machine, the machine automatically launch the captive_portal which in fact is the browser_autopwn aux module link and take over the machine and the best part is "MACHINE IS LOCKED"!
2. If time is not relevant because this requires time, then we can NMAP the $Target_IP, Get all the opened ports, Pass it to metasploit for auto pwning per service/opened port.
Just an ideas, Let me hear yours and Happy Bash Bunning....