Jump to content

Bash Bunny updater


Recommended Posts

  • 1 month later...

From the bash bunny documentation at docks.hak5.org:


This means in the case that a firmware update is available, that update will be applied to the Bash Bunny and require a reboot of the device. Following the firmware update, the Bash Bunny updater may be run again to update the payloads.

So updating firmware with the bunny updater only collects the  firmware and places it in the correct location on the bunny. The firmware is not installed until it's rebooted, just like you have to when doing a manual firmware update.

Read through the process here Manual Firmware Upgrades:


The first time the Bash Bunny is upgraded it will indicate the flashing process with a red blinking LED for up to 10 minutes. The flashing process will be followed by a green LED to indicate that the Bash Bunny is rebooting. Finally the standard slow blinking blue LED will indicate that the flashing process has succeeded and arming mode is ready.

NOTE: Following version 1.0, all future upgrades and firmware recoveries will be indicated by a special LED “police” pattern, alternating quickly between red and blue.


Link to comment
Share on other sites

  • 1 month later...

Dear Ladies and Gentlemen,

I ask me, wether the bash bunny does not need a connection to the internet for its update? I was happy when I figured out, how I could connect the BashBunny with the internet in switch mode. Somehow I don't trust the bunnyupdater.exe. On my Mark II-Bunny my version.txt tells me version 1.7_332. My older bunny tells me version 1.6_305.
Do the Bunnies have different last firmware versions? Is a connection to the internet possible in Arming mode?

Sorry for my silly questions and my bad American English.

Best regards



Link to comment
Share on other sites

Warning, do not update the firmware on MKII.  The updater does not distinguish so using it to update the fw will mess up the MKII.  I would consider the updater only safe for the legacy bunny only due to you maybe accidentally flashing the new one with the wrong firmware.

Do not know if they are going to make a new version of tool to detect if the MKII is being used or not to prevent this but I would avoid it in the meantime.

I am in the habit of doing my flashing and loading payloads manually so I have not played with the updater.

Link to comment
Share on other sites

  • 2 months later...

I do all these things manually on my Bunnies so I haven't really reflected over this before since I haven't used the updater that much at all (if ever actually). My short analysis and conclusion is that it is rather unreliable. I've made some test runs now both on Windows (32 and 64 bit version) and on Linux and the results are very inconsistent. On the Windows host, the updater just adds a portion of the payloads that are available. I guess this may be due to more than one possible reason. One is that Defender for sure interferes with the download procedure on Windows since some tools are tagged as malicious. Despite that, it differs between the tries I've made. Some of the tries there are X number of directories/payloads downloaded. Some other tries results in another number of downloaded files. On Linux, I definitely get more stuff downloaded, but it still differs from what's available on Hak5 Github. Some other Hak5 downloads seem to origin from Google Cloud Storage buckets, so it might be a fact that the source of the payloads downloaded using the updater is fetched somewhere else other than the official Github repo. Languages aren't updated either as it seems. For example the ch.json file that was updated some months ago on the Github repo. The one that is available on the Bunny is not the same. It's much smaller in size.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...