Drive Badger: open source platform for covert data exfiltration operations, ranging from small computers to big servers.

  • 1. What is Drive Badger?
    It's a platform for data exfiltration – which means, for copying data from someone's computer or mobile device to external USB drive. Mostly without knowledge or consent of the owner.
  • 2. Why ever use Drive Badger? This can be done manually...
    That's true. Drive Badger is not a bag of 0-day exploits or anything similar. It just automates the whole exfiltration process, to speed it up, prevent typical user mistakes and add some additional security measures to protect operators caught in the action. See the details.
  • 3. Can I exfiltrate devices with encrypted hard drives?
    Yes, Drive Badger supports Bitlocker, VeraCrypt, LUKS and Apple FileVault encryption methods.
    Also see, how to configure encryption keys.
  • 4. We already have Pegasus. Do we need Drive Badger?
    It depends on the perspective. Your country probably won't. But unless you're the Pegasus operator, Drive Badger may help you improving your work results, and boost your career. See the details.

See the full comparison
Compare Drive Badger with other lawful interception platforms:
  • Pegasus by NSO Group
  • DevilsTongue by Candiru
  • HackingTeam RCS

Reduce the attack cost by over 53%

Check, how Drive Badger handles
the real IT infrastructure of the real bank.

Drive Badger is 100% free, but hard drives are not, especially when you're planning something big. This case study will show you some ideas, how you can cut:

  • hard drives amount
  • overall storage cost
  • required team size

Why Drive Badger?

Thanks to over 400 unique exclusion rules, Drive Badger is able to reduce the amount of files to be copied by eliminating low-value files and directories from the list, and thus save typically over 95% of the time.
The whole operation is done below the installed operating system, so totally invisible to the installed security software (anti-virus, DLP, SIEM, EDR etc.). And for Windows itself.
Drive encryption support
BitLocker, Apple FileVault, LUKS and VeraCrypt encryption is supported, including automated matching the keys given as flat list, to particular encrypted partitions. You just need to provide keys.
Operator safety
There is no way to distinguish between Drive Badger and ordinary Kali Linux Live drive, or to prove the fact of data exfiltration, until someone knows the proper password.

One toolset
to exfiltrate them all.

Apple hardware

Drive Badger is tested with Mac OS up to Catalina, including APFS FileVault encryption.

Computers and laptops

This is a must! We test Drive Badger on ~30 different models, just to be sure it's compatible with various BIOS/UEFI versions.

Mobile devices

No matter if it's a phone or tablet, Android or Symbian. Mobile Badger will handle them all.

VMware and Hyper-V

Drive Badger recursively exfiltrates virtual machines on VMware and Hyper-V virtualization servers.

Photo cameras

From amateur compact cameras, through professional Canon/Nikon ones, up to GoPro and clones.

All other USB devices

Does it have any data storage? If so, Mobile Badger will be able to extract data from it.

Make world a safer place
Become our sponsor

From the founder...

Being in IT security business for almost 25 years, I realized, that breaking protections (or preventing it) is becoming less and less important. We are not living in Outlook Express times anymore...
The key point is the ability to keep the privileges permanent, once obtained. This becomes more and more difficult, as IT systems get more and more complicated - and this is exactly the goal of Drive Badger project: to give non-ITSEC people the ability to keep either the privileges, or the outcome of the successful break-in.