The Infection Monkey is an open-source breach and attack simulation tool for testing a data center’s resiliency to perimeter breaches and internal server infection. Infection Monkey will help you validate existing security solutions and will provide a view of the internal network from an attacker’s perspective.
Infection Monkey is free and can be downloaded from our homepage.
How it works
Architecturally, Infection Monkey is comprised of two components:
- Monkey Agent (Monkey for short) - a safe, worm-like binary program that scans, propagates, and simulates attack techniques on the local network.
- Monkey Island Server (Island for short) - a C&C web server that provides a GUI for users and interacts with the Monkey Agents.
The user can run the Monkey Agent on the Island server machine or distribute Monkey Agent binaries on the network manually. Monkey Agents scan, propagate and simulate an attacker’s behavior on the local network based on the configuration parameters. All information gathered about the network is aggregated in the Island Server and displayed once all Monkey Agents are finished.
The results of running Monkey Agents are:
- A map that displays how much of the network an attacker can see, what services are accessible, and potential propagation routes.
- A security report, which displays security issues that Monkey Agents discovered and/or exploited.
- A MITRE ATT&CK report displays the information about the ATT&CK techniques that Monkey Agents tried to use.
- A Zero Trust report displays violations of Zero Trust principles that Monkey Agents found.
A more in-depth description of reports generated can be found in the reports documentation page.
If you haven’t downloaded Infection Monkey yet you can do so from our homepage. After downloading the Monkey, please install it using one of our setup guides, and read our getting started guide for a quick start on Monkey!
Support and community
If you need help or want to talk all things Monkey, you can join our public Slack workspace or contact us via Email.
Zero trust report
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
- Multiple propagation techniques:
- Predefined passwords
- Common logical exploits
- Password stealing using Mimikatz
- Multiple exploit methods:
- Elastic Search (CVE-2015-1427)
- Weblogic server
- and more, see our Documentation hub for more information about our RCE exploiters.
Check out the Setup page in the Wiki or a quick getting started guide.
The Infection Monkey supports a variety of platforms, documented in our documentation hub.
Building the Monkey from source
To deploy development version of monkey you should refer to readme in the deployment scripts folder or follow documentation in documentation hub.
In order to run all of the Unit Tests, run the command
python -m pytest in the
To get a coverage report, first make sure the
coverage package is installed using
pip install coverage. Run the command
coverage run -m unittest in the
monkey directory and then
coverage html. The coverage report can be found in
In order to run the Blackbox tests, refer to
Copyright (c) Guardicore Ltd
See the LICENSE file for license rights and limitations (GPLv3).
- Blog2022.05.02Lupo - Malware IOC Extractor and Debugging module for Malware Analysis Automation
- Blog2022.05.02DDexec - a technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process
- Blog2022.04.28ADReaper - A fast enumeration tool for Windows Active Directory Pentesting written in Go
- Blog2022.04.27Shhhloader - SysWhispers Shellcode Loader