No products in the cart.
The Infection Monkey is an open-source breach and attack simulation tool for testing a data center’s resiliency to perimeter breaches and internal server infection. Infection Monkey will help you validate existing security solutions and will provide a view of the internal network from an attacker’s perspective.
Infection Monkey is free and can be downloaded from our homepage.
How it works
Architecturally, Infection Monkey is comprised of two components:
- Monkey Agent (Monkey for short) - a safe, worm-like binary program that scans, propagates, and simulates attack techniques on the local network.
- Monkey Island Server (Island for short) - a C&C web server that provides a GUI for users and interacts with the Monkey Agents.
The user can run the Monkey Agent on the Island server machine or distribute Monkey Agent binaries on the network manually. Monkey Agents scan, propagate and simulate an attacker’s behavior on the local network based on the configuration parameters. All information gathered about the network is aggregated in the Island Server and displayed once all Monkey Agents are finished.
Results
The results of running Monkey Agents are:
- A map that displays how much of the network an attacker can see, what services are accessible, and potential propagation routes.
- A security report, which displays security issues that Monkey Agents discovered and/or exploited.
- A MITRE ATT&CK report displays the information about the ATT&CK techniques that Monkey Agents tried to use.
- A Zero Trust report displays violations of Zero Trust principles that Monkey Agents found.
A more in-depth description of reports generated can be found in the reports documentation page.
Getting Started
If you haven’t downloaded Infection Monkey yet you can do so from our homepage. After downloading the Monkey, please install it using one of our setup guides, and read our getting started guide for a quick start on Monkey!
Support and community
If you need help or want to talk all things Monkey, you can join our public Slack workspace or contact us via Email.
Screenshots
Map
Security report
Zero trust report
ATT&CK report
Main Features
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
- Multiple propagation techniques:
- Predefined passwords
- Common logical exploits
- Password stealing using Mimikatz
- Multiple exploit methods:
- SSH
- SMB
- WMI
- Shellshock
- Conficker
- SambaCry
- Elastic Search (CVE-2015-1427)
- Weblogic server
- and more, see our Documentation hub for more information about our RCE exploiters.
Setup
Check out the Setup page in the Wiki or a quick getting started guide.
The Infection Monkey supports a variety of platforms, documented in our documentation hub.
Building the Monkey from source
To deploy development version of monkey you should refer to readme in the deployment scripts folder or follow documentation in documentation hub.
Build status
| Branch | Status |
|---|---|
| Develop |  |
| Master |  |
Tests
Unit Tests
In order to run all of the Unit Tests, run the command python -m pytest in the monkey directory.
To get a coverage report, first make sure the coverage package is installed using pip install coverage. Run the command coverage run -m unittest in the monkey directory and then coverage html. The coverage report can be found in htmlcov.index.
Blackbox tests
In order to run the Blackbox tests, refer to envs/monkey_zoo/blackbox/README.md.
License
Copyright (c) Guardicore Ltd
See the LICENSE file for license rights and limitations (GPLv3).
Author
Latest Articles
Blog2022.05.02Lupo - Malware IOC Extractor and Debugging module for Malware Analysis Automation
Blog2022.05.02DDexec - a technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process
Blog2022.04.28ADReaper - A fast enumeration tool for Windows Active Directory Pentesting written in Go
Blog2022.04.27Shhhloader - SysWhispers Shellcode Loader
Subscribe
0 Comments
