Infection Monkey - data center security testing tool


The Infection Monkey is an open-source breach and attack simulation tool for testing a data center’s resiliency to perimeter breaches and internal server infection. Infection Monkey will help you validate existing security solutions and will provide a view of the internal network from an attacker’s perspective.

Infection Monkey is free and can be downloaded from our homepage.

How it works

Architecturally, Infection Monkey is comprised of two components:

  • Monkey Agent (Monkey for short) - a safe, worm-like binary program that scans, propagates, and simulates attack techniques on the local network.
  • Monkey Island Server (Island for short) - a C&C web server that provides a GUI for users and interacts with the Monkey Agents.

The user can run the Monkey Agent on the Island server machine or distribute Monkey Agent binaries on the network manually. Monkey Agents scan, propagate and simulate an attacker’s behavior on the local network based on the configuration parameters. All information gathered about the network is aggregated in the Island Server and displayed once all Monkey Agents are finished.


The results of running Monkey Agents are:

  • A map that displays how much of the network an attacker can see, what services are accessible, and potential propagation routes.
  • A security report, which displays security issues that Monkey Agents discovered and/or exploited.
  • A MITRE ATT&CK report displays the information about the ATT&CK techniques that Monkey Agents tried to use.
  • A Zero Trust report displays violations of Zero Trust principles that Monkey Agents found.

A more in-depth description of reports generated can be found in the reports documentation page.

Getting Started

If you haven’t downloaded Infection Monkey yet you can do so from our homepage. After downloading the Monkey, please install it using one of our setup guides, and read our getting started guide for a quick start on Monkey!

Support and community

If you need help or want to talk all things Monkey, you can join our public Slack workspace or contact us via Email.



Security report

Zero trust report

ATT&CK report

Main Features

The Infection Monkey uses the following techniques and exploits to propagate to other machines.

  • Multiple propagation techniques:
    • Predefined passwords
    • Common logical exploits
    • Password stealing using Mimikatz
  • Multiple exploit methods:
    • SSH
    • SMB
    • WMI
    • Shellshock
    • Conficker
    • SambaCry
    • Elastic Search (CVE-2015-1427)
    • Weblogic server
    • and more, see our Documentation hub for more information about our RCE exploiters.


Check out the Setup page in the Wiki or a quick getting started guide.

The Infection Monkey supports a variety of platforms, documented in our documentation hub.

Building the Monkey from source

To deploy development version of monkey you should refer to readme in the deployment scripts folder or follow documentation in documentation hub.

Build status

Branch Status
Develop Build Status
Master Build Status


Unit Tests

In order to run all of the Unit Tests, run the command python -m pytest in the monkey directory.

To get a coverage report, first make sure the coverage package is installed using pip install coverage. Run the command coverage run -m unittest in the monkey directory and then coverage html. The coverage report can be found in htmlcov.index.

Blackbox tests

In order to run the Blackbox tests, refer to envs/monkey_zoo/blackbox/


Copyright (c) Guardicore Ltd

See the LICENSE file for license rights and limitations (GPLv3).

August 8, 2022
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023