Welcome to the Infection Monkey!
The Infection Monkey is an open-source security tool to aid in adversary and malware emulation. The Monkey uses various methods to self-propagate across a network and reports its activities to a centralized command and control server known as the Monkey Island.
The Infection Monkey is comprised of two parts:
- Agent - A configurable, network worm that can infect machines, steal data, and deliver payloads.
- Monkey Island - A command and control server used to control and visualize the Infection Monkey's progress throughout the simulation.
You can think of Infection Monkey as a kind of malware vaccine. Prior to the invention of mRNA vaccines, biological vaccines worked as follows:
- Collect a sample of the virus.
- Through the magic of chemistry, create a weakened or inert form of the virus.
- Inject the weakened virus into the human body, allowing the immune system to built up a defense.
Once the immune system has built up a defense, it can recognize and fight off the real pathogen if it should ever infect the body.
Infection Monkey aims to use this same approach to combat computer viruses (or other types of malware.)
- Collect a sample of the malware.
- Analyze the malware and understand its behaviors.
- Modify Infection Monkey's configuration to enable behaviors that closely mimic those of the malware, but without causing damage to the target systems.
- Inject the Infection Monkey Agent into the network and validate (empirically) that your security controls can detect, prevent, or otherwise mitigate the infection.
- If the infection is not successfully thwarted, take the necessary steps to "build up your immune response" by improving your security tools, policies, and processes.
To read more about the Monkey, visit akamai.com/infectionmonkey.
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
- Multiple propagation techniques:
- Predefined passwords
- Common logical exploits
- Password stealing using Mimikatz
- Multiple exploit methods:
- Log4Shell
- RDP
- SSH
- SMB
- WMI
- and more, see our documentation hub for more information.
Check out the Setup page and the Getting Started guide in our documentation.
The Infection Monkey supports a variety of platforms, documented in our documentation hub.
To deploy the development version of Monkey you should refer to readme in the deployment scripts folder or follow the documentation in the documentation hub.
| Branch | Status |
|---|---|
| Develop |  |
| Master |  |
In order to run all of the Unit Tests, run the command pytest in the monkey
directory.
To get a coverage report, first make sure the pytest-cov package is installed
using pip install pytest-cov. Run the command pytest --cov-report=html --cov . in the monkey/ directory. The coverage report can be found in
htmlcov/index.html.
In order to run the Blackbox tests, refer to
envs/monkey_zoo/blackbox/README.md.
Copyright (c) Guardicore Ltd
See the LICENSE file for license rights and limitations (GPLv3).