Welcome to Infection Monkey! We're glad you could swing by.🐒 Here's all the info you'll need to start monkeying around.
Infection Monkey is an open-source adversary emulation platform that helps you improve your security posture using empirical data. The Monkey uses various methods to self-propagate across a network and reports its activities to a centralized command and control server known as the Monkey Island. 🐵🏝️ You know, like malware, but ✨safe.✨
Infection Monkey is comprised of two components:
- Agent - A configurable network worm that can infect machines, steal data, and deliver payloads.
- Monkey Island - A command and control server used to control and visualize the Infection Monkey's progress throughout the simulation.
You can think of Infection Monkey as a kind of "malware vaccine." Prior to the invention of mRNA vaccines, biological vaccines worked as follows:
- Collect a sample of the virus.
- Through the magic of chemistry, create a weakened or inert form of the virus.
- Inject the weakened virus into the human body, allowing the immune system to build up a defense.
Once the immune system has built up a defense, it can recognize and fight off the real pathogen if it should ever infect the body.
Infection Monkey aims to use this same approach to combat computer viruses (or other types of malware.)
- Collect a sample of the malware.
- Analyze the malware and understand its behaviors.
- Modify Infection Monkey's configuration to enable behaviors that closely mimic those of the malware, but without causing damage to the target systems.
- Inject the Monkey Agent into the network and validate (empirically) that your security controls can detect, prevent, or otherwise mitigate the infection.
- If the infection is not successfully thwarted, take the necessary steps to "build up your immune response" by improving your security tools, policies, and processes.
Sun Tzu said, "if you know others and know yourself, you will not be imperiled in a hundred battles." Knowledge of both your adversary's tactics and your own defensive capabilities is necessary in order to successfully secure a network. Infection Monkey aims helps you to know both.
Be the chimpion of your network. Learn more about the Monkey at akamai.com/infectionmonkey.
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
- Multiple propagation techniques:
- Predefined passwords
- Common logical exploits
- Password stealing using Mimikatz
- Multiple exploit methods:
- Log4Shell
- RDP
- SSH
- SMB
- WMI
- and more, see our documentation hub for more information.
Check out the Setup page and the Getting Started guide in our documentation.
The Infection Monkey supports a variety of platforms, documented in our documentation hub.
To deploy the development version of Monkey you should refer to readme in the deployment scripts folder or follow the documentation in the documentation hub.
Branch | Status |
---|---|
Develop | |
Master |
In order to run all of the Unit Tests, run the command pytest
in the monkey
directory.
To get a coverage report, first make sure the pytest-cov
package is installed
using pip install pytest-cov
. Run the command pytest --cov-report=html --cov .
in the monkey/
directory. The coverage report can be found in
htmlcov/index.html
.
In order to run the Blackbox tests, refer to
envs/monkey_zoo/blackbox/README.md
.
Copyright (c) Guardicore Ltd
See the LICENSE file for license rights and limitations (GPLv3).