What is Infection Monkey?
The Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Monkey Island server.
The Complete Practical Web Application Penetration Testing Course
The Infection Monkey is comprised of two parts:
- Monkey – A tool that infects other machines and propagates to them.
- Monkey Island – A dedicated server to control and visualize the Infection Monkey’s progress inside the data center.
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
- Multiple propagation techniques:
- Predefined passwords
- Common logical exploits
- Password stealing using Mimikatz
- Multiple exploit methods:
- SSH
- SMB
- WMI
- Log4Shell
- Zerologon
- and more, see our documentation hub for more information.
Installing and Configuring Infection Monkey
Installation on Windows OS
After downloading the executable, simply:
- Follow the steps to complete the installation.
- Run the Infection Monkey by clicking on the desktop shortcut.
After installation, you can locate the installation directory using the below path:
`C:\Program Files\Infection Monkey\monkey_island\cc\server_config.json
For more instructions on configuring logging levels and adding a certificate, check the documentation here.
Installation on Linux OS
After downloading the image, assign the appropriate permissions using the below command:
chmod u+x InfectionMonkey-v2.3.0.AppImage
Start Monkey Island by running the Infection Monkey AppImage package
./InfectionMonkey-v2.3.0.AppImage
If you get errors related to FUSE, you may need to install FUSE 2.X first:
sudo apt update
sudo apt install libfuse2
Access the Monkey Island web UI by pointing your browser at https://localhost:5000
.https://localhost:5000
.
How Does Infection Monkey Work?
After installing Infection Monkey you can find out your security vulnerabilities by infecting a random machine with Infection Monkey. Examine for various situations, such as stolen credentials, hacked computers, and other security weaknesses.
Each compromised machine in your network is given a unique remediation recommendation in a comprehensive report generated by the Infection Monkey assessment.
Infection Monkey Uses Adversary Emulation
A cybersecurity protection method called adversary emulation uses the tactics, methods, and procedures (TTPs) of actual attackers. In advanced penetration testing or purple team exercises, an enemy emulation plan is typically done by a real human, which might be costly and need additional resources. Once configured, Infection Monkey handles it automatically and without charge.
How often should you run security assessments with Infection Monkey?
You can execute your real-world enemy emulation plan daily, if desired, once you have it adjusted to your preference. Because Infection Monkey is free, you may check for vulnerabilities without needing to pay for cybersecurity services to simulate an opponent.
Exploit Configuration
Infection Monkey allows users to select exploits from a predefined list, including SambaCry and other vulnerabilities.Some exploits are marked as unsafe because they might cause crashes on production machines, so they are not recommended for live environments.Users can specify which exploits to run, and the tool can attempt to dump user credentials during the scan.
Running a Scan
After configuring Infection Monkey, the tool can be run against a test machine or cloud instance.The tool executes a scan, checking for vulnerabilities such as open ports, services, and specific exploits.Once the scan is completed, it generates a report that includes details about the detected vulnerabilities, username and password attempts, and suggestions for improving security.
The infection map generated by the tool visualizes which machines were scanned and which were potentially infected or affected by vulnerabilities.The report includes recommendations for network segmentation and highlights critical vulnerabilities if detected.In this demo, no critical security vulnerabilities were found, but the video emphasizes that the results are limited to the exploits configured in Infection Monkey.
Conclusion
Infection Monkey is useful for automating some aspects of network security testing, especially in cloud environments. However, it is not a complete replacement for manual penetration testing and should be used alongside other tools and methods.