Infection Monkey v1.9 released: An automated pentest tool
The Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Command and Control(C&C) server.
The Infection Monkey is comprised of two parts:
- Monkey – A tool which infects other machines and propagates to them
- Monkey Island – A C&C server with a dedicated UI to visualize the Chaos Monkey’s progress inside the data center
To read more about the Monkey, visit http://infectionmonkey.com
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
- Multiple propagation techniques:
- Predefined passwords
- Common logical exploits
- Password stealing using mimikatz
- Multiple exploit methods:
- Elastic Search (CVE-2015-1427)
New Features 🆕
Improved MITRE ATT&CK coverage and reporting
We’re continuing to improve our MITRE ATT&CK capabilities, with many new techniques added and a new report with more information.
New ATT&CK techniques 💥
We’ve added 8 new ATT&CK techniques to the Monkey, which brings our total coverage to 32!
setgid” attack technique (T1166) #702
- “Trap” attack technique (T1154) #697
- “PowerShell Profile” attack technique (T1504) #686
- “Scheduled Task” attack technique (T1053) #685
- “Local Job Scheduling” attack technique (T1168) #683
.bashrc” attack technique (T1156) #682
- “Hidden Files and Directories” attack technique (T1158) #672
- User creation and impersonation attack technique (T1136) #579
New ATT&CK report 📊
The new report added a new status to help you discern WHY a technique was or was not attempted, so you can optimise future Monkey executions. Here’s how it looks:
Improved configuration (#637) ⚙
In our effort to improve the user experience and make Monkey more accessible and useable we’ve revamped our entire Configuration screen! Easily control the credentials used in simulations, the target list the Monkey will scan, and which exploits the Monkey will attempt to use.
Most AVs recognize and delete the
MimikatzDLL or even disrupt the entire Monkey installation process on Windows. We’ve replaced
pypykatzand for now, it’ll be much harder for endpoint protection software to stop the Monkey.
New Documentation site and framework (#602) 📖
Due to the limited control and ease of use of the GitHub wiki, we’ve decided to move our documentation to a self-hosted solution based on Hugo.
Monkey Island is secure by default (#596) 🔐
The first time you launch Monkey Island (Infection Monkey CC server), you’ll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.
If you want Island to be accessible without credentials press I want anyone to access the island. Please note that this option is insecure: you should only pick this for use in development environments.
Secured dependencies using snyk.io
Improvements to our CI process
- Python import linting #727
- Added Snyk.io to our PRs to test if new vulns are added through dependencies
- Edge refactoring to DAL #671
- Revamps UI to bootstrap v4 #688
- Updated MongoDB version #692
- Various Typos fixed #726
Bug fixes 🐛
Everything that was fixed in 1.8.2 and:
Copyright (c) 2017 Guardicore Ltd