Infection Monkey v1.13 released: An automated pentest tool

Infection Monkey

The Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Command and Control(C&C) server.

The Infection Monkey is comprised of two parts:

• Monkey – A tool which infects other machines and propagates to them
• Monkey Island – A C&C server with a dedicated UI to visualize the Chaos Monkey’s progress inside the data center

To read more about the Monkey, visit http://infectionmonkey.com

Main Features

The Infection Monkey uses the following techniques and exploits to propagate to other machines.

• Multiple propagation techniques:
  • Predefined passwords
  • Common logical exploits
  • Password stealing using mimikatz
• Multiple exploit methods:
  • SSH
  • SMB
  • RDP
  • WMI
  • Shellshock
  • Conficker
  • SambaCry
  • Elastic Search (CVE-2015-1427)

Changelog v1.13

Added

• A new exploiter that allows propagation via the Log4Shell vulnerability (CVE-2021-44228). #1663

Fixed

• Exploiters attempting to start servers listening on privileged ports, resulting in failed propagation. 8f53a5c

Download & Setup

Copyright (c) 2017 Guardicore Ltd

Source: https://github.com/guardicore/