Infection Monkey v1.13 released: An automated pentest tool
Infection Monkey
The Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Command and Control(C&C) server.
The Infection Monkey is comprised of two parts:
- Monkey – A tool which infects other machines and propagates to them
- Monkey Island – A C&C server with a dedicated UI to visualize the Chaos Monkey’s progress inside the data center
To read more about the Monkey, visit http://infectionmonkey.com
Main Features
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
- Multiple propagation techniques:
- Predefined passwords
- Common logical exploits
- Password stealing using mimikatz
- Multiple exploit methods:
- SSH
- SMB
- RDP
- WMI
- Shellshock
- Conficker
- SambaCry
- Elastic Search (CVE-2015-1427)
Changelog v1.13
Added
- A new exploiter that allows propagation via the Log4Shell vulnerability (CVE-2021-44228). #1663
Fixed
- Exploiters attempting to start servers listening on privileged ports, resulting in failed propagation. 8f53a5c
Download & Setup
Copyright (c) 2017 Guardicore Ltd
Source: https://github.com/guardicore/