Infection Monkey v1.12 released: An automated pentest tool
Infection Monkey
The Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Command and Control(C&C) server.
The Infection Monkey is comprised of two parts:
- Monkey – A tool which infects other machines and propagates to them
- Monkey Island – A C&C server with a dedicated UI to visualize the Chaos Monkey’s progress inside the data center
To read more about the Monkey, visit http://infectionmonkey.com
Main Features
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
- Multiple propagation techniques:
- Predefined passwords
- Common logical exploits
- Password stealing using mimikatz
- Multiple exploit methods:
- SSH
- SMB
- RDP
- WMI
- Shellshock
- Conficker
- SambaCry
- Elastic Search (CVE-2015-1427)
Changelog v1.12
Added
- A new exploiter that allows propagation via PowerShell Remoting. #1246
- A warning regarding antivirus when agent binaries are missing. #1450
- A deployment.json file to store the deployment type. #1205
Changed
- The name of the “Communicate as new user” post-breach action to “Communicate
as backdoor user”. #1410- Resetting login credentials also cleans the contents of the database. #1495
- ATT&CK report messages (more accurate now). #1483
- T1086 (PowerShell) now also reports if ps1 scripts were run by PBAs. #1513
- ATT&CK report messages to include internal config options as reasons
for unscanned attack techniques. #1518Removed
- Internet access check on agent start. #1402
- The “internal.monkey.internet_services” configuration option that enabled
internet access checks. #1402- Disused traceroute binaries. #1397
- “Back door user” post-breach action. #1410
- Stale code in the Windows system info collector that collected installed
packages and WMI info. #1389- Insecure access feature in the Monkey Island. #1418
- The “deployment” field from the server_config.json. #1205
- The “Execution through module load” ATT&CK technique,
since it can no longer be exercise with current code. #1416- Browser window pop-up when Monkey Island starts on Windows. #1428
Fixed
- Misaligned buttons and input fields on exploiter and network configuration
pages. #1353- Credentials shown in plain text on configuration screens. #1183
- Crash when unexpected character encoding is used by ping command on German
language systems. #1175- Malfunctioning timestomping PBA. #1405
- Malfunctioning shell startup script PBA. #1419
- Trap command produced no output. #1406
- Overlapping Guardicore logo in the landing page. #1441
- PBA table collapse in security report on data change. #1423
- Unsigned Windows agent binaries in Linux packages are now signed. #1444
- Some of the gathered credentials no longer appear in plaintext in the
database. #1454- Encryptor breaking with UTF-8 characters. (Passwords in different languages
can be submitted in the config successfully now.) #1490- Mimikatz collector no longer fails if Azure credential collector is disabled.
#1512, #1493- Unhandled error when “modify shell startup files PBA” is unable to find
regular users. #1507- ATT&CK report bug that showed different techniques’ results under a technique
if the PBA behind them was the same. #1514- ATT&CK report bug that said that the technique “
.bash_profileand
.bashrc” was not attempted when it actually was attempted but failed. #1511- Bug that periodically cleared the telemetry table’s filter. #1392
- Crashes, stack traces, and other malfunctions when data from older versions
of Infection Monkey is present in the data directory. #1114- Broken update links. #1524
Security
Download & Setup
Copyright (c) 2017 Guardicore Ltd
Source: https://github.com/guardicore/
