Infection Monkey v1.8 released: An automated pentest tool
The Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Command and Control(C&C) server.
The Infection Monkey is comprised of two parts:
- Monkey – A tool which infects other machines and propagates to them
- Monkey Island – A C&C server with a dedicated UI to visualize the Chaos Monkey’s progress inside the data center
To read more about the Monkey, visit http://infectionmonkey.com
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
- Multiple propagation techniques:
- Predefined passwords
- Common logical exploits
- Password stealing using mimikatz
- Multiple exploit methods:
- Elastic Search (CVE-2015-1427)
New Features 🆕
In the previous version, Infection Monkey started mapping its abilities to the MITRE ATT&CK matrix. We now present these results, alongside the relevant data and mitigations, in a new report that will enable you to understand and mitigate security issues in your network in the vernacular of MITRE.
Here’s how it looks:
For more details, read our blog post or watch the overview video.
Since we decided to migrate the Monkey to Python 3.7 🐍, we wanted to make sure that it will still be able to give accurate results on a myriad of operating systems, even old ones that don’t support Python 3 at all.
This included changes to the Monkey itself and also to us forking our own version of PyInstaller with a custom bootloader.
We added another Zero Trust test to the Monkey’s arsenal: the Monkey tries to create a new user that communicates with the internet. If it succeeds, this means that the network’s policies were too permissive.
The Monkey is now Python 3.7! 🐍 🎉 Until the next
print()debate creates Python 4, the Monkey is not deprecated.
Improvements to our CI process
We hope to continue improving our performance as time goes on – this infrastructure will enable automatic testing of performance using Blackbox testing.
The Monkey version string now has the specific build ID that created it as well. Both the Monkey and the Island log that version string right when booting.
Now these subsystems are modular and easy to expand using plugins, like PBAs before them (#397).
The telemetry box in the Map now shows line count and auto-scrolls to the bottom 📜
Small UX QoL improvements
- Config page label explaining that existing monkeys don’t get new configuration #525
- “Start over” page now waits for a response from the server #512
Merge Infection Monkey requirements files (#500)
Simplifies our development setup by using only a single requirements file for both Infection Monkey platforms. Thanks
JS File Saver (#473)
Small UI code improvement, less dependencies 👍
New map icons
Bug fixes 🐛
- Blank Screen after inactivity fixed #472
- Added 404 page #501
- Prevention of circular imports #477
- Auto update copyright year #481, #468
- Various fixes to
.debdeployment #533, #544, #503, #524
nonefrom the list of networks to scan #550
- Notification wrong route #541
- Improved deploy scripts #549, #562, #564, #546
- Encrypt SSH keys in logs #523, #458
- MSSQL compatibility #492, #493
- Telemetries that don’t require briefs no longer throws errors in island #466
Copyright (c) 2017 Guardicore Ltd