Infection Monkey v1.6.2 released: An automated pentest tool

Infection Monkey

Welcome to the Infection Monkey!

The Infection Monkey is an open source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Command and Control(C&C) server.

Infection Monkey

Image: guardicore

The Infection Monkey is comprised of two parts:

  • Monkey – A tool which infects other machines and propagates to them
  • Monkey Island – A C&C server with a dedicated UI to visualize the Chaos Monkey’s progress inside the data center

To read more about the Monkey, visit

Main Features

The Infection Monkey uses the following techniques and exploits to propagate to other machines.

  • Multiple propagation techniques:
    • Predefined passwords
    • Common logical exploits
    • Password stealing using mimikatz
  • Multiple exploit methods:
    • SSH
    • SMB
    • RDP
    • WMI
    • Shellshock
    • Conficker
    • SambaCry
    • Elastic Search (CVE-2015-1427)

Changelog v1.6

New Features:

Detect cross segment traffic! The Monkey can now easily test whether two network segments are properly separated. PR #120.
The Monkey can analyse your domain for possible Pass the Hash attacks. By cross referencing information collected by Mimikatz, the Monkey can now detect usage of identical passwords, cached logins with access to critical servers and more. #170
SSH key stealing. The monkey will now steal accessible SSH keys and use them when connecting to SSH servers, PR #138.
MS-SQL brute force attack. The Monkey can now recognise, attack and exploit MS-SQL data base servers. PR #147.
Implement a cross platform attack for Struts2 Multi-part file upload vulnerability, PR #179.
Implement a cross platform attack for Oracle Web Logic CVE-2017-10271, PR #180.
ElasticGroovy attack now supports Windows victims, PR #181.
Hadoop cluster RCE – Abuse unauthenticated access to YARN resource manager, PR #182.

Code improvements

— We’ve refactored the codebase, so now it’s easier to share code between the Monkey and the Monkey Island components. PR #145.
— Mimikatz is now bundled into a password protected ZIP file and extracted only if required. Makes deployment easier with AV software. PR #169.
— Monkey Island now properly logs itself to a file and console. So if you got bugs, it’ll now be easier to figure them out. PR #139.
— Systemd permissions are now properly locked down
— Fixed a situation where a successful shellshock attack could freeze the attacking Monkey. #200



Copyright (c) 2017 Guardicore Ltd