Infection Monkey v1.8 released: An automated pentest tool

Infection Monkey

The Infection Monkey is an open-source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Command and Control(C&C) server.

The Infection Monkey is comprised of two parts:

• Monkey – A tool which infects other machines and propagates to them
• Monkey Island – A C&C server with a dedicated UI to visualize the Chaos Monkey’s progress inside the data center

To read more about the Monkey, visit http://infectionmonkey.com

Main Features

The Infection Monkey uses the following techniques and exploits to propagate to other machines.

• Multiple propagation techniques:
  • Predefined passwords
  • Common logical exploits
  • Password stealing using mimikatz
• Multiple exploit methods:
  • SSH
  • SMB
  • RDP
  • WMI
  • Shellshock
  • Conficker
  • SambaCry
  • Elastic Search (CVE-2015-1427)

Changelog v1.8

New Features 🆕

MITRE ATT&CK report (#491, #496, #575, #577)

In the previous version, Infection Monkey started mapping its abilities to the MITRE ATT&CK matrix. We now present these results, alongside the relevant data and mitigations, in a new report that will enable you to understand and mitigate security issues in your network in the vernacular of MITRE.

Here’s how it looks:

For more details, read our blog post or watch the overview video.

OS Compatibility (#507, #527, #528, #479, #506)

Since we decided to migrate the Monkey to Python 3.7 🐍, we wanted to make sure that it will still be able to give accurate results on a myriad of operating systems, even old ones that don’t support Python 3 at all.

Check out the list of supported operating systems!

This included changes to the Monkey itself and also to us forking our own version of PyInstaller with a custom bootloader.

New Zero Trust People test (#515, #517, #518)

We added another Zero Trust test to the Monkey’s arsenal: the Monkey tries to create a new user that communicates with the internet. If it succeeds, this means that the network’s policies were too permissive.

See it in action in this blog post called “How to Assess Your Zero Trust Status: Monkey See, Centra Do”.

Improvements ⤴

Python 3 migration (#393, #394, #469, #475, #393, #532, #486, #494)

The Monkey is now Python 3.7! 🐍 🎉 Until the next print VS print() debate creates Python 4, the Monkey is not deprecated.

Improvements to our CI process

• JS linting #482
• Automatic Unit Test coverage reports #567 #573 #576

Performance testing infrastructure #548 #547

We hope to continue improving our performance as time goes on – this infrastructure will enable automatic testing of performance using Blackbox testing.

Better versioning (#545, #543, #559)

The Monkey version string now has the specific build ID that created it as well. Both the Monkey and the Island log that version string right when booting.

Refactor exploiters, fingerprinters system information collectors (#478, #499, #521, #522, #535)

Now these subsystems are modular and easy to expand using plugins, like PBAs before them (#397).

Telemetry box UI improvements (#538, #565)

The telemetry box in the Map now shows line count and auto-scrolls to the bottom 📜

Small UX QoL improvements

• Config page label explaining that existing monkeys don’t get new configuration #525
• “Start over” page now waits for a response from the server #512

Merge Infection Monkey requirements files (#500)

Simplifies our development setup by using only a single requirements file for both Infection Monkey platforms. Thanks pip 🙏

JS File Saver (#473)

Small UI code improvement, less dependencies 👍

New map icons

Bug fixes 🐛

• Blank Screen after inactivity fixed #472
• Added 404 page #501
• Prevention of circular imports #477
• Auto update copyright year #481, #468
• Various fixes to .deb deployment #533, #544, #503, #524
• Disable none from the list of networks to scan #550
• Notification wrong route #541
• Improved deploy scripts #549, #562, #564, #546
• Encrypt SSH keys in logs #523, #458
• MSSQL compatibility #492, #493
• ring bugfixes #484
• Telemetries that don’t require briefs no longer throws errors in island #466

Download

Setup

Copyright (c) 2017 Guardicore Ltd

Source: https://github.com/guardicore/