Infection Monkey - An automated pentest tool

Overview

Infection Monkey

GitHub release (latest by date)

Build Status codecov

GitHub stars GitHub commit activity

Data center Security Testing Tool

Welcome to the Infection Monkey!

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

The Infection Monkey is comprised of two parts:

  • Monkey - A tool which infects other machines and propagates to them.
  • Monkey Island - A dedicated server to control and visualize the Infection Monkey's progress inside the data center.

To read more about the Monkey, visit infectionmonkey.com.

Screenshots

Map

Security report

Zero trust report

ATT&CK report

Main Features

The Infection Monkey uses the following techniques and exploits to propagate to other machines.

  • Multiple propagation techniques:
    • Predefined passwords
    • Common logical exploits
    • Password stealing using Mimikatz
  • Multiple exploit methods:
    • SSH
    • SMB
    • WMI
    • Shellshock
    • Conficker
    • SambaCry
    • Elastic Search (CVE-2015-1427)
    • Weblogic server
    • and more, see our Documentation hub for more information about our RCE exploiters.

Setup

Check out the Setup page in the Wiki or a quick getting started guide.

The Infection Monkey supports a variety of platforms, documented in our documentation hub.

Building the Monkey from source

To deploy development version of monkey you should refer to readme in the deployment scripts folder or follow documentation in documentation hub.

Build status

Branch Status
Develop Build Status
Master Build Status

Tests

Unit Tests

In order to run all of the Unit Tests, run the command python -m pytest in the monkey directory.

To get a coverage report, first make sure the coverage package is installed using pip install coverage. Run the command coverage run -m unittest in the monkey directory and then coverage html. The coverage report can be found in htmlcov.index.

Blackbox tests

In order to run the Blackbox tests, refer to envs/monkey_zoo/blackbox/README.md.

License

Copyright (c) Guardicore Ltd

See the LICENSE file for license rights and limitations (GPLv3).

Comments
  • Fix code quality issues

    Fix code quality issues

    This pull request fixes some of the code quality issues raised by DeepSource on my fork of this repository. I have already fixed some issues using DeepSource's Autofix.

    Take a quick look at all the issues caught by DeepSource for this repository here

    Summary of fixes

    • Remove re-imported module
    • Remove unused imports
    • Use literal syntax instead of function calls to create data structure
    • Use is to compare type of objects
    • Remove unnecessary comprehension
    • Remove length check in favour of truthiness of the object

    You can also have a look at the configuration file I used for DeepSource Analysis.

    opened by withshubh 13
  • Investigate multiprocessing IPC

    Investigate multiprocessing IPC

    Spike

    Objective

    Investigate using multiprocessing for running plugins. Specifically, we need to understand the capabilities and limitations of IPC when using multiprocessing.

    Scope

    Answer the following questions:

    • [x] How will logging be handled?
    • [x] Can multiprocessing processes return values? How? What are the limitations
    • [x] Can multiprocessing processes call a function on another process?
    • [x] Can pydantic objects be pushed into a multiprocessing queue? What are the limitations/requirements?
    • [x] Any other considerations?

    Output

    Provide a small writeup for each of the above questions, along with a code example that shows how things will work or what is required.

    Impact: High Complexity: High Spike Plugins 
    opened by mssalvatore 12
  • Re-validate and document OS compatibility

    Re-validate and document OS compatibility

    Is your feature request related to a problem? Please describe. We currently aren't sure which OSes we support since we upgraded to Python 3.

    Describe the solution you'd like Test which OS versions we currently work on (after upgrading to Python 3 in #394). After documenting which version we don't support, decide on a solution for each one:

    • Ignore since the OS is too old for us to care about anyway (yes Ubuntu 8, I'm looking at you).
    • Write a bootloader (in C++ or something) which reports back to the Island that this machine is too old for the regular Monkey to operate. Mark super-old machines in the Island as fatal security flaws. See #479.
    • Create compatibility, using solutions like staticx.

    Re-test after implementing each solution and update the documentation.

    Documentation 
    opened by ShayNehmad 11
  • Run the infection-monkey with a configuration file doesn't work as expected

    Run the infection-monkey with a configuration file doesn't work as expected

    Describe the bug Running the infection-monkey with a configuration file doesn't work as expected. Version used: Latest infection-monkey release

    To Reproduce Steps to reproduce the behavior:

    1. Run an infection monkey with the following command: monkey-linux-64 m0nk3y -c ./monkey.conf
    2. The logs show that the specified monkey.conf is successfuly loaded by the infection monkey
    3. After the infection monkey contacted the monkey-island, the infection monkey's configuration is overrided by the monkey-island's config file.

    Expected behavior The infection monkey should keep the configuration file values loaded at execution time.

    Screenshots Config file loading success success_loading

    Config file overrided by monkey island server_override

    Bug Enhancement Impact: Medium Complexity: Medium 
    opened by noctx 9
  • None of the exploits are successful, InfectionMonkey can scan but not connect to any nodes

    None of the exploits are successful, InfectionMonkey can scan but not connect to any nodes

    I currently have a VM deployment and am running InfectionMonkey 1.13 to attack it. I copied and pasted the command to manually run it in my Linux terminal. In the infection map, all of the nodes can be found and InfectionMonkey successfully scans them (there are yellow edges from the current node to every other node) but no tunnels are established and all of the exploits fail. From the current node, the other nodes do not require a password to ssh into them so at the very least, SSH brute-forcing should be successful.

    Under the "Exploits" section of the InfectionMonkey UI, I've tried adding the usernames to the "Exploit user list" and I also tried removing all passwords from the "Exploit password list" but neither worked.

    Is there anything else I should try? I've attached my agent log.

    Thank you! user-1563.txt

    opened by throwaway180 8
  • SSL warnings

    SSL warnings

    Describe the bug

    image

    To Reproduce

    Steps to reproduce the behavior:

    1. Configure the Monkey Island on AWS (maybe happens elsewhere too?)

    Expected behavior

    Should not be throwing warnings.

    Tasks

    • [ ] Fix it! (0.25d) @mssalvatore

    References

    https://stackoverflow.com/questions/66364650/catching-errors-being-thrown-within-module

    Bug Impact: High Complexity: Low 
    opened by VakarisZ 8
  • Remove `None` values from list of networks to scan

    Remove `None` values from list of networks to scan

    Fixes #540

    Configuration allows submission of empty fields in the list of networks to scan, but they get registered as None in monkey which causes problems.

    ~~When the range is being defined in network_scanner.py, it checks for None values and removes them from the list.~~

    ~~TODO: As of now, this only fixes the error mentioned in the issue. Other fields are yet to be checked.~~

    All None values are filtered out from configuration before saving.

    Bug 
    opened by shreyamalviya 8
  • Old machine bootloader

    Old machine bootloader

    What is this?

    Fixes #479

    Add any further explanations here.

    TODO

    • [x] Make pyinstaller bootloader launch custom C code
    • [x] Create C file that would communicate with island on Windows
    • [x] FIX #528
    • [x] Create C file that would communicate with island on Linux
    • [x] Make island recognize an display machines where bootloader communicated, but monkey did not
    • [ ] Refactor pyinstaller alterations into a patch, which we can apply to any incoming new pyinstaller version
    • [ ] Alter deployment script to include bootloader and pyinstaller dev version with patch
    • [ ] Test on OS compat env

    TDD

    Prerequisites

    Old machine bootloader program is incorporated into pyinstaller bootloader. Pyinstaller bootloader is the first thing that starts when a built monkey is launched, thus our code is launched before monkey and has access to monkey flags. This allows us to write code that would inspect the current machine and send requests to island directly or via tunnel and decide to continue with launching monkey code or to quit.

    This is a multilevel problem so TDD is separated into these sections that represent corresponding layers:

    • Bootloader program
    • Connections and tunneling
    • Island server and data gathered
    • Data representation

    Bootloader program

    How to setup bootloader development env.

    We have pyinstaller forks, one for linux and one for windows. Pull them and get relevant bootloader dev env.

    To update pyinstaller we'll have to pull from pyinstaller git, merge and rebuild pyinstaller bootloader. Then do a release and add built pyinstaller bootloader. To update bootloader we'll have to push to our forks and rebuild pyinstaller bootloader. Then do a release and add built pyinstaller bootloader.

    Monkey build process

    Building the monkey will require custom pyinstaller bootloader binary. Depending on OS this binary should be downloaded from our pyinstaller for release and placed into a pyinstaller install folder. Maybe this can be automated via deployment scripts.

    Bootloader program workflow

    1. Monkey binary is ran.
    2. Bootloader starts and parses monkey flags to extract tunnel and server.
    3. Bootloader collects information about system: OS, IP, Hostname.
    4. Bootloader looks at current OS info and determines whether to run the monkey or to quit after it finishes.
    5. Bootloader changes server port from x to x+1 OR we can have a dedicated flag.
    6. Bootloader forms http request with OS, IP, Hostname and will monkey be ran info.
    7. Bootloader sends HTTP request where a proxy server is listening.
    8. If bootloader didn't get proper response it tries to use tunnel.

    Connections and tunneling

    Monkey

    Tunneling on monkey is expanded to tunnel http traffic.

    Island

    Island starts a basic http server on a separate thread. It connects to the mongodb and gets port to serve on. It's either island's port +1 or a dedicated config value. When this HTTP proxy server gets a request it passes it to the /api/bootloader endpoint on the main server and also forwards back the response.

    Island server and data gathered

    Island receives data on an api/bootloader endpoint and stores it on a separate collection. Each bootloader telemetry has the following fields: OS, IP list, Hostname and if monkey will be run. Upon receiving bootloader telemetry island finds and updates bootloader_state variable on corresponding node. bootloader_state can be one of three values:

    1. Bottloader didn't run (default)
    2. Bootloader ran, monkey will run ( if monkey_will_run value is True in bootloader telem )
    3. Bootloader ran, monkey will not run ( if monkey_will_run value is False in bootloader telem )

    Data representation

    Map

    States of node will be the following:

    1. Scanned node (exploited: False bootloader_state: not_started on node)
    2. Exploited node (exploited: True bootloader_state: not_started on node)
    3. Machine too old (exploited: True bootloader_state: monkey_won't_run on node) OR
    4. Monkey will run (exploited: True bootloader_state: monkey_will_run on node)
    5. Monkey is running.
    6. Monkey died.

    To recap 2 states with corresponding UI will be added: Machine too old to run monkey and Monkey will run.

    Report

    When generating report island will query mongodb to find if there are any entries of bootloader telemetry with bootloader_state: monkey_won't_run. If so, outdated machine issue is generated.

    Testing

    Bootloader binary

    Manual tests on some old windows and linux machines. Also, on some new ones.

    Tunneling

    Windows machine will be added to tunneling env in monkeyzoo. New blackbox test will run tunneling test as usual, but will also verify that each bootloader communicated with island.

    Data gathering and UI

    Tested manually

    Dev. env. deployment

    This feature changes development environment in the following way:

    • We need custom pyinstaller bootloader to build monkeys

    So deployment scripts will have to be altered to do:

    1. Download pyinstaller bootloader from our pyinstaller fork release
    2. Replace default bootloader in pyinstaller folder
    Feature 
    opened by VakarisZ 8
  • Feature/refactor fingerprinting [WIP]

    Feature/refactor fingerprinting [WIP]

    Feature / Fixes

    This is a start of fixing #397 In this stage, I refactored fingerprint importing to be like PBA and generalised the plugin architecture. If you guys like this direction, I will finish this for fingerprinters and optionally do this for exploiters (though benefit is smaller)

    • [X] Have you added an explanation of what your changes do and why you'd like to include them?
    • [Y] Have you successfully tested your changes locally? This has been partially tested. On standalone it works and works on windows Pyinstaller.
    Enhancement 
    opened by danielguardicore 8
  • SMB exploiter's exception handling need to be reviewed

    SMB exploiter's exception handling need to be reviewed

    Describe the bug SMB exploiter passes if it gets an exception while starting: image

    Work required We need to review the exceptions and send telemetry accordingly

    Bug 
    opened by VakarisZ 8
  • Can't find suitable monkey executable for host happening on Ubuntu

    Can't find suitable monkey executable for host happening on Ubuntu

    When using AWS image for InfectionMonkey 1.13.0 and trying to use the SSHExploiter on an Ubuntu server (tested on 16.04 and 18.04) I'm getting following line in the logs: _sshexec.exploit_host.165: Can't find suitable monkey executable for host VictimHost

    Steps to reproduce the behavior:

    1. Set up AWS EC2 with InfectionMonkey AMI from Guardicore Marketplace
    2. Set up Ubuntu image on Amazon EC2 machines (I've tried for 18.04 and 16.04)
    3. Add correct username to use with the SSH keys in configuration
    4. Transfer SSH public and private keys to /home/ubuntu/.ssh (ran chmod 777 on the key files just to be safe), keys and usernames are the same on both target server and monkeyIsland server.
    5. Run the monkey with sudo priviliges

    Expected behavior: Monkey discovers the target Linux server and recognizes it as a Linux. Identity is stolen properly (although in Internal -> Exploits I can see that there is and [object Object] in SSH key pairs list with red should be string note under). Target server should be exploited correctly with SSH exploiter as username and keys were provided instead the exploiter can't find suitable monkey for VictimHost

    Screenshots image image image

    OS: Ubuntu 18.04.6 LTS

    Bug 
    opened by Piesa 7
  • Island: Split up utils in repository

    Island: Split up utils in repository

    What does this PR do?

    Splits up utilities in repositories package

    Add any further explanations here.

    PR Checklist

    • [ ] Have you added an explanation of what your changes do and why you'd like to include them?
    • [ ] Is the TravisCI build passing?
    • [ ] Was the CHANGELOG.md updated to reflect the changes?
    • [ ] Was the documentation framework updated to reflect the changes?
    • [ ] Have you checked that you haven't introduced any duplicate code?

    Testing Checklist

    • [ ] Added relevant unit tests?
    • [ ] Have you successfully tested your changes locally? Elaborate:

      Tested by running unit tests

    • [ ] If applicable, add screenshots or log transcripts of the feature working
    opened by VakarisZ 0
  • 2773 propagation credentials repository

    2773 propagation credentials repository

    What does this PR do?

    Fixes part of #2773.

    PR Checklist

    • [x] Have you added an explanation of what your changes do and why you'd like to include them?
    • [ ] Is the TravisCI build passing?
    • [ ] ~~Was the CHANGELOG.md updated to reflect the changes?~~
    • [ ] ~~Was the documentation framework updated to reflect the changes?~~
    • [x] Have you checked that you haven't introduced any duplicate code?

    Testing Checklist

    • [x] Added relevant unit tests?
    • [x] Have you successfully tested your changes locally? Elaborate:

      Tested by running the unit tests

    • [ ] ~~If applicable, add screenshots or log transcripts of the feature working~~
    opened by cakekoa 0
  • Perform OS compatability checks before running exploiter plugins

    Perform OS compatability checks before running exploiter plugins

    Description

    The agent should not attempt to exploit a target machine if it knows the the target machine's OS is incompatible with the exploiter. For example, the Zerologon exploiter should never attempt to exploit a Linux machine.

    Currently, this logic is in the AutomatedMaster and isn't able to handle plugins. This logic should be moved to the puppet and modified to handle exploiter plugins.

    Tasks

    • [ ] Create an AgentPluginManifest for all hard-coded "plugins"
      • [ ] Hadoop
      • [ ] Log4Shell
      • [ ] MSSQL
      • [ ] PowerShell
      • [ ] SSH
      • [ ] SMB
      • [ ] WMI
      • [ ] Zerologon
    • [ ] Create new exceptions to allow the Puppet to reject the master's requests
      • [ ] Create RejectedRequestError
      • [ ] Create IncompatibleOperatingSystemError(RejectedRequestError)
    • [ ] Add PluginCompatabilityVerifier
      • [ ] Accepts IIslandAPIClient in the constructor
      • [ ] Accepts the hard-coded plugin manifests in the constructor
      • [ ] Implement verify_exploiter_compatibility(exploiter_name: str, target_host: TargetHost) (See test_exploiter.py for some useful test examples`)
        • [ ] Use the IIslandAPIClient to get and cache the plugin manifest
        • [ ] Return if target host's OS is None or target_host's OS is in the plugin manifest's list of supporting operating systems, else raise IncompatibleOperatingSystemError
    • [ ] Modify the puppet (Add the PluginCompatibilityVerifier, modify exploit_host)
      • [ ] Add unit tests
      • [ ] Call verify_exploiter_compatability() before exploiting the target (or loading the plugin)
      • [ ] Add a ":raises IncompatibleOperatingSystemError:" entry to the IPuppet's docstring
    • [ ] Modify the master.exploiter to allow puppet to determine OS compatibility
      • [ ] Add unit tests
      • [ ] Remove the existing compatibility check
      • [ ] Try/except IncompatibleOperatingSystemError and log a message about skipping the exploiter
    Impact: High Complexity: Medium Plugins 
    opened by mssalvatore 0
  • Merge brute force and vulnerability exploiters in the configuration

    Merge brute force and vulnerability exploiters in the configuration

    Description

    The separation between brute force and vulnerability exploiters was based on the use case of "vulnerability scanning", which is no longer Infection Monkey's main goal. Ultimately, users should be able to configure the order that exploiters run in. While the UI doesn't allow this at the moment, the configuration can be manipulated manually to achieve this. However, vulnerability exploiters always run before brute force exploiters. In other words, this separation reduces the configurability of the system.

    Note

    To avoid breaking develop, base all work off of 2787-merge-vulnerability-and-brute-force-exploiter-config.

    Tasks

    • [ ] Modify the AgentConfiguration object to contain only "Exploiters` (0.25d) @mssalvatore
      • [ ] Pydantic object
      • [ ] Unit tests
      • [ ] Default configuration
    • [ ] Modify the UI to comply with the new configuration (0.75d)
      • [ ] UI Schema
      • [ ] SafeOptionValidator
    • [ ] Modify the logic in infection_monkey.master.exploiter to use the new configuration (0.25d) @mssalvatore
    • [ ] Modify the logic in monkey_island.cc.services.reporting.report to use the new configuration (0.25d)
    • [ ] Modify the path_in_schema in the AgentConfigurationSchemaService (0.25d)
    Impact: High Complexity: Medium Refactor Plugins 
    opened by mssalvatore 0
  • Add an endpoint to retrieve plugin manifests

    Add an endpoint to retrieve plugin manifests

    Context

    The agent's master component needs to be able to determine whether or not a plugin is compatible with the target. Some examples are:

    • The WMI exploiter can only be used to attack a target running Windows
    • The mimikatz credentials collector can only be used if the host OS is Windows

    Descriptions

    I often think we'd be better off with a GraphQL API. Maybe for Infection Monkey 3.0 :man_shrugging:

    In order for the master to determine whether or not a plugin is compatible with a given OS, it needs access to the plugin's manifest. Right now, only the puppet (via the plugin registry) has access to the plugin's manifest. Since plugins could be large, we don't want the master to download the entire plugin. Add a new endpoint that allows only a plugin manifest to be requested from the Island.

    Tasks

    • [ ] Add a /api/agent-plugins/<string:plugin_type>/<string:name>/manifest endpoint that returns only the plugin's manifest. (0.5d)
    Impact: High Complexity: Low Plugins 
    opened by mssalvatore 0
  • Improve config schema generation

    Improve config schema generation

    Is your feature request related to a problem? Please describe. Hadoop plugin schema should end up in vulnerability exploiters. This means that we need to refactor the vulnerability exploiters' schema and append plugins to it. In the end, we should have a single VulnerabilityExploiters object in the schema that is composed both of plugins and of hard-coded exploiters.

    Notes

    First do #2787. These changes will break UI, until #2698 is done, consider merging these changes into a separate branch

    Tasks

    • [ ] Refactor exploiters in common.agent_configuration.agent_sub_configurations.ExploitationConfiguration from Tuple[PluginConfiguration, ...] into an empty Dict (or similar). (0.25d)
    • [ ] Refactor monkey/monkey_island/cc/services/agent_configuration_schema_service.py (probably the code in repository utils) to add the plugin schema to the exploiters' schema.
      • [ ] Define hard-coded exploiter "plugins" (0.5d)
        • [ ] Define HadoopExploiter property
        • [ ] Define Log4ShellExploiter property
        • [ ] Define MSSQLExploiter property
        • [ ] Define PowerShellExploiter property
        • [ ] Define SSHExploiter property
        • [ ] Define SMBExploiter property
        • [ ] Define WmiExploiter property
        • [ ] Define ZerologonExploiter property
      • [ ] Modify the service to inject hard-coded "plugins" into the schema (0.75d)
    • [ ] Fix the logic in infection_monkey.master.exploiter to use the new schema (0.5d)
    • [ ] Modify BB test configurations (0.25d)
    Impact: High Complexity: High Plugins 
    opened by VakarisZ 0
Releases(v1.13.0)
  • v1.13.0(Feb 10, 2022)

    This release adds a new exploiter to the Infection Monkey, which exploits the Log4Shell vulnerability (CVE-2021-44228). To start downloading it while you read the release notes, go to the Infection Monkey website.

    Changelog

    Added

    • A new exploiter that allows propagation via the Log4Shell vulnerability (CVE-2021-44228). #1663

    Fixed

    • Exploiters attempting to start servers listening on privileged ports, resulting in failed propagation. 8f53a5c

    Attached binaries and hashes:

    Filename | Type | Version | SHA256 Hash -- | -- | -- | -- InfectionMonkey-v1.13.0.AppImage | Island | 1.13.0 | cded4e8394a4d2a809ba9b74b924aea590317515b9b032ba8005a93dfce1c861 monkey-linux-32 | agent | 1.13.0 | 24c5779825f26c76a8910794836647096f4bb4b47cfd6ad213cc48116d140fab monkey-linux-64 | agent | 1.13.0 | f21e709cb7ba8daf90b908af5fe485ba43866c325d3c7ce1eb07e8a2323e07c1 monkey-windows-32 | agent | 1.13.0 | 7497907e3cf4ffeb121a7795bfa16709800e6e0f99770f64af7fff684ecba6d6 monkey-windows-64 | agent | 1.13.0 | 3edd20de2247047c8a822c84145981936ce2fd0bdf843eb5ca777ca4d2478b35 sc_monkey_runner32.so | sambacry | | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 sc_monkey_runner64.so | sambacry | | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18

    Source code(tar.gz)
    Source code(zip)
    InfectionMonkey-v1.13.0.AppImage(244.71 MB)
    monkey-linux-32(27.80 MB)
    monkey-linux-64(28.18 MB)
    monkey-windows-32.exe(30.24 MB)
    monkey-windows-64.exe(33.55 MB)
    sc_monkey_runner32.so(9.34 KB)
    sc_monkey_runner64.so(10.03 KB)
  • v1.12.0(Oct 29, 2021)

    This release enhances Infection Monkey's ransomware simulation capability by adding the ability to propagate via PowerShell remoting. It also provides numerous bug fixes, as well as UX and security improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.

    Changelog

    Added

    • A new exploiter that allows propagation via PowerShell Remoting. #1246
    • A warning regarding antivirus when agent binaries are missing. #1450
    • A deployment.json file to store the deployment type. #1205

    Changed

    • The name of the "Communicate as new user" post-breach action to "Communicate as backdoor user". #1410
    • Resetting login credentials also cleans the contents of the database. #1495
    • ATT&CK report messages (more accurate now). #1483
    • T1086 (PowerShell) now also reports if ps1 scripts were run by PBAs. #1513
    • ATT&CK report messages to include internal config options as reasons for unscanned attack techniques. #1518

    Removed

    • Internet access check on agent start. #1402
    • The "internal.monkey.internet_services" configuration option that enabled internet access checks. #1402
    • Disused traceroute binaries. #1397
    • "Back door user" post-breach action. #1410
    • Stale code in the Windows system info collector that collected installed packages and WMI info. #1389
    • Insecure access feature in the Monkey Island. #1418
    • The "deployment" field from the server_config.json. #1205
    • The "Execution through module load" ATT&CK technique, since it can no longer be exercise with current code. #1416
    • Browser window pop-up when Monkey Island starts on Windows. #1428

    Fixed

    • Misaligned buttons and input fields on exploiter and network configuration pages. #1353
    • Credentials shown in plain text on configuration screens. #1183
    • Crash when unexpected character encoding is used by ping command on German language systems. #1175
    • Malfunctioning timestomping PBA. #1405
    • Malfunctioning shell startup script PBA. #1419
    • Trap command produced no output. #1406
    • Overlapping Guardicore logo in the landing page. #1441
    • PBA table collapse in security report on data change. #1423
    • Unsigned Windows agent binaries in Linux packages are now signed. #1444
    • Some of the gathered credentials no longer appear in plaintext in the database. #1454
    • Encryptor breaking with UTF-8 characters. (Passwords in different languages can be submitted in the config successfully now.) #1490
    • Mimikatz collector no longer fails if Azure credential collector is disabled. #1512, #1493
    • Unhandled error when "modify shell startup files PBA" is unable to find regular users. #1507
    • ATT&CK report bug that showed different techniques' results under a technique if the PBA behind them was the same. #1514
    • ATT&CK report bug that said that the technique ".bash_profile and .bashrc" was not attempted when it actually was attempted but failed. #1511
    • Bug that periodically cleared the telemetry table's filter. #1392
    • Crashes, stack traces, and other malfunctions when data from older versions of Infection Monkey is present in the data directory. #1114
    • Broken update links. #1524

    Security

    • Generate a random password when creating a new user for CommunicateAsNewUser PBA. #1434
    • Credentials gathered from victim machines are no longer stored plaintext in the database. #1454
    • Encrypt the database key with user's credentials. #1463

    New contributors 🙌

    Welcome and thanks to our new contributors: @TRGamer-tech

    Attached binaries and hashes:

    Filename | Type | Version | SHA256 Hash -- | -- | -- | -- InfectionMonkey-v1.12.0.AppImage | island | 1.12.0 | 1325f2aa1d0c27aec2e2f9864ed53c53c524bd208313f87ea6606f59c90ff310 monkey-linux-32 | agent | 1.12.0 | d941943046db48cf0eb7f11e144a79749848ae6b50014833c5390936e829f6c3 monkey-linux-64 | agent | 1.12.0 | 1ad52eabd704a9b0fbf642fa552629f30d3c5c27e431a687bd4cba4e0104d3f7 monkey-windows-32 | agent | 1.12.0 | 3c10f610f47c4fd227cf85f6bf800d66ed31fe37dc2e2ed408860483685ba504 monkey-windows-64 | agent | 1.12.0 | 02e5e051a96e2ca61ae8e661b3a5828ee53a0fc00aca6502d5c73a46754f0d07 sc_monkey_runner32.so | sambacry | | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 sc_monkey_runner64.so | sambacry | | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18

    Source code(tar.gz)
    Source code(zip)
    InfectionMonkey-v1.12.0.AppImage(236.65 MB)
    monkey-linux-32(25.90 MB)
    monkey-linux-64(26.31 MB)
    monkey-windows-32.exe(28.24 MB)
    monkey-windows-64.exe(31.47 MB)
    sc_monkey_runner32.so(9.34 KB)
    sc_monkey_runner64.so(10.03 KB)
  • v1.11.0(Aug 16, 2021)

    This release introduces Infection Monkey's ransomware simulation capability. It also adds a number of security enhancements and configuration options. To start downloading it while you read the release notes, go to the Infection Monkey website.

    Changelog

    Added

    • A runtime-configurable option to specify a data directory where runtime configuration and other artifacts can be stored. #994
    • Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
    • log_level option to server config. #1151
    • A ransomware simulation payload. #1238
    • The capability for a user to specify their own SSL certificate. #1208
    • API endpoint for ransomware report. #1297
    • A ransomware report. #1240
    • A script to build a docker image locally. #1140

    Changed

    • Select server_config.json at runtime. #963
    • Select Logger configuration at runtime. #971
    • Select mongo_key.bin file location at runtime. #994
    • Store Monkey agents in the configurable data_dir when monkey is "run from the island". #997
    • Reformat all code using black. #1070
    • Sort all imports using isort. #1081
    • Address all flake8 issues. #1071
    • Use pipenv for python dependency management. #1091
    • Move unit tests to a dedicated tests/ directory to improve pytest collection time. #1102
    • Skip BB performance tests by default. Run them if --run-performance-tests flag is specified.
    • Write Zerologon exploiter's runtime artifacts to a secure temporary directory instead of $HOME. #1143
    • Put environment config options in server_config.json into a separate section named "environment". #1161
    • Automatically register if BlackBox tests are run on a fresh installation. #1180
    • Limit the ports used for scanning in blackbox tests. #1368
    • Limit the propagation depth of most blackbox tests. #1400
    • Wait less time for monkeys to die when running BlackBox tests. #1400
    • Improve the structure of unit tests by scoping fixtures only to relevant modules instead of having a one huge fixture file. #1178
    • Improve and rename the directory structure of unit tests and unit test infrastructure. #1178
    • Launch MongoDB when the Island starts via python. #1148
    • Create/check data directory on Island initialization. #1170
    • Format some log messages to make them more readable. #1283
    • Improve runtime of some unit tests. #1125
    • Run curl OR wget (not both) when attempting to communicate as a new user on Linux. #1407

    Removed

    • Relevant dead code as reported by Vulture. #1149
    • Island logger config and --logger-config CLI option. #1151

    Fixed

    • Attempt to delete a directory when monkey config reset was called. #1054
    • An errant space in the windows commands to run monkey manually. #1153
    • Gevent tracebacks in console output. #859
    • Crash and failure to run PBAs if max depth reached. #1374

    Security

    • Address minor issues discovered by Dlint. #1075
    • Hash passwords on server-side instead of client side. #1139
    • Generate random passwords when creating a new user (create user PBA, ms08_67 exploit). #1174
    • Implemented configuration encryption/decryption. #1189, #1204
    • Create local custom PBA directory with secure permissions. #1270
    • Create encryption key file for MongoDB with secure permissions. #1232

    New contributors 🙌

    Welcome and thanks to our new contributors: @ilija-lazoroski @kur1mi @Vertrauensstellung

    Attached binaries and hashes:

    Filename | Type | Version | SHA256 Hash -- | -- | -- | -- Infection_Monkey-1.11.0-x86_64.AppImage|island|1.11.0|6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2 monkey-linux-32 | agent | 1.11.0 | b0615fc0369bf6f0900e89acbc300cfe63bc754e4e3d50c2cba2dbdb2de8e511 monkey-linux-64 | agent | 1.11.0 | fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462 monkey-windows-32 | agent | 1.11.0 | e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849 monkey-windows-64 | agent | 1.11.0 | 12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a sc_monkey_runner32.so | sambacry | | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 sc_monkey_runner64.so | sambacry | | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18 tracerouter32 | traceroute | | c15a8a7612af31ff973d424c6473eb34e2ca66dddc6aef3067a1e9927e368f23 traceroute64 | sambacry | | 64d5c9c9b7c0aaf6447bd6fd439b87052fe72bba769c4de454bc1f817cffcad4

    Source code(tar.gz)
    Source code(zip)
    Infection_Monkey-1.11.0-x86_64.AppImage(230.96 MB)
    monkey-linux-32(25.21 MB)
    monkey-linux-64(25.62 MB)
    monkey-windows-32.exe(27.45 MB)
    monkey-windows-64.exe(30.65 MB)
    sc_monkey_runner32.so(9.34 KB)
    sc_monkey_runner64.so(10.03 KB)
    traceroute32(91.83 KB)
    traceroute64(94.47 KB)
  • v1.10.0(Apr 6, 2021)

    This release introduces exciting new features, performance improvements, and lots of bug fixes. To start downloading it while you read the release notes, go to the Infection Monkey website.

    New Features 🆕

    New exploits 💣

    Infection Monkey can now exploit two new remote code execution vulnerabilities:

    AWS Zero Trust security scans with ScoutSuite 🔍

    Scout Suite is an open-source cloud security-auditing tool. It queries the cloud API to gather configuration data. Based on the configuration data gathered, ScoutSuite shows security issues and risks present in your cloud infrastructure. Infection Monkey will run a ScoutSuite scan against your AWS environment and categorize any alerts according to the Zero Trust framework. #519

    scoutsuite

    New MITRE ATT&CK techniques 💥

    We're continuing to improve our MITRE ATT&CK capabilities. We've added four new ATT&CK techniques to Infection Monkey, for a total of 36!

    • Signed script proxy execution (T1216) #776
    • Account discovery(T1087) #793
    • Indicator removal on host: timestomp (T1099) #796
    • Clear command history (T1146) #799

    Improvements ⤴

    Secured dependencies using snyk.io

    • #740
    • #763
    • #773
    • #778
    • #781
    • #788
    • #790
    • #791
    • #797
    • #803
    • #810
    • #811
    • #814
    • #815
    • #816
    • #821
    • #826

    Performance improvements 🚤

    • Use multithreading to run PBAs #696
    • Refactor tornado WSGE container into gevent WSGI container #858 #862
    • Add sane timeouts to reduce excessive blocking #885

    Documentation improvements 📖

    We've updated our documentation for readability and consistency, as well as added swimm tutorials for developers.

    • Improve report documentation #887
    • Updates to monkey zoo docs #927
    • Copyediting #909 #932 #933 #934 #935 #936 #937 #965
    • Swimm tutorials #766 #837 #850 #904
    • Add high-level architecture explanation #1047

    Miscellaneous

    • Add Windows XP support to MS08_067 exploit #809
    • Reintroduce AWS run option #865
    • Update Linux deployment scripts #900

    UI

    • Specify a user that will run the infection monkey agent #792 #830 #838 #840
    • Clarified cross-segment issue reporting #819
    • Improve ATT&CK UI #820
    • Modify master checkboxes to conform to human interface guidelines #920
    • Provide warning icon and language for unsafe options #920
    • Show "None" in zero trust report sections with zero findings #947
    • Show confirmation dialog when unsafe config is submitted or imported #1000
    • Show warning dialog when unsafe ATT&CK config is submitted #1006
    • Clarify custom PBA field descriptions in configuration menu #1027

    Bug fixes 🐛

    • Scale Monkey Island map component to window size #150
    • Center Guardicore logo on smaller screens #612
    • Fix typo that caused missing telemetry type on Log page #689
    • Redirect to login page when JWT expires #739
    • Link related ATT&CK techniques of the same PBA #761
    • Fix rendering in security report generation #762
    • Fix PBA file upload failure #784
    • Evade detection by Windows defender #801, #929
    • Fix hang on update check #857
    • Fix creation of scheduled jobs (PBA) #861
    • Fix wrong initial state in plugin selector control #891
    • Fix failing SMB exploiter #895
    • Catch exceptions thrown by fingerprinters #897
    • Fix logic used to detect AWS, GCP, and Azure cloud instances #902
    • Fix uncaught error in ATT&CK report #948
    • Fix failure to scan configured TCP ports #956
    • Add missing authentication check to local_run endpoint #981
    • Do not automatically execute custom PBA script #1020 #1027
    • Fix pyjwt dependency at version 1.7 #1042
    • Properly handle unicode decode errors #798

    New contributors 🙌

    Welcome and thanks to our new contributors:

    • @MarketingYeti
    • @mssalvatore
    • @OmerRosenbaum
    • @withshubh

    Attached binaries and hashes:

    Filename | Type | Version | SHA256 Hash -- | -- | -- | -- monkey-linux-32 | agent | 1.10.0 | a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5 monkey-linux-64 | agent | 1.10.0 | 932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93 monkey-windows-32 | agent | 1.10.0 | 8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f monkey-windows-64 | agent | 1.10.0 | 3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1 sc_monkey_runner32.so | sambacry | | 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212 sc_monkey_runner64.so | sambacry | | 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18 tracerouter32 | traceroute | | c15a8a7612af31ff973d424c6473eb34e2ca66dddc6aef3067a1e9927e368f23 traceroute64 | sambacry | | 64d5c9c9b7c0aaf6447bd6fd439b87052fe72bba769c4de454bc1f817cffcad4

    Source code(tar.gz)
    Source code(zip)
    monkey-linux-32(25.29 MB)
    monkey-linux-64(25.70 MB)
    monkey-windows-32.exe(26.27 MB)
    monkey-windows-64.exe(30.10 MB)
    sc_monkey_runner32.so(9.34 KB)
    sc_monkey_runner64.so(10.03 KB)
    traceroute32(91.83 KB)
    traceroute64(94.47 KB)
  • v1.9.0(Aug 6, 2020)

    Infection Monkey 1.9.0

    This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.

    New Features 🆕

    Improved MITRE ATT&CK coverage and reporting

    We're continuing to improve our MITRE ATT&CK capabilities, with many new techniques added and a new report with more information.

    New ATT&CK techniques 💥

    We've added 8 new ATT&CK techniques to the Monkey, which brings our total coverage to 32!

    • setuid and setgid" attack technique (T1166) #702
    • "Trap" attack technique (T1154) #697
    • "PowerShell Profile" attack technique (T1504) #686
    • "Scheduled Task" attack technique (T1053) #685
    • "Local Job Scheduling" attack technique (T1168) #683
    • ".bash_profile and .bashrc" attack technique (T1156) #682
    • "Hidden Files and Directories" attack technique (T1158) #672
    • User creation and impersonation attack technique (T1136) #579

    New ATT&CK report 📊

    The new report added a new status to help you discern WHY a technique was or was not attempted, so you can optimise future Monkey executions. Here's how it looks:

    image

    Improved configuration (#637) ⚙

    In our effort to improve the user experience and make Monkey more accessible and useable we've revamped our entire Configuration screen! Easily control the credentials used in simulations, the target list the Monkey will scan, and which exploits the Monkey will attempt to use.

    Replaced mimikatz DLL with pypykatz for better defence evasion (#471, #583) 💂‍♂️

    Most AVs recognize and delete the Mimikatz DLL or even disrupt the entire Monkey installation process on Windows. We've replaced Mimikatz with pypykatz and for now, it'll be much harder for endpoint protection software to stop the Monkey.

    New Documentation site and framework (#602) 📖

    Due to the limited control and ease of use of the GitHub wiki, we've decided to move our documentation to a self-hosted solution based on Hugo.

    See it in action here.

    image

    Monkey Island is secure by default (#596) 🔐

    The first time you launch Monkey Island (Infection Monkey CC server), you'll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.

    If you want Island to be accessible without credentials press I want anyone to access the island. Please note that this option is insecure: you should only pick this for use in development environments.

    image

    Read related documentation here.

    Improvements ⤴

    Secured dependencies using snyk.io

    We have a new integration with snyk.io, a service which checks our dependencies for vulnerabilities! So we've locked all our dependencies (#627) and updated lots of them as well:

    • #719
    • #721
    • #722
    • #723
    • #724
    • #728
    • #729
    • #730

    Improvements to our CI process

    • Python import linting #727
    • Added Snyk.io to our PRs to test if new vulns are added through dependencies

    Other improvements

    • Edge refactoring to DAL #671
    • Revamps UI to bootstrap v4 #688
    • Updated MongoDB version #692
    • Various Typos fixed #726

    Bug fixes 🐛

    Everything that was fixed in 1.8.2 and:

    • Reset env UI bug #666
    • Handle missing binaries #485
    • Fixes SMB exploiter not passing vulnerable port (thus causing redundant exploitation) #664
    • Removed PTH map #691

    New contributors 🙌

    Welcome and thanks to our new contributors:

    • @ophirharpazg
    • @shreyamalviya

    Attached binaries and hashes:

    Filename | Type | Version | Hash -- | -- | -- | -- monkey-linux-32 | agent | 1.9.0 | 4c24318026239530ed2437bfef1a01147bb1f3479696eb4eee6009326ce6b380 monkey-linux-64 | agent | 1.9.0 | aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956 monkey-windows-32 | agent | 1.9.0 | 67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8 monkey-windows-64 | agent | 1.9.0 | 24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068

    Source code(tar.gz)
    Source code(zip)
    monkey-linux-32(10.67 MB)
    monkey-linux-64(12.37 MB)
    monkey-windows-32.exe(12.51 MB)
    monkey-windows-64.exe(16.05 MB)
  • v1.8.2(Jun 7, 2020)

    Infection Monkey 1.8.2

    This is a small maintenance release. It includes some bug fixes, some performance improvements, and some new features. To start downloading it while you read the release notes, go to the Infection Monkey website.

    New Features 🆕

    Summary section in Security Report (#635)

    Now you can easily see the number of open ports/services and number of servers scanned in the Security Report after a monkey run. Here's how it looks:

    image

    Improvements ⤴

    Performance improvements 🚤

    • Stop exploiting machines that have already been exploited in the exact same manner #650
    • UI size improvements and performance improvements #634 #654
    • Performance testing infrastructure #632
    • Zero Trust report performance improvements #645

    Misc.

    • PEP issues #636
    • Remove WMI from non-windows deployments #644

    Bug fixes 🐛

    • Fixed monkey ignoring depth restrictions #642
    • Fixed UI build issues #643
    • Smallfixes on persistance/create user attack technique #647

    Attached binaries and hashes:

    • [x] @ShayNehmad

    Filename | Type | Version | Hash -- | -- | -- | -- monkey-linux-32 | agent | 1.8.2 | 39D3FE1C7B33482A8CB9288D323DDE17B539825AB2D736BE66A9582764185478 monkey-linux-64 | agent | 1.8.2 | 4DCE4A115D41B43ADFFC11672FAE2164265F8902267F1355D02BEBB802BD45C5 monkey-windows-32 | agent | 1.8.2 | 86A7D7065E73B795E38F2033BE0C53F3AC808CC67478AED794A7A6C89123979F monkey-windows-64 | agent | 1.8.2 | 2E6A1CB5523D87DDFD48F75B10114617343FBAC8125FA950BA7F00289B38B550

    Source code(tar.gz)
    Source code(zip)
    monkey-linux-32(10.38 MB)
    monkey-linux-64(12.09 MB)
    monkey-windows-32.exe(12.62 MB)
    monkey-windows-64.exe(16.20 MB)
  • v1.8.0(Apr 28, 2020)

    Infection Monkey 1.8.0

    This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.

    New Features 🆕

    MITRE ATT&CK report (#491, #496, #575, #577)

    In the previous version, Infection Monkey started mapping its abilities to the MITRE ATT&CK matrix. We now present these results, alongside the relevant data and mitigations, in a new report that will enable you to understand and mitigate security issues in your network in the vernacular of MITRE.

    Here's how it looks:

    image

    For more details, read our blog post or watch the overview video.

    Test Your ATT&CK Before the Attack With Guardicore Infection Monkey

    OS Compatibility (#507, #527, #528, #479, #506)

    Since we decided to migrate the Monkey to Python 3.7 🐍, we wanted to make sure that it will still be able to give accurate results on a myriad of operating systems, even old ones that don't support Python 3 at all.

    Check out the list of supported operating systems!

    This included changes to the Monkey itself and also to us forking our own version of PyInstaller with a custom bootloader.

    New Zero Trust People test (#515, #517, #518)

    We added another Zero Trust test to the Monkey's arsenal: the Monkey tries to create a new user that communicates with the internet. If it succeeds, this means that the network’s policies were too permissive.

    See it in action in this blog post called "How to Assess Your Zero Trust Status: Monkey See, Centra Do".

    Improvements ⤴

    Python 3 migration (#393, #394, #469, #475, #393, #532, #486, #494)

    The Monkey is now Python 3.7! 🐍 🎉 Until the next print VS print() debate creates Python 4, the Monkey is not deprecated.

    Improvements to our CI process

    • JS linting #482
    • Automatic Unit Test coverage reports #567 #573 #576

    Performance testing infrastructure #548 #547

    We hope to continue improving our performance as time goes on - this infrastructure will enable automatic testing of performance using Blackbox testing.

    Better versioning (#545, #543, #559)

    The Monkey version string now has the specific build ID that created it as well. Both the Monkey and the Island log that version string right when booting.

    Refactor exploiters, fingerprinters system information collectors (#478, #499, #521, #522, #535)

    Now these subsystems are modular and easy to expand using plugins, like PBAs before them (#397).

    Telemetry box UI improvements (#538, #565)

    The telemetry box in the Map now shows line count and auto-scrolls to the bottom 📜

    Small UX QoL improvements

    • Config page label explaining that existing monkeys don't get new configuration #525
    • "Start over" page now waits for a response from the server #512

    Merge Infection Monkey requirements files (#500)

    Simplifies our development setup by using only a single requirements file for both Infection Monkey platforms. Thanks pip 🙏

    JS File Saver (#473)

    Small UI code improvement, less dependencies 👍

    New map icons

    image

    Bug fixes 🐛

    • Blank Screen after inactivity fixed #472
    • Added 404 page #501
    • Prevention of circular imports #477
    • Auto update copyright year #481, #468
    • Various fixes to .deb deployment #533, #544, #503, #524
    • Disable none from the list of networks to scan #550
    • Notification wrong route #541
    • Improved deploy scripts #549, #562, #564, #546
    • Encrypt SSH keys in logs #523, #458
    • MSSQL compatibility #492, #493
    • ring bugfixes #484
    • Telemetries that don't require briefs no longer throws errors in island #466

    New contributors 🙌

    Welcome and thanks to our new contributors:

    • @shivank1234
    • @PrajwalM2212
    • @shreyamalviya
    • @youknowone

    Attached binaries and hashes:

    Filename | Type | Version | Hash -- | -- | -- | -- monkey-windows-64.exe | Windows Agent | 1.8.0 | f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7 monkey-linux-64 | Linux Agent | 1.8.0 | d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6 monkey-windows-32.exe | Windows Agent | 1.8.0 | 1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08 monkey-linux-32 | Linux Agent | 1.8.0 | 217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2

    Source code(tar.gz)
    Source code(zip)
    monkey-linux-32(10.37 MB)
    monkey-linux-64(12.06 MB)
    monkey-windows-32.exe(12.62 MB)
    monkey-windows-64.exe(16.20 MB)
    sc_monkey_runner32.so(9.34 KB)
    sc_monkey_runner64.so(10.03 KB)
    traceroute32(91.83 KB)
    traceroute64(94.47 KB)
  • v1.7.0(Oct 17, 2019)

    Infection Monkey 1.7.0

    This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website..

    New Features 🆕

    Zero Trust (#400)

    The Monkey now tests your network against the Forrester Zero Trust eXtended framework and provides a report with actionable data and recommendations.

    Read more about it in the Infection Monkey for Zero Trust product page or watch a demo video.

    MITRE ATT&CK

    Adds the ability to configure monkey using the MITRE ATT&CK matrix and allows to view which ATT&CK techniques were used and how in the report.

    Improvements ⤴

    Scanning Performance boost (#436)

    The monkey now scans its target subnets in parallel, which improves runtime by 4.

    Island performance boosts (#441 + #358)

    The island now generates reports faster for larger amounts of network nodes by 2 orders of magnitude, which helps when dealing with larger-scale networks. Also, the report is cached if no Monkey has communicated since the last report has been generated.

    Hashing all sensitive data in all logs (#438 + #444)

    All potentially sensitive data is now logged hashed so no sensitive data is plain-text.

    Notification when infection is done (#326)

    The Island website will now send you a notification when the infection is done, so you don't need to busy wait on it.

    Bug fixes 🐛

    Various other bug fixes, such as:

    • Vulnerability stability and success rate improvements.
    • Monkey has TTL before it automatically marked as dead so report finishes in case of lost communication after network changes, shutdowns or crashes. (#313)
    • Automatic black-box testing suite. (#420)
    • Monkey will work on Windows machines that aren't installed on C:\. (#349)
    • Not showing Linux machines in PTH credentials map. (#338)

    Attached binaries and hashes:

    | File | Hash (SHA256) | |----------------------- |------------------------------------------------------------------ | | monkey-linux-32 | EF7A72FFDDF3A54C74F458201A45B51B779A68C460A309B0D5FD247264D7137D | | monkey-linux-64 | 333529B3061473BF5EE713FA7E3DF4B05DD01823840BB92E1E715488A749B9EA | | monkey-windows-32.exe | 603D982D4A3D8459573D016E36BCFC0AD776CE2CB7DFF965954C688AB17E1727 | | monkey-windows-64.exe | E400F0D56570215C458D6EDED63E72AC6E82819EFF2FC5969A73883261B5976E |

    Source code(tar.gz)
    Source code(zip)
    monkey-linux-32(11.73 MB)
    monkey-linux-64(12.01 MB)
    monkey-windows-32.exe(14.95 MB)
    monkey-windows-64.exe(20.14 MB)
    sc_monkey_runner32.so(9.34 KB)
    sc_monkey_runner64.so(10.03 KB)
    traceroute32(91.83 KB)
    traceroute64(94.47 KB)
  • v1.6.3(May 21, 2019)

    This is a small bugfix release, mostly around integration and packaging.

    Two user facing changes.

    First, we now do not request AWS access keys for different features like AWS security hub integration and remote commands on EC2 instances. We now require an IAM role to be applied to the EC2 instance where the monkey is running. For more details, check here and here

    Second, the Monkey Island now checks for updates against a centralized server. At startup, a single message containing the current version is sent to a dedicated machine, and returns whether there is a new version available and a download link in case there is one.

    Feature - Version checking #309 Feature - AWS integration through IAM roles #281 Bugfix - Deb does not rely on package manager mongo #301 Bugfix - ElasticGroovy exploitation now gracefully timeouts in case of errors #289 Bugfix - Struts2 attack script does not check for certificate errors #318 Bugfix - Domain related recommendations do not show up if no such recommendations exist. #278 and #304 fixes #213 Bugfix - Update Bootstrap to 3.4.1 #311

    Also, the Island may now also run as a single PyInstaller packed executable, solving some deployment issues on Windows.

    Source code(tar.gz)
    Source code(zip)
    mk32.zip(406.83 KB)
    mk64.zip(457.29 KB)
    monkey-linux-32(11.61 MB)
    monkey-linux-64(12.02 MB)
    monkey-windows-32.exe(15.75 MB)
    monkey-windows-64.exe(21.00 MB)
    sc_monkey_runner32.so(9.34 KB)
    sc_monkey_runner64.so(10.03 KB)
    traceroute32(91.83 KB)
    traceroute64(94.47 KB)
  • v1.6.2(May 12, 2019)

    This is a release with plenty of cool features.

    Take the Infection Monkey for a spin inside your network and let us know how it was!

    New Features

    • The UI can now optionally be password protected. For more information check our wiki and #260
    • The Monkey can now run actions after breaching the machine. For now, we've only implemented the option to create a disabled backdoor user. #242
    • Export to AWS security hub. The monkey now knows to export security findings to the AWS security hub. #221
    • We can now remotely run commands on AWS EC2 instances, giving you more methods to start a simulating breach. #259
    • Attack according to host names rather than IPs #189
    • We can now carry our own version of traceroute for linux machines #229
    • Add option to sleep between scans #240
    • The monkey now also pings machines to check if they're alive, possibly bypassing some segmentation rules #243
    • We have an experimental new attack. An MS-SQL exploiter that brute forces authentication and uses xp_cmdshell to attack. #147 

    We also improved our deployment, making it easier for developers to set up their own instance of the Monkey (#225 and #227 )

    Fixes

    • Moved to wget instead of curl #238
    • Make Mongo URL easy to redirect (using env variable) #197
    • UI improvements #211
    • Improvements to exploiters #212, #224, #249, #269,#207,#224
    • Handle timeout when communicating with Island #202 And many more small bug fixes :)
    Source code(tar.gz)
    Source code(zip)
    infection_monkey_deb.1.6.2.tgz(82.37 MB)
    monkey-linux-32(11.72 MB)
    monkey-linux-64(12.01 MB)
    monkey-windows-32.exe(15.74 MB)
    monkey-windows-64.exe(20.99 MB)
    sc_monkey_runner32.so(9.34 KB)
    sc_monkey_runner64.so(10.03 KB)
    traceroute32(91.83 KB)
    traceroute64(94.47 KB)
  • 1.6(Nov 12, 2018)

    A whole bunch of new features. Take the Infection Monkey for a spin inside your network and let us know how it was!

    New Features:

    Detect cross segment traffic! The Monkey can now easily test whether two network segments are properly separated. PR #120. The Monkey can analyse your domain for possible Pass the Hash attacks. By cross referencing information collected by Mimikatz, the Monkey can now detect usage of identical passwords, cached logins with access to critical servers and more. #170 SSH key stealing. The monkey will now steal accessible SSH keys and use them when connecting to SSH servers, PR #138. Implement a cross platform attack for Struts2 Multi-part file upload vulnerability, PR #179. Implement a cross platform attack for Oracle Web Logic CVE-2017-10271, PR #180. ElasticGroovy attack now supports Windows victims, PR #181. Hadoop cluster RCE - Abuse unauthenticated access to YARN resource manager, PR #182.

    Code improvements

    -- We've refactored the codebase, so now it's easier to share code between the Monkey and the Monkey Island components. PR #145. -- Mimikatz is now bundled into a password protected ZIP file and extracted only if required. Makes deployment easier with AV software. PR #169. -- Monkey Island now properly logs itself to a file and console. So if you got bugs, it'll now be easier to figure them out. PR #139. -- Systemd permissions are now properly locked down -- Fixed a situation where a successful shellshock attack could freeze the attacking Monkey. #200

    We also now have a basic dockerfile available if you want to wrap up the Monkey into a container straight from Github

    Source code(tar.gz)
    Source code(zip)
    infection_monkey_deb.1.6.tgz(73.62 MB)
    monkey-linux-32(9.02 MB)
    monkey-linux-64(9.50 MB)
    monkey-windows-32.exe(13.68 MB)
    monkey-windows-64.exe(19.70 MB)
    sc_monkey_runner32.so(9.34 KB)
    sc_monkey_runner64.so(10.03 KB)
    traceroute32(91.83 KB)
    traceroute64(94.47 KB)
  • 1.5.2(Apr 17, 2018)

    This is another incremental release, with the following changelist

    New feature - Azure password harvesting. Detect Azure credentials at risk and the test the impact of harvesting these passwords. See #110 New feature - Improved UI for listing IPs to attack, now supports listing subnets in CIDR format or 192.168.1.30-192.168.1.40 . See #94 Bugfixes -- Fixed spurious victim discovery. Issue #108 -- 32bit Monkey installed on a 64bit windows machine will now upgrade itself itself to a 64-bit monkey version. See #104 -- Fixed encoding issues when handling unicode password credentials. See #112 -- Fixed incorrect deployment documentation -- Fixed edge cases in ElasticGroovy attack module

    Source code(tar.gz)
    Source code(zip)
    infection_monkey_1.5.2_deb.tgz(56.29 MB)
    monkey-linux-32(8.97 MB)
    monkey-linux-64(9.46 MB)
    monkey-windows-32.exe(8.57 MB)
    monkey-windows-64.exe(12.13 MB)
  • v1.5.1(Apr 12, 2018)

    This is a small release, one new feature and a few bugfixes.

    • New feature - Azure password harvesting. If running on an Azure VM, the Monkey will attempt to harvest password credentials used the VM Access plugin.
    • Bugfixes -- Fixed spurious victim discovery -- Fix a missing python dependency in the Infection Monkey itself -- Fixed edge case in the ElasticSearch attack -- Fixed bugs in handling configuration variables in the Monkey

    Thanks to everyone who reported bugs.

    Source code(tar.gz)
    Source code(zip)
  • v1.5(Mar 13, 2018)

    This version of the Infection Monkey contains

    • New UI with a better map display and easier configuration
    • A reporting feature with analysis of the Monkey run
    • New exploits such as Sambacry and ElasticSearch pre-auth vulnerability
    • Pass the Hash attacks when attacking Windows machines
    • Bundled Mimikatz

    You can read more in our release post https://groups.google.com/forum/#!topic/infection-monkey/xnzvtxCknt4

    Source code(tar.gz)
    Source code(zip)
    infection_monkey_1.5_deb.tgz(52.53 MB)
    monkey-linux-32(8.97 MB)
    monkey-linux-64(9.45 MB)
    monkey-windows-32.exe(8.56 MB)
    monkey-windows-64.exe(12.13 MB)
This script allows you to make a onion host instantly.

Installation It only works in Debian based Linux distros. Clone the repo: git clone https://github.com/0xStevenson/Auto-Tor-Host.git Go to the direct

Steven 4 Feb 22, 2022
ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

ADExplorerSnapshot.py ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound. AD Explorer allows you to connect to a DC and browse L

576 Dec 23, 2022
BF-Hash - A Python Tool to decrypt hashes by brute force

BF-Hash Herramienta para descifrar hashes por fuerza bruta Instalación git clone

5 Apr 09, 2022
PrivateRoom - Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin

privateRoom Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin STEPS: Uploa

Divyanshu Kumar 3 Nov 08, 2022
A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java loggin

koz 1.5k Jan 04, 2023
This repository will contain python scripts for hackers and pentesters

This repository will contain python scripts for hackers and pentesters. stop being limited with availble tools. Build your own.

0xTRAW 24 Nov 29, 2022
Log4j2 CVE-2021-44228 revshell

Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

FaisalFs 16 Mar 24, 2022
Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints.

jolokia-exploitation-toolkit Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints. Core concept Jolokia is a protocol br

Laluka 194 Jan 01, 2023
Fuck - Multi Brute Force 🚶‍♂

f-mbf Fuck - Multi Brute Force 🚶‍♂ Install Script $ pkg update && pkg upgrade $ pkg install python2 $ pkg install git $ pip2 install requests $ pip2

Yumasaa 1 Dec 03, 2021
Python script to tamper with pages to test for Log4J Shell vulnerability.

log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j 2.15.0. This application is a static

GoVanguard 8 Oct 20, 2022
Tools for converting Nintendo DS binaries to an ELF file for Ghidra/IDA

nds2elf Requirements nds2elf.py uses LIEF and template.elf to form a new binary. LIEF is available via pip: pip3 install lief Usage DSi and DSi-enhan

Max Thomas 17 Aug 14, 2022
Nmap automated port scanner written in Python

port-scanner Nmap automated port scanner written in Python. USE: Clone the module Import the module: from portscanModule import portscanner Use: ports

Brayden Karnes 1 Dec 03, 2021
Dumping revelant information on compromised targets without AV detection

DonPAPI Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI (link ) We a

Login Securite 580 Jan 09, 2023
EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。

EyeJo EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。 免责声明 本平台集成了大量的互联网公开工具,主要是方便安全人员整理、排查资产、安全测试等,切勿用于非法用途。使用者存在危害网络安全等任何非法行为,后果自负,作

429 Dec 31, 2022
Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a

1 Nov 12, 2021
A OSINT tool coded in python

Argus Welcome to Argus, a OSINT tool coded in python. Disclaimer I Am not responsible what you do with the information that is given to you by my tool

Aidan 2 Mar 20, 2022
Natural Language Processing - Sommer Semester 2022

Natural Language Processing (DIS25a/NLP) This course can be taken for the Bachelor Programm Data and Information Science (DIS25a) or the Master Progra

Classrooms of IR Group at Technische Hochschule Köln 19 Sep 07, 2022
Phishing-Crack tools to punish friends

Phishing-Crack Phishing Tool Version 1.0.0 Created By temirovazat A Phishing Tool With PHP and Python3 Features Fake Instagram Phishing Page Fake Face

3 Oct 04, 2022
Log4Shell Proof of Concept (CVE-2021-44228)

CVE-2021-44228 Log4Shell Proof of Concept (CVE-2021-44228) Make sure to use Java 8 JDK. Java 8 Download Images Credits Casey Dunham - Java Reverse She

Kr0ff 3 Jul 23, 2022
KeyKatcher is a keylogger that records keystrokes made on a computer and sends to the E-Mail.

What is a keylogger? A keylogger is a software application or piece of hardware that monitors and records keystrokes made on a computer keyboard. The

Himank_Jain 7 Sep 19, 2022