2019-11-05 16:19:39 +08:00
# Infection Monkey
2019-10-28 15:31:00 +08:00
[![GitHub release (latest by date) ](https://img.shields.io/github/v/release/guardicore/monkey )](https://github.com/guardicore/monkey/releases)
2020-03-15 17:20:58 +08:00
[![Build Status ](https://travis-ci.com/guardicore/monkey.svg?branch=develop )](https://travis-ci.com/guardicore/monkey)
2020-03-15 20:48:09 +08:00
[![codecov ](https://codecov.io/gh/guardicore/monkey/branch/develop/graph/badge.svg )](https://codecov.io/gh/guardicore/monkey)
2020-03-15 17:20:58 +08:00
2019-10-28 15:31:00 +08:00
![GitHub stars ](https://img.shields.io/github/stars/guardicore/monkey )
![GitHub commit activity ](https://img.shields.io/github/commit-activity/m/guardicore/monkey )
2015-12-01 01:04:31 +08:00
2019-10-28 00:44:38 +08:00
## Data center Security Testing Tool
2015-12-01 01:04:31 +08:00
2021-06-20 21:15:57 +08:00
Welcome to the Infection Monkey!
2016-07-29 02:24:03 +08:00
2018-02-22 16:50:08 +08:00
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.
2015-12-01 01:04:31 +08:00
2017-10-17 22:14:28 +08:00
The Infection Monkey is comprised of two parts:
2015-12-01 01:04:31 +08:00
2020-03-15 17:20:58 +08:00
* **Monkey** - A tool which infects other machines and propagates to them.
* **Monkey Island** - A dedicated server to control and visualize the Infection Monkey's progress inside the data center.
2021-06-20 21:15:57 +08:00
To read more about the Monkey, visit [infectionmonkey.com ](https://infectionmonkey.com ).
2017-10-17 22:14:28 +08:00
2020-04-14 18:24:39 +08:00
## Screenshots
2020-04-14 22:46:54 +08:00
### Map
2020-04-14 19:53:19 +08:00
< img src = ".github/map-full.png" width = "800" height = "600" >
2020-04-14 18:24:39 +08:00
2020-04-14 22:46:54 +08:00
### Security report
2020-04-14 18:24:39 +08:00
< img src = ".github/security-report.png" width = "800" height = "500" >
2020-04-14 22:46:54 +08:00
### Zero trust report
2020-04-14 18:24:39 +08:00
< img src = ".github/zero-trust-report.png" width = "800" height = "500" >
2020-04-14 22:46:54 +08:00
### ATT&CK report
2020-04-14 20:01:49 +08:00
< img src = ".github/attack-report.png" width = "900" height = "500" >
2020-04-14 18:24:39 +08:00
2019-11-05 16:19:39 +08:00
## Main Features
2020-03-15 17:20:58 +08:00
2017-10-17 22:14:28 +08:00
The Infection Monkey uses the following techniques and exploits to propagate to other machines.
2015-12-01 01:04:31 +08:00
* Multiple propagation techniques:
* Predefined passwords
2017-10-17 22:14:28 +08:00
* Common logical exploits
2018-02-15 21:36:19 +08:00
* Password stealing using Mimikatz
2016-08-29 18:16:57 +08:00
* Multiple exploit methods:
2016-05-29 16:57:13 +08:00
* SSH
2015-12-01 01:04:31 +08:00
* SMB
2016-08-29 18:16:57 +08:00
* WMI
* Shellshock
2017-10-17 22:14:28 +08:00
* Conficker
* Elastic Search (CVE-2015-1427)
2020-04-14 18:24:39 +08:00
* Weblogic server
2020-08-06 00:12:30 +08:00
* and more, see our [Documentation hub ](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/ ) for more information about our RCE exploiters.
2017-10-17 22:14:28 +08:00
2019-11-05 16:19:39 +08:00
## Setup
2020-08-05 22:29:58 +08:00
Check out the [Setup ](https://www.guardicore.com/infectionmonkey/docs/setup/ ) page in the Wiki or a quick getting [started guide ](https://www.guardicore.com/infectionmonkey/docs/usage/getting-started/ ).
2015-12-01 01:04:31 +08:00
2020-08-06 00:12:30 +08:00
The Infection Monkey supports a variety of platforms, documented [in our documentation hub ](https://www.guardicore.com/infectionmonkey/docs/reference/operating_systems_support/ ).
2019-01-23 19:59:00 +08:00
2019-11-05 16:19:39 +08:00
## Building the Monkey from source
2021-06-20 21:15:57 +08:00
To deploy development version of monkey you should refer to readme in the [deployment scripts ](deployment_scripts )
2020-08-05 22:29:58 +08:00
folder or follow documentation in [documentation hub ](https://www.guardicore.com/infectionmonkey/docs/development/setup-development-environment/ ).
2015-12-01 01:04:31 +08:00
2019-10-28 00:44:38 +08:00
### Build status
| Branch | Status |
| ------ | :----: |
| Develop | [![Build Status ](https://travis-ci.com/guardicore/monkey.svg?branch=develop )](https://travis-ci.com/guardicore/monkey) |
2021-06-20 21:15:57 +08:00
| Master | [![Build Status ](https://travis-ci.com/guardicore/monkey.svg?branch=master )](https://travis-ci.com/guardicore/monkey) |
2019-10-28 00:44:38 +08:00
2019-11-05 16:19:39 +08:00
## Tests
2020-03-15 17:20:58 +08:00
2019-11-05 16:19:39 +08:00
### Unit Tests
2020-03-15 17:20:58 +08:00
2021-06-20 21:15:57 +08:00
In order to run all of the Unit Tests, run the command `python -m pytest` in the `monkey` directory.
2019-11-05 16:19:39 +08:00
2021-06-20 21:15:57 +08:00
To get a coverage report, first make sure the `coverage` package is installed using `pip install coverage` . Run the command
`coverage run -m unittest` in the `monkey` directory and then `coverage html` . The coverage report can be found in
`htmlcov.index` .
2020-03-15 17:20:58 +08:00
2019-11-05 16:19:39 +08:00
### Blackbox tests
2020-03-15 17:20:58 +08:00
2021-06-20 21:15:57 +08:00
In order to run the Blackbox tests, refer to `envs/monkey_zoo/blackbox/README.md` .
2019-11-05 16:19:39 +08:00
# License
2020-03-15 17:20:58 +08:00
2018-05-01 20:12:30 +08:00
Copyright (c) Guardicore Ltd
2017-10-17 22:14:28 +08:00
2018-01-21 03:49:36 +08:00
See the [LICENSE ](LICENSE ) file for license rights and limitations (GPLv3).