Infection Monkey – Data Center Security Testing Framework

The Infection Monkey is an open source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

Infection Monkey - Data center Security Testing Tool
Infection Monkey – Data center Security Testing Tool

The framework is comprised of two parts:

  • Monkey – A tool which infects other machines and propagates to them
  • Monkey Island – A dedicated server to control and visualize the progress inside the data center

The framework uses the following techniques and exploits to propagate to other machines.

  • Multiple propagation techniques:
    • Predefined passwords
    • Common logical exploits
    • Password stealing using Mimikatz
  • Multiple exploit methods:
    • SSH
    • SMB
    • RDP
    • WMI
    • Shellshock
    • Conficker
    • SambaCry
    • Elastic Search (CVE-2015-1427)

Currently there are two scanners, PingScanner and TcpScanner both inheriting from HostScanner.TcpScanner is the default scanner and it checks for open ports based on the tcp_target_ports configuration setting.PingScanner sends a ping message using the host OS utility ping.

Implemented Fingerprint modules are:

  1. SMBFinger – Fingerprints target machines over SMB. Extracts computer name and OS version.
  2. SSHFinger – Fingerprints target machines over SSH (port 22). Extracts the computer version and SSH banner.
  3. PingScanner – Fingerprints using the machines TTL, to differentiate between Linux and Windows hosts.
  4. HTTPFinger – Fingerprints over HTTP/HTTPS, using the ports listed in HTTP_PORTS in the configuration. Returns the server type and if it supports SSL.
  5. MySQLFinger – Fingerprints over MySQL (port 3306). Extracts MySQL banner info – Version, Major/Minor/Build and capabilities.
  6. ElasticFinger – Fingerprints over ElasticSearch (port 9200). Extracts the cluster name, node name and node version.

You can read more and download this framework over here:

Notify of
Inline Feedbacks
View all comments