The Infection Monkey is an open source security tool for testing a data center’s resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

The framework is comprised of two parts:

• Monkey – A tool which infects other machines and propagates to them
• Monkey Island – A dedicated server to control and visualize the progress inside the data center

The framework uses the following techniques and exploits to propagate to other machines.

• Multiple propagation techniques:
  • Predefined passwords
  • Common logical exploits
  • Password stealing using Mimikatz
• Multiple exploit methods:
  • SSH
  • SMB
  • RDP
  • WMI
  • Shellshock
  • Conficker
  • SambaCry
  • Elastic Search (CVE-2015-1427)

Currently there are two scanners, PingScanner and TcpScanner both inheriting from HostScanner.TcpScanner is the default scanner and it checks for open ports based on the tcp_target_ports configuration setting.PingScanner sends a ping message using the host OS utility ping.

Implemented Fingerprint modules are:

1. SMBFinger – Fingerprints target machines over SMB. Extracts computer name and OS version.
2. SSHFinger – Fingerprints target machines over SSH (port 22). Extracts the computer version and SSH banner.
3. PingScanner – Fingerprints using the machines TTL, to differentiate between Linux and Windows hosts.
4. HTTPFinger – Fingerprints over HTTP/HTTPS, using the ports listed in HTTP_PORTS in the configuration. Returns the server type and if it supports SSL.
5. MySQLFinger – Fingerprints over MySQL (port 3306). Extracts MySQL banner info – Version, Major/Minor/Build and capabilities.
6. ElasticFinger – Fingerprints over ElasticSearch (port 9200). Extracts the cluster name, node name and node version.

You can read more and download this framework over here: https://github.com/guardicore/monkey