guardicore/monkey

★ 6,997PythonAudience · ops devopsComplexity · 4/5Setup · hard

Mindmap

mindmap
  root((Infection Monkey))
    What it does
      Simulates attacker spread
      Tests lateral movement
      Produces security report
    Attack techniques
      SSH and SMB exploits
      Log4Shell Zerologon
      Credential stealing
    Components
      Monkey agent
      Monkey Island server
      Live network map
    Audience
      Security teams
      Sysadmins
      Pentesters

mindmap root((Infection Monkey)) What it does Simulates attacker spread Tests lateral movement Produces security report Attack techniques SSH and SMB exploits Log4Shell Zerologon Credential stealing Components Monkey agent Monkey Island server Live network map Audience Security teams Sysadmins Pentesters

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Run a controlled breach simulation to find out if an attacker could move freely through your data center after an initial compromise

USE CASE 2

Test whether your network would stop an attacker exploiting known vulnerabilities like Log4Shell or Zerologon

USE CASE 3

Generate a security report showing exactly which machines are reachable and what credential or exploit techniques worked

Tech stack

Python

Getting it running

Difficulty · hard Time to first run · 1day+

Requires deploying a central Monkey Island server plus agent machines across your network, consult the documentation hub for supported OS and full setup steps.

In plain English

Infection Monkey is an open-source security testing tool made by Guardicore (now part of Akamai). It is designed to help organizations find out how well their internal networks hold up if an attacker somehow gets inside the perimeter. Think of it as a controlled fire drill for your data center, where the tool plays the role of an intruder and tries to spread from machine to machine the way a real attacker would. The tool has two main parts working together. The Monkey itself is the agent that runs on a machine and tries to move to other machines nearby. It does this by trying common passwords, exploiting known software weaknesses, and using credential-stealing techniques. The second part, called Monkey Island, is a central server that coordinates the agents and displays a live map showing which machines were reached and how. When the test is done, Monkey Island produces a security report explaining what succeeded and what stopped the spread. The propagation techniques include attacks over SSH, SMB, and WMI, along with exploits for well-known vulnerabilities like Log4Shell and Zerologon. All of these are documented in detail on the project's official documentation site, so teams can understand exactly what was tested and what the results mean for their specific environment. Setup instructions and supported operating systems are covered in the documentation hub linked from the README. The source code is written in Python, and the project provides deployment scripts for anyone who wants to build and run a development version themselves. Unit tests and blackbox tests are both included for contributors. This tool is aimed at security teams, system administrators, and penetration testers who need a repeatable, automated way to check whether a real attacker could move freely through their infrastructure after an initial breach.

Copy-paste prompts

Prompt 1

Walk me through deploying Infection Monkey in a test environment, what do I need to set up the Monkey Island server and run my first simulation?

Prompt 2

I want to test lateral movement risk in my network using Infection Monkey, what propagation techniques does it use and how do I read the results report?

Prompt 3

How does Infection Monkey's SSH and SMB attack simulation work, and what should I check on each compromised machine after a test run?

Open on GitHub → Explain another repo

← guardicore on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.