Skip to content
Oct 15, 2019
Version 1.7.0 of the infection monkey - Zero Trust, MITRE, and more.
Visit GitHub for the full release notes.

Infection Monkey 1.7.0

This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website..

New Features 🆕

Zero Trust (#400)

The Monkey now tests your network against the Forrester Zero Trust eXtended framework and provides a report with actionable data and recommendations.

Read more about it in the Infection Monkey for Zero Trust product page or watch a demo video.


Adds the ability to configure monkey using the MITRE ATT&CK matrix and allows to view which ATT&CK techniques were used and how in the report.

Improvements ⤴

Scanning Performance boost (#436)

The monkey now scans its target subnets in parallel, which improves runtime by 4.

Island performance boosts (#441 + #358)

The island now generates reports faster for larger amounts of network nodes by 2 orders of magnitude, which helps when dealing with larger-scale networks. Also, the report is cached if no Monkey has communicated since the last report has been generated.

Hashing all sensitive data in all logs (#438 + #444)

All potentially sensitive data is now logged hashed so no sensitive data is plain-text.

Notification when infection is done (#326)

The Island website will now send you a notification when the infection is done, so you don't need to busy wait on it.

Bug fixes 🐛

Various other bug fixes, such as:

  • Vulnerability stability and success rate improvements.
  • Monkey has TTL before it automatically marked as dead so report finishes in case of lost communication after network changes, shutdowns or crashes. (#313)
  • Automatic black-box testing suite. (#420)
  • Monkey will work on Windows machines that aren't installed on C:\. (#349)
  • Not showing Linux machines in PTH credentials map. (#338)

Attached binaries and hashes:

File Hash (SHA256)
monkey-linux-32 EF7A72FFDDF3A54C74F458201A45B51B779A68C460A309B0D5FD247264D7137D
monkey-linux-64 333529B3061473BF5EE713FA7E3DF4B05DD01823840BB92E1E715488A749B9EA
monkey-windows-32.exe 603D982D4A3D8459573D016E36BCFC0AD776CE2CB7DFF965954C688AB17E1727
monkey-windows-64.exe E400F0D56570215C458D6EDED63E72AC6E82819EFF2FC5969A73883261B5976E
Assets 6
Sep 15, 2019
Latest version for the forrester R&S summit 2019
Sep 8, 2019
Zero Trust demo version for Forrester conference

@itaymmguardicore itaymmguardicore released this May 21, 2019 · 814 commits to master since this release

This is a small bugfix release, mostly around integration and packaging.

Two user facing changes.

First, we now do not request AWS access keys for different features like AWS security hub integration and remote commands on EC2 instances. We now require an IAM role to be applied to the EC2 instance where the monkey is running. For more details, check here and here

Second, the Monkey Island now checks for updates against a centralized server. At startup, a single message containing the current version is sent to a dedicated machine, and returns whether there is a new version available and a download link in case there is one.

Feature - Version checking #309
Feature - AWS integration through IAM roles #281
Bugfix - Deb does not rely on package manager mongo #301
Bugfix - ElasticGroovy exploitation now gracefully timeouts in case of errors #289
Bugfix - Struts2 attack script does not check for certificate errors #318
Bugfix - Domain related recommendations do not show up if no such recommendations exist. #278 and #304 fixes #213
Bugfix - Update Bootstrap to 3.4.1 #311

Also, the Island may now also run as a single PyInstaller packed executable, solving some deployment issues on Windows.

Assets 12

@itaymmguardicore itaymmguardicore released this May 12, 2019 · 1257 commits to develop since this release

This is a release with plenty of cool features.

Take the Infection Monkey for a spin inside your network and let us know how it was!

New Features

  • The UI can now optionally be password protected. For more information check our wiki and #260
  • The Monkey can now run actions after breaching the machine. For now, we've only implemented the option to create a disabled backdoor user. #242
  • Export to AWS security hub. The monkey now knows to export security findings to the AWS security hub. #221
  • We can now remotely run commands on AWS EC2 instances, giving you more methods to start a simulating breach. #259
  • Attack according to host names rather than IPs #189
  • We can now carry our own version of traceroute for linux machines #229
  • Add option to sleep between scans #240
  • The monkey now also pings machines to check if they're alive, possibly bypassing some segmentation rules #243
  • We have an experimental new attack. An MS-SQL exploiter that brute forces authentication and uses xp_cmdshell to attack. #147 

We also improved our deployment, making it easier for developers to set up their own instance of the Monkey (#225 and #227 )


  • Moved to wget instead of curl #238
  • Make Mongo URL easy to redirect (using env variable) #197
  • UI improvements #211
  • Improvements to exploiters #212, #224#249, #269,#207,#224
  • Handle timeout when communicating with Island #202
    And many more small bug fixes :)
Assets 11
Apr 14, 2019
Dec 2, 2018
Freezing this feature branch, 1.6.1 AWS version only

@danielguardicore danielguardicore released this Nov 12, 2018 · 1254 commits to master since this release

A whole bunch of new features.
Take the Infection Monkey for a spin inside your network and let us know how it was!

New Features:

Detect cross segment traffic! The Monkey can now easily test whether two network segments are properly separated. PR #120.
The Monkey can analyse your domain for possible Pass the Hash attacks. By cross referencing information collected by Mimikatz, the Monkey can now detect usage of identical passwords, cached logins with access to critical servers and more. #170
SSH key stealing. The monkey will now steal accessible SSH keys and use them when connecting to SSH servers, PR #138.
Implement a cross platform attack for Struts2 Multi-part file upload vulnerability, PR #179.
Implement a cross platform attack for Oracle Web Logic CVE-2017-10271, PR #180.
ElasticGroovy attack now supports Windows victims, PR #181.
Hadoop cluster RCE - Abuse unauthenticated access to YARN resource manager, PR #182.

Code improvements

-- We've refactored the codebase, so now it's easier to share code between the Monkey and the Monkey Island components. PR #145.
-- Mimikatz is now bundled into a password protected ZIP file and extracted only if required. Makes deployment easier with AV software. PR #169.
-- Monkey Island now properly logs itself to a file and console. So if you got bugs, it'll now be easier to figure them out. PR #139.
-- Systemd permissions are now properly locked down
-- Fixed a situation where a successful shellshock attack could freeze the attacking Monkey. #200

We also now have a basic dockerfile available if you want to wrap up the Monkey into a container straight from Github

Assets 11

@danielguardicore danielguardicore released this Apr 17, 2018 · 1638 commits to master since this release

This is another incremental release, with the following changelist

New feature - Azure password harvesting. Detect Azure credentials at risk and the test the impact of harvesting these passwords. See #110
New feature - Improved UI for listing IPs to attack, now supports listing subnets in CIDR format or . See #94
-- Fixed spurious victim discovery. Issue #108
-- 32bit Monkey installed on a 64bit windows machine will now upgrade itself itself to a 64-bit monkey version. See #104
-- Fixed encoding issues when handling unicode password credentials. See #112
-- Fixed incorrect deployment documentation
-- Fixed edge cases in ElasticGroovy attack module

Assets 7
You can’t perform that action at this time.