Skip to content
Compare
Choose a tag to compare

This release adds a new exploiter to the Infection Monkey, which exploits the Log4Shell vulnerability (CVE-2021-44228). To start downloading it while you read the release notes, go to the Infection Monkey website.

Changelog

Added

  • A new exploiter that allows propagation via the Log4Shell vulnerability
    (CVE-2021-44228). #1663

Fixed

  • Exploiters attempting to start servers listening on privileged ports,
    resulting in failed propagation. 8f53a5c

Attached binaries and hashes:

Filename Type Version SHA256 Hash
InfectionMonkey-v1.12.0.AppImage Island 1.13.0 cded4e8394a4d2a809ba9b74b924aea590317515b9b032ba8005a93dfce1c861
monkey-linux-32 agent 1.13.0 24c5779825f26c76a8910794836647096f4bb4b47cfd6ad213cc48116d140fab
monkey-linux-64 agent 1.13.0 f21e709cb7ba8daf90b908af5fe485ba43866c325d3c7ce1eb07e8a2323e07c1
monkey-windows-32 agent 1.13.0 7497907e3cf4ffeb121a7795bfa16709800e6e0f99770f64af7fff684ecba6d6
monkey-windows-64 agent 1.13.0 3edd20de2247047c8a822c84145981936ce2fd0bdf843eb5ca777ca4d2478b35
sc_monkey_runner32.so sambacry 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212
sc_monkey_runner64.so sambacry 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18
Compare
Choose a tag to compare

This release enhances Infection Monkey's ransomware simulation capability by adding the ability to propagate via PowerShell remoting. It also provides numerous bug fixes, as well as UX and security improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.

Changelog

Added

  • A new exploiter that allows propagation via PowerShell Remoting. #1246
  • A warning regarding antivirus when agent binaries are missing. #1450
  • A deployment.json file to store the deployment type. #1205

Changed

  • The name of the "Communicate as new user" post-breach action to "Communicate
    as backdoor user". #1410
  • Resetting login credentials also cleans the contents of the database. #1495
  • ATT&CK report messages (more accurate now). #1483
  • T1086 (PowerShell) now also reports if ps1 scripts were run by PBAs. #1513
  • ATT&CK report messages to include internal config options as reasons
    for unscanned attack techniques. #1518

Removed

  • Internet access check on agent start. #1402
  • The "internal.monkey.internet_services" configuration option that enabled
    internet access checks. #1402
  • Disused traceroute binaries. #1397
  • "Back door user" post-breach action. #1410
  • Stale code in the Windows system info collector that collected installed
    packages and WMI info. #1389
  • Insecure access feature in the Monkey Island. #1418
  • The "deployment" field from the server_config.json. #1205
  • The "Execution through module load" ATT&CK technique,
    since it can no longer be exercise with current code. #1416
  • Browser window pop-up when Monkey Island starts on Windows. #1428

Fixed

  • Misaligned buttons and input fields on exploiter and network configuration
    pages. #1353
  • Credentials shown in plain text on configuration screens. #1183
  • Crash when unexpected character encoding is used by ping command on German
    language systems. #1175
  • Malfunctioning timestomping PBA. #1405
  • Malfunctioning shell startup script PBA. #1419
  • Trap command produced no output. #1406
  • Overlapping Guardicore logo in the landing page. #1441
  • PBA table collapse in security report on data change. #1423
  • Unsigned Windows agent binaries in Linux packages are now signed. #1444
  • Some of the gathered credentials no longer appear in plaintext in the
    database. #1454
  • Encryptor breaking with UTF-8 characters. (Passwords in different languages
    can be submitted in the config successfully now.) #1490
  • Mimikatz collector no longer fails if Azure credential collector is disabled.
    #1512, #1493
  • Unhandled error when "modify shell startup files PBA" is unable to find
    regular users. #1507
  • ATT&CK report bug that showed different techniques' results under a technique
    if the PBA behind them was the same. #1514
  • ATT&CK report bug that said that the technique ".bash_profile and
    .bashrc" was not attempted when it actually was attempted but failed. #1511
  • Bug that periodically cleared the telemetry table's filter. #1392
  • Crashes, stack traces, and other malfunctions when data from older versions
    of Infection Monkey is present in the data directory. #1114
  • Broken update links. #1524

Security

  • Generate a random password when creating a new user for CommunicateAsNewUser
    PBA. #1434
  • Credentials gathered from victim machines are no longer stored plaintext in
    the database. #1454
  • Encrypt the database key with user's credentials. #1463

New contributors 🙌

Welcome and thanks to our new contributors:
@TRGamer-tech

Attached binaries and hashes:

Filename Type Version SHA256 Hash
InfectionMonkey-v1.12.0.AppImage island 1.12.0 1325f2aa1d0c27aec2e2f9864ed53c53c524bd208313f87ea6606f59c90ff310
monkey-linux-32 agent 1.12.0 d941943046db48cf0eb7f11e144a79749848ae6b50014833c5390936e829f6c3
monkey-linux-64 agent 1.12.0 1ad52eabd704a9b0fbf642fa552629f30d3c5c27e431a687bd4cba4e0104d3f7
monkey-windows-32 agent 1.12.0 3c10f610f47c4fd227cf85f6bf800d66ed31fe37dc2e2ed408860483685ba504
monkey-windows-64 agent 1.12.0 02e5e051a96e2ca61ae8e661b3a5828ee53a0fc00aca6502d5c73a46754f0d07
sc_monkey_runner32.so sambacry 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212
sc_monkey_runner64.so sambacry 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18
Compare
Choose a tag to compare

This release introduces Infection Monkey's ransomware simulation capability. It also adds a number of security enhancements and configuration options. To start downloading it while you read the release notes, go to the Infection Monkey website.

Changelog

Added

  • A runtime-configurable option to specify a data directory where runtime configuration and other artifacts can be stored. #994
  • Scripts to build an AppImage for Monkey Island. #1069, #1090, #1136, #1381
  • log_level option to server config. #1151
  • A ransomware simulation payload. #1238
  • The capability for a user to specify their own SSL certificate. #1208
  • API endpoint for ransomware report. #1297
  • A ransomware report. #1240
  • A script to build a docker image locally. #1140

Changed

  • Select server_config.json at runtime. #963
  • Select Logger configuration at runtime. #971
  • Select mongo_key.bin file location at runtime. #994
  • Store Monkey agents in the configurable data_dir when monkey is "run from the island". #997
  • Reformat all code using black. #1070
  • Sort all imports using isort. #1081
  • Address all flake8 issues. #1071
  • Use pipenv for python dependency management. #1091
  • Move unit tests to a dedicated tests/ directory to improve pytest collection time. #1102
  • Skip BB performance tests by default. Run them if --run-performance-tests flag is specified.
  • Write Zerologon exploiter's runtime artifacts to a secure temporary directory instead of $HOME. #1143
  • Put environment config options in server_config.json into a separate section named "environment". #1161
  • Automatically register if BlackBox tests are run on a fresh installation. #1180
  • Limit the ports used for scanning in blackbox tests. #1368
  • Limit the propagation depth of most blackbox tests. #1400
  • Wait less time for monkeys to die when running BlackBox tests. #1400
  • Improve the structure of unit tests by scoping fixtures only to relevant modules instead of having a one huge fixture file. #1178
  • Improve and rename the directory structure of unit tests and unit test infrastructure. #1178
  • Launch MongoDB when the Island starts via python. #1148
  • Create/check data directory on Island initialization. #1170
  • Format some log messages to make them more readable. #1283
  • Improve runtime of some unit tests. #1125
  • Run curl OR wget (not both) when attempting to communicate as a new user on Linux. #1407

Removed

  • Relevant dead code as reported by Vulture. #1149
  • Island logger config and --logger-config CLI option. #1151

Fixed

  • Attempt to delete a directory when monkey config reset was called. #1054
  • An errant space in the windows commands to run monkey manually. #1153
  • Gevent tracebacks in console output. #859
  • Crash and failure to run PBAs if max depth reached. #1374

Security

  • Address minor issues discovered by Dlint. #1075
  • Hash passwords on server-side instead of client side. #1139
  • Generate random passwords when creating a new user (create user PBA, ms08_67 exploit). #1174
  • Implemented configuration encryption/decryption. #1189, #1204
  • Create local custom PBA directory with secure permissions. #1270
  • Create encryption key file for MongoDB with secure permissions. #1232

New contributors 🙌

Welcome and thanks to our new contributors:
@ilija-lazoroski
@kur1mi
@Vertrauensstellung

Attached binaries and hashes:

Filename Type Version SHA256 Hash
Infection_Monkey-1.11.0-x86_64.AppImage island 1.11.0 6312b6bff18c11c7db694f42cf5a41e894786c39e3e093b6b15abcbff80337f2
monkey-linux-32 agent 1.11.0 b0615fc0369bf6f0900e89acbc300cfe63bc754e4e3d50c2cba2dbdb2de8e511
monkey-linux-64 agent 1.11.0 fb4c979ce6c29bb458be50a44cc6839650826b831da849da69a05dfefdc66462
monkey-windows-32 agent 1.11.0 e006b26663f59b92bad8d49b034cd8101dd481f881e3c4839a9c1e64fd99e849
monkey-windows-64 agent 1.11.0 12c55377381a8fc7d8ff731db52302ef2f8bb894d8712769e5a91a140ba22b0a
sc_monkey_runner32.so sambacry 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212
sc_monkey_runner64.so sambacry 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18
tracerouter32 traceroute c15a8a7612af31ff973d424c6473eb34e2ca66dddc6aef3067a1e9927e368f23
traceroute64 sambacry 64d5c9c9b7c0aaf6447bd6fd439b87052fe72bba769c4de454bc1f817cffcad4
2d7919c
Compare
Choose a tag to compare

This release introduces exciting new features, performance improvements, and lots of bug fixes. To start downloading it while you read the release notes, go to the Infection Monkey website.

New Features 🆕

New exploits 💣

Infection Monkey can now exploit two new remote code execution vulnerabilities:

AWS Zero Trust security scans with ScoutSuite 🔍

Scout Suite is an open-source cloud security-auditing tool. It queries the cloud API to gather configuration data. Based on the configuration data gathered, ScoutSuite shows security issues and risks present in your cloud infrastructure. Infection Monkey will run a ScoutSuite scan against your AWS environment and categorize any alerts according to the Zero Trust framework. #519

scoutsuite

New MITRE ATT&CK techniques 💥

We're continuing to improve our MITRE ATT&CK capabilities. We've added four new ATT&CK techniques to Infection Monkey, for a total of 36!

  • Signed script proxy execution (T1216) #776
  • Account discovery(T1087) #793
  • Indicator removal on host: timestomp (T1099) #796
  • Clear command history (T1146) #799

Improvements

Secured dependencies using snyk.io

Performance improvements 🚤

  • Use multithreading to run PBAs #696
  • Refactor tornado WSGE container into gevent WSGI container #858 #862
  • Add sane timeouts to reduce excessive blocking #885

Documentation improvements 📖

We've updated our documentation for readability and consistency, as well as added swimm tutorials for developers.

Miscellaneous

  • Add Windows XP support to MS08_067 exploit #809
  • Reintroduce AWS run option #865
  • Update Linux deployment scripts #900

UI

  • Specify a user that will run the infection monkey agent #792 #830 #838 #840
  • Clarified cross-segment issue reporting #819
  • Improve ATT&CK UI #820
  • Modify master checkboxes to conform to human interface guidelines #920
  • Provide warning icon and language for unsafe options #920
  • Show "None" in zero trust report sections with zero findings #947
  • Show confirmation dialog when unsafe config is submitted or imported #1000
  • Show warning dialog when unsafe ATT&CK config is submitted #1006
  • Clarify custom PBA field descriptions in configuration menu #1027

Bug fixes 🐛

  • Scale Monkey Island map component to window size #150
  • Center Guardicore logo on smaller screens #612
  • Fix typo that caused missing telemetry type on Log page #689
  • Redirect to login page when JWT expires #739
  • Link related ATT&CK techniques of the same PBA #761
  • Fix rendering in security report generation #762
  • Fix PBA file upload failure #784
  • Evade detection by Windows defender #801, #929
  • Fix hang on update check #857
  • Fix creation of scheduled jobs (PBA) #861
  • Fix wrong initial state in plugin selector control #891
  • Fix failing SMB exploiter #895
  • Catch exceptions thrown by fingerprinters #897
  • Fix logic used to detect AWS, GCP, and Azure cloud instances #902
  • Fix uncaught error in ATT&CK report #948
  • Fix failure to scan configured TCP ports #956
  • Add missing authentication check to local_run endpoint #981
  • Do not automatically execute custom PBA script #1020 #1027
  • Fix pyjwt dependency at version 1.7 #1042
  • Properly handle unicode decode errors #798

New contributors 🙌

Welcome and thanks to our new contributors:

Attached binaries and hashes:

Filename Type Version SHA256 Hash
monkey-linux-32 agent 1.10.0 a6de7d571051292b9db966afe025413dc20b214c4aab53e48d90d8e04264f4f5
monkey-linux-64 agent 1.10.0 932f703510b6484c3824fc797f90f99722e38a7f8956cf6fa58fdecb3790ab93
monkey-windows-32 agent 1.10.0 8e891e90b11b97fbbef27f1408c1fcad486b19c612773f2d6a9edac5d4cdb47f
monkey-windows-64 agent 1.10.0 3b499a4cf1a67a33a91c73b05884e4d6749e990e444fa1d2a3281af4db833fa1
sc_monkey_runner32.so sambacry 68fd441c92f9d2c3201f7072eafbe9a4c56339139395daeba959836bd3f8b212
sc_monkey_runner64.so sambacry 94e1d1ac64bfc4a63f590f8add21c10f26b2b0ffb6b69518ed2c53909c8faf18
tracerouter32 traceroute c15a8a7612af31ff973d424c6473eb34e2ca66dddc6aef3067a1e9927e368f23
traceroute64 sambacry 64d5c9c9b7c0aaf6447bd6fd439b87052fe72bba769c4de454bc1f817cffcad4
ab01917
Compare
Choose a tag to compare

Infection Monkey 1.9.0

This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.

New Features 🆕

Improved MITRE ATT&CK coverage and reporting

We're continuing to improve our MITRE ATT&CK capabilities, with many new techniques added and a new report with more information.

New ATT&CK techniques 💥

We've added 8 new ATT&CK techniques to the Monkey, which brings our total coverage to 32!

  • setuid and setgid" attack technique (T1166) #702
  • "Trap" attack technique (T1154) #697
  • "PowerShell Profile" attack technique (T1504) #686
  • "Scheduled Task" attack technique (T1053) #685
  • "Local Job Scheduling" attack technique (T1168) #683
  • ".bash_profile and .bashrc" attack technique (T1156) #682
  • "Hidden Files and Directories" attack technique (T1158) #672
  • User creation and impersonation attack technique (T1136) #579

New ATT&CK report 📊

The new report added a new status to help you discern WHY a technique was or was not attempted, so you can optimise future Monkey executions. Here's how it looks:

image

Improved configuration (#637)

In our effort to improve the user experience and make Monkey more accessible and useable we've revamped our entire Configuration screen! Easily control the credentials used in simulations, the target list the Monkey will scan, and which exploits the Monkey will attempt to use.

Replaced mimikatz DLL with pypykatz for better defence evasion (#471, #583) 💂‍♂️

Most AVs recognize and delete the Mimikatz DLL or even disrupt the entire Monkey installation process on Windows. We've replaced Mimikatz with pypykatz and for now, it'll be much harder for endpoint protection software to stop the Monkey.

New Documentation site and framework (#602) 📖

Due to the limited control and ease of use of the GitHub wiki, we've decided to move our documentation to a self-hosted solution based on Hugo.

See it in action here.

image

Monkey Island is secure by default (#596) 🔐

The first time you launch Monkey Island (Infection Monkey CC server), you'll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.

If you want Island to be accessible without credentials press I want anyone to access the island. Please note that this option is insecure: you should only pick this for use in development environments.

image

Read related documentation here.

Improvements

Secured dependencies using snyk.io

We have a new integration with snyk.io, a service which checks our dependencies for vulnerabilities! So we've locked all our dependencies (#627) and updated lots of them as well:

Improvements to our CI process

  • Python import linting #727
  • Added Snyk.io to our PRs to test if new vulns are added through dependencies

Other improvements

  • Edge refactoring to DAL #671
  • Revamps UI to bootstrap v4 #688
  • Updated MongoDB version #692
  • Various Typos fixed #726

Bug fixes 🐛

Everything that was fixed in 1.8.2 and:

  • Reset env UI bug #666
  • Handle missing binaries #485
  • Fixes SMB exploiter not passing vulnerable port (thus causing redundant exploitation) #664
  • Removed PTH map #691

New contributors 🙌

Welcome and thanks to our new contributors:

Attached binaries and hashes:

Filename Type Version Hash
monkey-linux-32 agent 1.9.0 4c24318026239530ed2437bfef1a01147bb1f3479696eb4eee6009326ce6b380
monkey-linux-64 agent 1.9.0 aec6b14dc2bea694eb01b517cca70477deeb695f39d40b1d9e5ce02a8075c956
monkey-windows-32 agent 1.9.0 67f12171c3859a21fc8f54c5b2299790985453e9ac028bb80efc7328927be3d8
monkey-windows-64 agent 1.9.0 24622cb8dbabb0cf4b25ecd3c13800c72ec5b59b76895b737ece509640d4c068
3726a14
Compare
Choose a tag to compare

Infection Monkey 1.8.2

This is a small maintenance release. It includes some bug fixes, some performance improvements, and some new features. To start downloading it while you read the release notes, go to the Infection Monkey website.

New Features 🆕

Summary section in Security Report (#635)

Now you can easily see the number of open ports/services and number of servers scanned in the Security Report after a monkey run. Here's how it looks:

image

Improvements

Performance improvements 🚤

  • Stop exploiting machines that have already been exploited in the exact same manner #650
  • UI size improvements and performance improvements #634 #654
  • Performance testing infrastructure #632
  • Zero Trust report performance improvements #645

Misc.

  • PEP issues #636
  • Remove WMI from non-windows deployments #644

Bug fixes 🐛

  • Fixed monkey ignoring depth restrictions #642
  • Fixed UI build issues #643
  • Smallfixes on persistance/create user attack technique #647

Attached binaries and hashes:

Filename Type Version Hash
monkey-linux-32 agent 1.8.2 39D3FE1C7B33482A8CB9288D323DDE17B539825AB2D736BE66A9582764185478
monkey-linux-64 agent 1.8.2 4DCE4A115D41B43ADFFC11672FAE2164265F8902267F1355D02BEBB802BD45C5
monkey-windows-32 agent 1.8.2 86A7D7065E73B795E38F2033BE0C53F3AC808CC67478AED794A7A6C89123979F
monkey-windows-64 agent 1.8.2 2E6A1CB5523D87DDFD48F75B10114617343FBAC8125FA950BA7F00289B38B550
98636a5
Compare
Choose a tag to compare

Infection Monkey 1.8.0

This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.

New Features 🆕

MITRE ATT&CK report (#491, #496, #575, #577)

In the previous version, Infection Monkey started mapping its abilities to the MITRE ATT&CK matrix. We now present these results, alongside the relevant data and mitigations, in a new report that will enable you to understand and mitigate security issues in your network in the vernacular of MITRE.

Here's how it looks:

image

For more details, read our blog post or watch the overview video.

Test Your ATT&CK Before the Attack With Guardicore Infection Monkey

OS Compatibility (#507, #527, #528, #479, #506)

Since we decided to migrate the Monkey to Python 3.7 🐍, we wanted to make sure that it will still be able to give accurate results on a myriad of operating systems, even old ones that don't support Python 3 at all.

Check out the list of supported operating systems!

This included changes to the Monkey itself and also to us forking our own version of PyInstaller with a custom bootloader.

New Zero Trust People test (#515, #517, #518)

We added another Zero Trust test to the Monkey's arsenal: the Monkey tries to create a new user that communicates with the internet. If it succeeds, this means that the network’s policies were too permissive.

See it in action in this blog post called "How to Assess Your Zero Trust Status: Monkey See, Centra Do".

Improvements

Python 3 migration (#393, #394, #469, #475, #393, #532, #486, #494)

The Monkey is now Python 3.7! 🐍 🎉 Until the next print VS print() debate creates Python 4, the Monkey is not deprecated.

Improvements to our CI process

Performance testing infrastructure #548 #547

We hope to continue improving our performance as time goes on - this infrastructure will enable automatic testing of performance using Blackbox testing.

Better versioning (#545, #543, #559)

The Monkey version string now has the specific build ID that created it as well. Both the Monkey and the Island log that version string right when booting.

Refactor exploiters, fingerprinters system information collectors (#478, #499, #521, #522, #535)

Now these subsystems are modular and easy to expand using plugins, like PBAs before them (#397).

Telemetry box UI improvements (#538, #565)

The telemetry box in the Map now shows line count and auto-scrolls to the bottom 📜

Small UX QoL improvements

  • Config page label explaining that existing monkeys don't get new configuration #525
  • "Start over" page now waits for a response from the server #512

Merge Infection Monkey requirements files (#500)

Simplifies our development setup by using only a single requirements file for both Infection Monkey platforms. Thanks pip 🙏

JS File Saver (#473)

Small UI code improvement, less dependencies 👍

New map icons

image

Bug fixes 🐛

  • Blank Screen after inactivity fixed #472
  • Added 404 page #501
  • Prevention of circular imports #477
  • Auto update copyright year #481, #468
  • Various fixes to .deb deployment #533, #544, #503, #524
  • Disable none from the list of networks to scan #550
  • Notification wrong route #541
  • Improved deploy scripts #549, #562, #564, #546
  • Encrypt SSH keys in logs #523, #458
  • MSSQL compatibility #492, #493
  • ring bugfixes #484
  • Telemetries that don't require briefs no longer throws errors in island #466

New contributors 🙌

Welcome and thanks to our new contributors:

Attached binaries and hashes:

Filename Type Version Hash
monkey-windows-64.exe Windows Agent 1.8.0 f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7
monkey-linux-64 Linux Agent 1.8.0 d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6
monkey-windows-32.exe Windows Agent 1.8.0 1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08
monkey-linux-32 Linux Agent 1.8.0 217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2
5540007
Compare
Choose a tag to compare

Infection Monkey 1.7.0

This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website..

New Features 🆕

Zero Trust (#400)

The Monkey now tests your network against the Forrester Zero Trust eXtended framework and provides a report with actionable data and recommendations.

Read more about it in the Infection Monkey for Zero Trust product page or watch a demo video.

MITRE ATT&CK

Adds the ability to configure monkey using the MITRE ATT&CK matrix and allows to view which ATT&CK techniques were used and how in the report.

Improvements

Scanning Performance boost (#436)

The monkey now scans its target subnets in parallel, which improves runtime by 4.

Island performance boosts (#441 + #358)

The island now generates reports faster for larger amounts of network nodes by 2 orders of magnitude, which helps when dealing with larger-scale networks. Also, the report is cached if no Monkey has communicated since the last report has been generated.

Hashing all sensitive data in all logs (#438 + #444)

All potentially sensitive data is now logged hashed so no sensitive data is plain-text.

Notification when infection is done (#326)

The Island website will now send you a notification when the infection is done, so you don't need to busy wait on it.

Bug fixes 🐛

Various other bug fixes, such as:

  • Vulnerability stability and success rate improvements.
  • Monkey has TTL before it automatically marked as dead so report finishes in case of lost communication after network changes, shutdowns or crashes. (#313)
  • Automatic black-box testing suite. (#420)
  • Monkey will work on Windows machines that aren't installed on C:\. (#349)
  • Not showing Linux machines in PTH credentials map. (#338)

Attached binaries and hashes:

File Hash (SHA256)
monkey-linux-32 EF7A72FFDDF3A54C74F458201A45B51B779A68C460A309B0D5FD247264D7137D
monkey-linux-64 333529B3061473BF5EE713FA7E3DF4B05DD01823840BB92E1E715488A749B9EA
monkey-windows-32.exe 603D982D4A3D8459573D016E36BCFC0AD776CE2CB7DFF965954C688AB17E1727
monkey-windows-64.exe E400F0D56570215C458D6EDED63E72AC6E82819EFF2FC5969A73883261B5976E
Compare
Choose a tag to compare

This is a small bugfix release, mostly around integration and packaging.

Two user facing changes.

First, we now do not request AWS access keys for different features like AWS security hub integration and remote commands on EC2 instances. We now require an IAM role to be applied to the EC2 instance where the monkey is running. For more details, check here and here

Second, the Monkey Island now checks for updates against a centralized server. At startup, a single message containing the current version is sent to a dedicated machine, and returns whether there is a new version available and a download link in case there is one.

Feature - Version checking #309
Feature - AWS integration through IAM roles #281
Bugfix - Deb does not rely on package manager mongo #301
Bugfix - ElasticGroovy exploitation now gracefully timeouts in case of errors #289
Bugfix - Struts2 attack script does not check for certificate errors #318
Bugfix - Domain related recommendations do not show up if no such recommendations exist. #278 and #304 fixes #213
Bugfix - Update Bootstrap to 3.4.1 #311

Also, the Island may now also run as a single PyInstaller packed executable, solving some deployment issues on Windows.

8322178
Compare
Choose a tag to compare

This is a release with plenty of cool features.

Take the Infection Monkey for a spin inside your network and let us know how it was!

New Features

  • The UI can now optionally be password protected. For more information check our wiki and #260
  • The Monkey can now run actions after breaching the machine. For now, we've only implemented the option to create a disabled backdoor user. #242
  • Export to AWS security hub. The monkey now knows to export security findings to the AWS security hub. #221
  • We can now remotely run commands on AWS EC2 instances, giving you more methods to start a simulating breach. #259
  • Attack according to host names rather than IPs #189
  • We can now carry our own version of traceroute for linux machines #229
  • Add option to sleep between scans #240
  • The monkey now also pings machines to check if they're alive, possibly bypassing some segmentation rules #243
  • We have an experimental new attack. An MS-SQL exploiter that brute forces authentication and uses xp_cmdshell to attack. #147 

We also improved our deployment, making it easier for developers to set up their own instance of the Monkey (#225 and #227 )

Fixes

  • Moved to wget instead of curl #238
  • Make Mongo URL easy to redirect (using env variable) #197
  • UI improvements #211
  • Improvements to exploiters #212, #224#249, #269,#207,#224
  • Handle timeout when communicating with Island #202
    And many more small bug fixes :)