github.com/guardicore/monkey ↗

About guardicore/monkey

Infection Monkey is an open-source adversary emulation platform designed to help organizations test and improve their security defenses through controlled simulations of malware behavior. The platform consists of two main components: an Agent that acts as a configurable network worm capable of propagating across systems, stealing data, and delivering payloads, and the Monkey Island, a centralized command and control server that manages and visualizes the simulation.

The tool operates on the principle of building defensive "antibodies" by allowing security teams to safely replicate malware tactics and behaviors in their own networks. Users configure the Monkey Agent to emulate specific malware characteristics, deploy it into their network environment, and then observe whether their existing security controls can detect, prevent, or mitigate the simulated infection. This provides empirical data about defensive capabilities and helps identify gaps in security posture.

Infection Monkey supports multiple propagation techniques including exploitation of common vulnerabilities like Log4Shell, RSD, SSH, and SMB, as well as credential-based attacks using predefined passwords and tools like Mimikatz. The platform is written in Python and supports various operating systems. The project includes comprehensive testing infrastructure with unit tests and blackbox testing capabilities, and full documentation is available through their technical documentation hub.