The Infection Monkey spins up an infected virtual machine inside random parts of the data center, testing for potential weaknesses in security controls. Any successful lateral movement made by the Infection Monkey is an indication of a security failure that should be fixed.
It scans the network checking for open ports and fingerprints machines using multiple network protocols. After detecting accessible machines, it attempts to attack every single machine using a variety of methods, including intelligent password guessing and safe exploits.
The Infection Monkey then provides detailed information about the specific vulnerability abused and the effect vulnerable segments can have on the entire network, giving security teams the insights they need to make informed decisions and enforce tighter security policies.