Want to help secure networks? That’s great!
Here’s a few short links to help you get started.
You can take a look at our roadmap to see what issues we’re thinking about doing soon. We are looking for:
The best way to find weak spots in the network is by attacking it. The Exploit template page will help you add exploits.
It’s important to note that the Infection Monkey must be perfectly reliable otherwise no one will use it, so avoid memory corruption exploits unless they’re rock solid and focus on the logical vulns such as Shellshock.
Successfully attacking every server in the network is no good unless the Monkey can explain how to prevent the attack. Whether it’s detecting when the Monkey is using stolen credentials or when the Monkey can escape locked down networks, this is the part that actually helps secure different parts.
We always want to improve the core Monkey code, to make it smaller, faster and more reliable. If you have an idea of how to do it, or just want to modularise/improve test coverage for the code, do share!
Every project requires better documentation. The Monkey is no different, so feel free to open PRs with suggestions, improvements or issues asking us to document different parts of the Monkey.
The Monkey’s documentation is stored in the