The Infection Monkey agent has two steps before attempting to exploit a victim, scanning and fingerprinting, it’s possible to customize both steps in the configuration files.
The sole interface required is the
is_host_alive interface, which needs to return True/False.
TcpScanner is the default scanner and it checks for open ports based on the
tcp_target_ports configuration setting.
PingScanner sends a ping message using the host OS utility
Fingerprinters are modules that collect server information from a specific victim. They inherit from the
HostFinger class and are listed under
finger_classes configuration option.
Currently implemented Fingerprint modules are:
SMBFinger- Fingerprints target machines over SMB. Extracts computer name and OS version.
SSHFinger- Fingerprints target machines over SSH (port 22). Extracts the computer version and SSH banner.
PingScanner- Fingerprints using the machines TTL, to differentiate between Linux and Windows hosts.
HTTPFinger- Fingerprints over HTTP/HTTPS, using the ports listed in
HTTP_PORTSin the configuration. Returns the server type and if it supports SSL.
MySQLFinger- Fingerprints over MySQL (port 3306). Extracts MySQL banner info - Version, Major/Minor/Build and capabilities.
ElasticFinger- Fingerprints over ElasticSearch (port 9200). Extracts the cluster name, node name and node version.
To add a new scanner/fingerprinter, create a new class that inherits from
HostFinger (depending on the interface). The class should be under the network module and should be imported under
At this point, the Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is