Here are some of the most common questions we receive about the Infection Monkey. If the answer you’re looking for isn’t here, talk with us on our Slack channel, email us at support@infectionMonkey.com or open an issue on GitHub.

To see how you can use the Infection Monkey to simulate several breach and attack scenarios, refer to the scenarios page.

Where can I get the latest Monkey version?

For the latest stable release for users, visit our downloads page. If you want to see what has changed between versions, read the releases page on GitHub. For the latest development version, visit the develop version in GitHub.

How long does a single Monkey run for? Is there a time limit?

The Monkey shuts off either when it can’t find new victims, or when it has exceeded the quota of victims as defined in the configuration.

Should I run the Monkey continuously?

Yes! This will allow you to verify that no new security issues were identified by the Monkey since the last time you ran it.

Does the Infection Monkey require a connection to the Internet?

The Infection Monkey does not require internet access to function. If internet access is available, the Monkey will use the Internet for two purposes:

  • To check for updates
  • To check if machines can reach the internet

Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?

Monkey Island

The Monkey Island’s log file can be downloaded directly from the UI. Click the “log” section and choose “Download Monkey Island internal log file”, like so:

How to download Monkey Island internal log file.

It can also be found as a local file on the Monkey Island server, where the Monkey Island was executed, called `info.log`. The log enables you to see which requests were requested from the server, and extra logs from the backend logic. The log will contain entries like these ones for example:

2019-07-23 10:52:23,927 - wsgi.py:374 -       _log() - INFO - 200 GET /api/local-monkey (10.15.1.75) 17.54ms
2019-07-23 10:52:23,989 - client_run.py:23 -        get() - INFO - Monkey is not running

2019-07-23 10:52:24,027 - report.py:580 - get_domain_issues() - INFO - Domain issues generated for reporting

Monkey

The Monkey log file can be found in the following paths on machines where it was executed:
Path on Linux: /tmp/user-1563 Path on Windows: %temp%\\~df1563.tmp

The logs contain information about the internals of the Monkey’s execution. The log will contain entries like these ones for example:

2019-07-22 19:16:44,228 [77598:140654230214464:INFO] main.main.116: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 77598 <<<<<<<<<<
2019-07-22 19:16:44,231 [77598:140654230214464:INFO] monkey.initialize.54: Monkey is initializing...
2019-07-22 19:16:44,231 [77598:140654230214464:DEBUG] system_singleton.try_lock.95: Global singleton mutex '{2384ec59-0df8-4ab9-918c-843740924a28}' acquired
2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] monkey.initialize.81: Added default server: 10.15.1.96:5000
2019-07-22 19:16:44,234 [77598:140654230214464:INFO] monkey.start.87: Monkey is running...
2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] control.find_server.65: Trying to wake up with Monkey Island servers list: ['10.15.1.96:5000', '192.0.2.0:5000']
2019-07-22 19:16:44,235 [77598:140654230214464:DEBUG] control.find_server.78: Trying to connect to server: 10.15.1.96:5000
2019-07-22 19:16:44,238 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): 10.15.1.96:5000
2019-07-22 19:16:44,249 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://10.15.1.96:5000 "GET /api?action=is-up HTTP/1.1" 200 15
2019-07-22 19:16:44,253 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): updates.infectionmonkey.com:443
2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61

Running the Monkey in a production environment

How much of a footprint does the Monkey leave?

The Monkey leaves hardly any trace on the target system. It will leave:

  • Log files in the following locations:
    • Path on Linux: /tmp/user-1563
    • Path on Windows: %temp%\\~df1563.tmp

What’s the Monkey’s impact on system resources usage?

The Infection Monkey uses less than a single-digit percent of CPU time and very low RAM usage. For example, on a single core Windows Server machine, the Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically. If you do experience any performance issues please let us know on our Slack channel or via opening an issue on GitHub.

Is it safe to use real passwords and usernames in the Monkey’s configuration?

Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is then accessible only to users that have access to the Island. We advise to limit access to the Monkey Island server by following our password protection guide. If you are using our provided OVA, you should change the machines root password as well.

How do you store sensitive information on the Monkey Island?

Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Island’s database in an encrypted fashion. This data is transmitted to the Infection Monkeys in an encrypted fashion (HTTPS) and is not stored locally on the victim machines. When you reset the Monkey Island configuration, the Monkey Island wipes the information.

How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?

The Monkey does not use any exploits or attacks that may impact the victim system. This means we avoid using some very strong (and famous) exploits such as EternalBlue. This exploit was used in WannaCry and NotPetya with huge impact. But because it may crash a production system, we aren’t using it.

After I’ve set up the Monkey Island, how can I execute the Monkey?

See out detailed walkthrough guide.

How can I make the monkey propagate “deeper” into the network?

If you wish to simulate a very “deep” attack into your network, you can try to increase the propagation depth parameter in the configuration. This parameter tells the Monkey how far to propagate into your network from the “patient zero” machine in which it was launched manually. To do this, change the “Distance from Island” parameter in the “Basic – Network” tab of the configuration:

Increase the Monkeys propagation depth by changing the

What if the report returns a blank screen?

This is sometimes caused when the Monkey Island is installed with an old version of MongoDB. Make sure your MongoDB version is up to date using the mongod –version command. If your version is older than 4.0.10, this might be the problem. To update your Mongo version, first uninstall the current version (sudo apt uninstall mongodb on Ubuntu) and then install the latest version using the official mongodb manual.

How can I get involved with the project?

The Monkey is an open-source project. To become a developer you can just pick an issue, clone the repo and start working. We recommend joining the conversation on our Slack channel (#Monkey_dev channel) and to first set up a development environment where you can run and test the project before starting to code.

Please consult with our contribution guidelines before you start working on an issue.

FAQ

Guardicore Infection Monkey

im-eyes