Get involved


Getting Started

Getting started consists of two easy steps - deploying a new image and launching the Infection Monkey!




Deploying an image


  1. Deploy the Infection Monkey OVA by choosing Deploy OVF Template and follow the wizard instructions. .
    Note: make sure port 5000 on the machine is accessible for inbound TCP traffic.
  2. Turn on the Infection Monkey VM.
  3. Log in to the machine with the following credentials:
    1. User: user
    2. Password: G3aJ9szrvkxTmfAG
  4. Change the default password by running the following commands:
    1. sudo passwd user
    2. sudo passwd root


The OVA can be used in one of two modes:

  1. In a network with DHCP configured. In this case, the Monkey Island will automatically query and receive an IP address from the network.
  2. With a static IP address. In this case, you should login to the VM console with
    user name root and password G3aJ9szrvkxTmfAG .
    After logging in, edit the interfaces file. You can do that by writing the following command in the prompt:
    1. sudo nano /etc/network/interfaces
  3. And change the lines:
    1. auto ens160
      Iface ens160 inet dhcp
  4. to the following:
    1. auto ens160
      iface ens160 inet static
      address AAA.BBB.CCC.DDD
      netmask XXX.XXX.XXX.XXX
      gateway YYY.YYY.YYY.YYY
  5.  Save the changes then run the command
    1. sudo ifdown ens160 && ifup ens160

Using the Infection Monkey

After deploying the Monkey Island in your environment, navigate to https://<server-ip>:5000. To get the Infection Monkey running as fast as possible, click Run Monkey. Optionally, you can configure the Monkey before you continue by clicking Configuration (see Appendix A).


To run the monkey, select one of the following options:

1. Click Run on C&C Server to run the Infection Monkey on the Monkey Island server. This simulates an attacker trying to propagate from a machine in the Monkey Island subnet.


2. Click Run on machine of your choice to download and execute the Infection Monkey on a machine of your choice. Then follow the instructions and execute the generated command on the machine of your choice. This simulates an attacker who has breached one of your servers. The Monkey will map all accessible machines and their open services and try to steal credentials and use its exploits to propagate.

Next, click the Infection Map link to see the Infection Monkey in action.

At first, the infection map will look like this:

Within a few minutes, the Infection Monkey should be able to find and attack accessible machines.

As the Infection Monkey continues, the map should be filled with accessible and “hacked” machines. Once all the Infection Monkeys have finished propagating, click Security Report (see Appendix B).

Congratulations, you finished first successful execution of the Infection Monkey! To thoroughly test your network, you can run the Infection Monkey from different starting locations using different configurations (see Appendix A).


If you have any questions, contact us or post to the Infection Monkey Google Group.


Appendix A: Configuration

The Monkey is very configurable, nearly every part of it can be modified to turn it to a fast acting worm or into a port scanning and system information collecting machine.


The configuration is split into two parts, Basic and everything else, the Basic options are pretty self explanatory and are split into two sections:


1. Credentials:
In this screen you can feed the Monkey with “stolen” credentials for your network, simulating an attacker with inside knowledge.


2. Network:
Here you can control multiple important settings, such as:

  • Network propagation depth - How many hops from the base machine will the Monkey spread
  • Local network scan - Should the Monkey attempt to attack any machine in its subnet
  • Scanner IP/subnet list - Specific IP ranges that the Monkey should try to attack.

Appendix B: Security Report

The report is split into 3 categories


  • Overview
  • Recommendations
  • The Network from the Monkey’s Eyes. You can also download a printable version of the report by clicking the Print Report option.