DEV.co
Open-Source Security · guardicore

monkey

Infection Monkey is an open-source adversary emulation platform that simulates malware spread across networks to test your security defenses. It comprises an agent that propagates across systems and a centralized command-and-control server (Monkey Island) for orchestration and reporting.

Source: GitHub — github.com/guardicore/monkey
7k
GitHub stars
818
Forks
Python
Primary language
GPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryguardicore/monkey
Ownerguardicore
Primary languagePython
LicenseGPL-3.0 — OSI-approved
Stars7k
Forks818
Open issues239
Latest releasev2.3.0 (2023-09-19)
Last updated2025-05-01
Sourcehttps://github.com/guardicore/monkey

What monkey is

Python-based penetration testing framework with two components: a configurable network worm agent supporting multiple propagation techniques (SSH, RDP, SMB, WMI, Log4Shell, password theft) and a centralized Monkey Island C2 server for simulation control and attack visualization. Generates empirical security posture data and network infection maps.

Quickstart

Get the monkey source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/guardicore/monkey.gitcd monkey# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Internal Penetration Testing & Security Posture Assessment

Safely simulate real-world malware behavior in controlled environments to validate detection, prevention, and mitigation capabilities of existing security controls.

Red Team Exercises & Adversary Emulation

Conduct repeatable, configurable attack simulations to build organizational security maturity and test incident response procedures without hiring external consultants.

Security Baseline Validation & Compliance Testing

Empirically verify that network segmentation, access controls, and endpoint protections are functioning as designed before production deployments.

Implementation considerations

  • Deploy in isolated test networks or lab environments with strict network segmentation to prevent unintended lateral movement into non-target systems.
  • Obtain documented approval from security leadership and compliance/legal before deployment; clearly communicate scope and expected behaviors to operations teams.
  • Configure agent propagation settings (targets, exploits, credential lists) conservatively and validate against golden images before each run.
  • Establish baseline metrics and success criteria for each simulation to enable interpretation of results and remediation prioritization.
  • Plan for post-simulation forensics and data retention; ensure C2 server logging is enabled and accessible for audit and reporting.

When to avoid it — and what to weigh

  • Production Networks Without Strict Isolation — Despite being described as 'safe,' the agent actively propagates across networks. Risk of unintended lateral movement or triggering security alerts in shared/production environments without complete air-gapping.
  • Highly Regulated Environments Requiring Pre-Approval — Running simulated malware (even non-destructive) may violate compliance frameworks or organizational policies. Requires explicit written authorization and change management processes.
  • Teams Without Security Operations Expertise — Misconfigurations can create false positives or allow unintended network access. Requires security knowledge to interpret results and distinguish simulation behavior from actual threats.
  • Environments Where Source Code Review is Mandatory — GPL-3.0 license requires disclosure of any modifications; organizations with strict IP policies may face barriers to internal customization.

License & commercial use

Licensed under GPL-3.0 (GNU General Public License v3.0). This is a copyleft license requiring that any derivative works or distributed modifications must also be released under GPL-3.0 with source code disclosure.

GPL-3.0 is a strong copyleft license. Commercial use of the unmodified software for internal testing is permitted, but any customization or integration into proprietary products requires either GPL-3.0 licensing of the entire derivative work or legal review. Requires formal assessment before embedding in commercial offerings.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityHigh
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

Infection Monkey is designed to simulate malware; operators must ensure it operates only in authorized, isolated networks. The agent actively propagates and attempts credential theft (Mimikatz), social engineering, and privilege escalation—legitimate in controlled settings but risky if misconfigured. Code coverage metrics and CI/CD pipeline shown (Travis CI, codecov) indicate attention to code quality, but no independent security audit or vulnerability disclosure policy mentioned. Operators are responsible for segmentation, authorization, and incident response readiness.

Alternatives to consider

Metasploit Framework

Industry-standard penetration testing platform with broader exploit library and community. Requires more manual orchestration; better for one-off assessments than continuous simulation.

Caldera (MITRE ATT&CK)

Open-source adversary emulation platform aligned with MITRE ATT&CK framework. Emphasis on multi-agent coordination and evasion tactics; more research-focused than turnkey security posture testing.

Atomic Red Team

Lightweight, script-based adversary emulation keyed to ATT&CK techniques. Lower deployment overhead but less autonomous propagation simulation; better for tactical control.

Software development agency

Build on monkey with DEV.co software developers

Infection Monkey requires careful planning for isolated environments, clear authorization from leadership, and security expertise to configure and interpret results. If your team is building internal red team capabilities or validating network segmentation, we can help you assess deployment architecture, compliance fit, and integration with your existing security stack.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

monkey FAQ

Is Infection Monkey safe to run in production?
No. Despite being non-destructive, the agent actively propagates across networks. It must run in isolated test/lab environments with explicit authorization and strict network segmentation.
What exploits does it support?
Agent supports multiple propagation techniques: predefined passwords, common logical exploits, Mimikatz-based credential theft, and exploit methods including Log4Shell, RDP, SSH, SMB, WMI. Full list documented in the external techdocs hub.
Can I modify the source code for my organization?
Yes, but modifications must comply with GPL-3.0: any derivative works distributed must be released under GPL-3.0 with source code disclosure. Internal modifications not distributed may have fewer constraints; legal review recommended.
How current are the exploits?
Latest release is v2.3.0 (September 2023, ~1.5 years old). Active maintenance continues, but the release lag suggests exploit techniques may not cover the newest vulnerabilities without custom updates.

Custom software development services

From first prototype to production, DEV.co delivers software development services around tools like monkey. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source security and beyond.

Evaluate Infection Monkey for Your Security Program

Infection Monkey requires careful planning for isolated environments, clear authorization from leadership, and security expertise to configure and interpret results. If your team is building internal red team capabilities or validating network segmentation, we can help you assess deployment architecture, compliance fit, and integration with your existing security stack.