monkey
Infection Monkey is an open-source adversary emulation platform that simulates malware spread across networks to test your security defenses. It comprises an agent that propagates across systems and a centralized command-and-control server (Monkey Island) for orchestration and reporting.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | guardicore/monkey |
| Owner | guardicore |
| Primary language | Python |
| License | GPL-3.0 — OSI-approved |
| Stars | 7k |
| Forks | 818 |
| Open issues | 239 |
| Latest release | v2.3.0 (2023-09-19) |
| Last updated | 2025-05-01 |
| Source | https://github.com/guardicore/monkey |
What monkey is
Python-based penetration testing framework with two components: a configurable network worm agent supporting multiple propagation techniques (SSH, RDP, SMB, WMI, Log4Shell, password theft) and a centralized Monkey Island C2 server for simulation control and attack visualization. Generates empirical security posture data and network infection maps.
Get the monkey source
Clone the repository and explore it locally.
git clone https://github.com/guardicore/monkey.gitcd monkey# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Deploy in isolated test networks or lab environments with strict network segmentation to prevent unintended lateral movement into non-target systems.
- Obtain documented approval from security leadership and compliance/legal before deployment; clearly communicate scope and expected behaviors to operations teams.
- Configure agent propagation settings (targets, exploits, credential lists) conservatively and validate against golden images before each run.
- Establish baseline metrics and success criteria for each simulation to enable interpretation of results and remediation prioritization.
- Plan for post-simulation forensics and data retention; ensure C2 server logging is enabled and accessible for audit and reporting.
When to avoid it — and what to weigh
- Production Networks Without Strict Isolation — Despite being described as 'safe,' the agent actively propagates across networks. Risk of unintended lateral movement or triggering security alerts in shared/production environments without complete air-gapping.
- Highly Regulated Environments Requiring Pre-Approval — Running simulated malware (even non-destructive) may violate compliance frameworks or organizational policies. Requires explicit written authorization and change management processes.
- Teams Without Security Operations Expertise — Misconfigurations can create false positives or allow unintended network access. Requires security knowledge to interpret results and distinguish simulation behavior from actual threats.
- Environments Where Source Code Review is Mandatory — GPL-3.0 license requires disclosure of any modifications; organizations with strict IP policies may face barriers to internal customization.
License & commercial use
Licensed under GPL-3.0 (GNU General Public License v3.0). This is a copyleft license requiring that any derivative works or distributed modifications must also be released under GPL-3.0 with source code disclosure.
GPL-3.0 is a strong copyleft license. Commercial use of the unmodified software for internal testing is permitted, but any customization or integration into proprietary products requires either GPL-3.0 licensing of the entire derivative work or legal review. Requires formal assessment before embedding in commercial offerings.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | High |
| DEV.co fit | Possible |
| Assessment confidence | High |
Infection Monkey is designed to simulate malware; operators must ensure it operates only in authorized, isolated networks. The agent actively propagates and attempts credential theft (Mimikatz), social engineering, and privilege escalation—legitimate in controlled settings but risky if misconfigured. Code coverage metrics and CI/CD pipeline shown (Travis CI, codecov) indicate attention to code quality, but no independent security audit or vulnerability disclosure policy mentioned. Operators are responsible for segmentation, authorization, and incident response readiness.
Alternatives to consider
Metasploit Framework
Industry-standard penetration testing platform with broader exploit library and community. Requires more manual orchestration; better for one-off assessments than continuous simulation.
Caldera (MITRE ATT&CK)
Open-source adversary emulation platform aligned with MITRE ATT&CK framework. Emphasis on multi-agent coordination and evasion tactics; more research-focused than turnkey security posture testing.
Atomic Red Team
Lightweight, script-based adversary emulation keyed to ATT&CK techniques. Lower deployment overhead but less autonomous propagation simulation; better for tactical control.
Build on monkey with DEV.co software developers
Infection Monkey requires careful planning for isolated environments, clear authorization from leadership, and security expertise to configure and interpret results. If your team is building internal red team capabilities or validating network segmentation, we can help you assess deployment architecture, compliance fit, and integration with your existing security stack.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
monkey FAQ
Is Infection Monkey safe to run in production?
What exploits does it support?
Can I modify the source code for my organization?
How current are the exploits?
Custom software development services
From first prototype to production, DEV.co delivers software development services around tools like monkey. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source security and beyond.
Evaluate Infection Monkey for Your Security Program
Infection Monkey requires careful planning for isolated environments, clear authorization from leadership, and security expertise to configure and interpret results. If your team is building internal red team capabilities or validating network segmentation, we can help you assess deployment architecture, compliance fit, and integration with your existing security stack.