whatisgithub

What is monkey?

guardicore/monkey — explained in plain English

Analysis updated 2026-06-24

6,997PythonAudience · ops devopsComplexity · 4/5Setup · hard

In one sentence

Open-source network penetration testing tool that simulates an attacker spreading from machine to machine inside your network using real exploits and credential attacks, then reports which systems were reached and how.

Mindmap

mindmap
  root((Infection Monkey))
    What it does
      Simulates attacker spread
      Tests lateral movement
      Produces security report
    Attack techniques
      SSH and SMB exploits
      Log4Shell Zerologon
      Credential stealing
    Components
      Monkey agent
      Monkey Island server
      Live network map
    Audience
      Security teams
      Sysadmins
      Pentesters
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run a controlled breach simulation to find out if an attacker could move freely through your data center after an initial compromise

USE CASE 2

Test whether your network would stop an attacker exploiting known vulnerabilities like Log4Shell or Zerologon

USE CASE 3

Generate a security report showing exactly which machines are reachable and what credential or exploit techniques worked

What is it built with?

Python

How does it compare?

guardicore/monkeycluic/wxautojrohy/multi-v2ray
Stars6,9977,0006,993
LanguagePythonPythonPython
Setup difficultyhardmoderatemoderate
Complexity4/52/53/5
Audienceops devopsdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires deploying a central Monkey Island server plus agent machines across your network, consult the documentation hub for supported OS and full setup steps.

So what is it?

Infection Monkey is an open-source security testing tool made by Guardicore (now part of Akamai). It is designed to help organizations find out how well their internal networks hold up if an attacker somehow gets inside the perimeter. Think of it as a controlled fire drill for your data center, where the tool plays the role of an intruder and tries to spread from machine to machine the way a real attacker would. The tool has two main parts working together. The Monkey itself is the agent that runs on a machine and tries to move to other machines nearby. It does this by trying common passwords, exploiting known software weaknesses, and using credential-stealing techniques. The second part, called Monkey Island, is a central server that coordinates the agents and displays a live map showing which machines were reached and how. When the test is done, Monkey Island produces a security report explaining what succeeded and what stopped the spread. The propagation techniques include attacks over SSH, SMB, and WMI, along with exploits for well-known vulnerabilities like Log4Shell and Zerologon. All of these are documented in detail on the project's official documentation site, so teams can understand exactly what was tested and what the results mean for their specific environment. Setup instructions and supported operating systems are covered in the documentation hub linked from the README. The source code is written in Python, and the project provides deployment scripts for anyone who wants to build and run a development version themselves. Unit tests and blackbox tests are both included for contributors. This tool is aimed at security teams, system administrators, and penetration testers who need a repeatable, automated way to check whether a real attacker could move freely through their infrastructure after an initial breach.

Copy-paste prompts

Prompt 1
Walk me through deploying Infection Monkey in a test environment, what do I need to set up the Monkey Island server and run my first simulation?
Prompt 2
I want to test lateral movement risk in my network using Infection Monkey, what propagation techniques does it use and how do I read the results report?
Prompt 3
How does Infection Monkey's SSH and SMB attack simulation work, and what should I check on each compromised machine after a test run?

Frequently asked questions

What is monkey?

Open-source network penetration testing tool that simulates an attacker spreading from machine to machine inside your network using real exploits and credential attacks, then reports which systems were reached and how.

What language is monkey written in?

Mainly Python. The stack also includes Python.

How hard is monkey to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is monkey for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.