Infection Monkey
Infection Monkey is a network breaching simulation tool which finds and reports flaws and exploits in the nodes of a network. A guide to setup an Infection Monkey server can be found here
REST API
Since this service does not provide an API, the ORWELL team developed a selenium based REST API using the Fast API framework to interact with the Monkey server as a standalone, also open-source, project. The code can be found in our repositories (here). The functionalities developed are the following:
| Endpoint | Functionality |
|---|---|
| /configs | List available config files |
| /run/"config_file" | Start monkey breaching simulation with desired config file |
| /kill | Abort all operations |
| /reset | Reset Monkey environment |
| /docs | Documentation |
At the time of writing, API authentication was not taken into consideration in this project. For secuirty reasons, the service shouldn't be deployed on a public network.
Infection Monkey in ORWELL's proof of concept
An Infection Monkey server was deployed using docker in a node of IT's network. For proof of concept purposes, tests were run in an isolated subnet, populated with vulnerable machines, which the application successfully identified and breached.
The IM server is running on the address 10.0.13.181, port 5000 while the REST API is on the same address, port 8000.
Although not integrated with any particular component, with our API, Infection Monkey can be used for automation purposes within a Testbed context, such as scheduling simulations or pushing logs to an external channel.