🗂️ Navigation
📁 Penetration Testing
📋 Purple Team Tools
🔧 Infection Monkey

Infection Monkey

An open-source breach and attack simulation (BAS) tool.

Visit Website →

Overview

Infection Monkey is an open-source Breach and Attack Simulation (BAS) tool developed by Guardicore (now part of Akamai). It is designed to be a self-propagating tool that safely simulates the spread of malware within a network. It automatically discovers network assets, exploits vulnerabilities, and visualizes the potential attack paths an adversary could take. This helps organizations understand their exposure and prioritize remediation efforts in complex network environments.

✨ Key Features

  • Automated Breach and Attack Simulation
  • Network Discovery and Visualization
  • Lateral Movement Simulation
  • Vulnerability and Credential Exploitation
  • Security Report with Actionable Insights
  • MITRE ATT&CK Integration

🎯 Key Differentiators

  • Completely free and open-source
  • Focus on simulating autonomous, self-propagating threats
  • Excellent for visualizing lateral movement paths and testing network segmentation

Unique Value: Provides a free and easy way to assess network security posture by simulating how an attacker would move laterally through the environment, highlighting critical security gaps.

🎯 Use Cases (5)

Network Security Posture Assessment Validating Network Segmentation Identifying Lateral Movement Paths Zero Trust Validation Pre-and-post change validation

✅ Best For

  • Testing the effectiveness of micro-segmentation policies
  • Visualizing how a breach could spread from a compromised machine
  • Identifying servers with weak or default credentials

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Testing specific endpoint security agent detections (it focuses more on network-level propagation).

🏆 Alternatives

Pentera Horizon3.ai NodeZero MITRE Caldera

While commercial automated pentesting tools are more powerful, Infection Monkey offers significant value for no cost and is particularly strong at testing and visualizing network-level security controls like segmentation.

💻 Platforms

Web (Self-hosted) Windows Linux

✅ Offline Mode Available

🔌 Integrations

API

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: Fully-featured and open-source.

Visit Infection Monkey Website →

🔄 Similar Tools in Purple Team Tools

PlexTrac

A platform for pentest reporting, automated remediation tracking, and proactive security management....

Contact

AttackIQ

A breach and attack simulation (BAS) platform that continuously validates security controls against ...

Contact

Cymulate

A comprehensive platform for continuous security validation, attack surface management, and exposure...

Contact

Mandiant Security Validation

A security validation platform that tests security controls using real-world attack emulations based...

Contact

Scythe

An adversary emulation platform that helps red, blue, and purple teams build and emulate real-world ...

Contact

Pentera

An automated platform that mimics a hacker's entire attack kill chain to validate security controls ...

Contact