Guardicore Infection Monkey documentation hub


The Infection Monkey is an open-source breach and attack simulation tool for testing a data center's resiliency to perimeter breaches and internal server infection. Infection Monkey will help you validate existing security solutions and will provide a view of the internal network from an attacker's perspective.

Infection Monkey is free and can be downloaded from our homepage.

How it works

Architecturally, Infection Monkey is comprised of two components:

  • Monkey Agent (Monkey for short) - a safe, worm-like binary program which scans, propagates, and simulates attack techniques on the local network.
  • Monkey Island Server (Island for short) - a C&C web server that provides a GUI for users and interacts with the Monkey Agents.

The user can run the Monkey Agent on the Island Server machine or distribute Monkey Agent binaries on the network manually. Based on the configuration parameters, Monkey Agents scan, propagate and simulate an attacker's behavior on the local network. All of the information gathered about the network is aggregated in the Island Server and displayed once all Monkey Agents are finished.


The results of running Monkey Agents are:

  • A map that displays how much of the network an attacker can see, what services are accessible, and potential propagation routes.
  • A report, which displays security issues that Monkey Agents discovered and/or exploited.

A more in-depth description of reports generated can be found in the reports documentation page.

Getting started

If you haven't downloaded Infection Monkey yet, you can do so from our homepage. After downloading the Monkey, install it using one of our setup guides, and read our getting started guide for a quick-start on Monkey.

Support and community

If you need help or want to talk all things Monkey, you can join our public Slack workspace or contact us via Email.