Infection Monkey 1.8.0
This is a BIG, exciting release, with a ton of new features and improvements. To start downloading it while you read the release notes, go to the Infection Monkey website.
New Features π
MITRE ATT&CK report (#491, #496, #575, #577)
In the previous version, Infection Monkey started mapping its abilities to the MITRE ATT&CK matrix. We now present these results, alongside the relevant data and mitigations, in a new report that will enable you to understand and mitigate security issues in your network in the vernacular of MITRE.
Here's how it looks:
For more details, read our blog post or watch the overview video.
OS Compatibility (#507, #527, #528, #479, #506)
Since we decided to migrate the Monkey to Python 3.7 π, we wanted to make sure that it will still be able to give accurate results on a myriad of operating systems, even old ones that don't support Python 3 at all.
Check out the list of supported operating systems!
This included changes to the Monkey itself and also to us forking our own version of PyInstaller with a custom bootloader.
New Zero Trust People test (#515, #517, #518)
We added another Zero Trust test to the Monkey's arsenal: the Monkey tries to create a new user that communicates with the internet. If it succeeds, this means that the networkβs policies were too permissive.
See it in action in this blog post called "How to Assess Your Zero Trust Status: Monkey See, Centra Do".
Improvements ‴
Python 3 migration (#393, #394, #469, #475, #393, #532, #486, #494)
The Monkey is now Python 3.7! π π Until the next print VS print() debate creates Python 4, the Monkey is not deprecated.
Improvements to our CI process
Performance testing infrastructure #548 #547
We hope to continue improving our performance as time goes on - this infrastructure will enable automatic testing of performance using Blackbox testing.
Better versioning (#545, #543, #559)
The Monkey version string now has the specific build ID that created it as well. Both the Monkey and the Island log that version string right when booting.
Refactor exploiters, fingerprinters system information collectors (#478, #499, #521, #522, #535)
Now these subsystems are modular and easy to expand using plugins, like PBAs before them (#397).
Telemetry box UI improvements (#538, #565)
The telemetry box in the Map now shows line count and auto-scrolls to the bottom π
Small UX QoL improvements
- Config page label explaining that existing monkeys don't get new configuration #525
- "Start over" page now waits for a response from the server #512
Merge Infection Monkey requirements files (#500)
Simplifies our development setup by using only a single requirements file for both Infection Monkey platforms. Thanks pip π
JS File Saver (#473)
Small UI code improvement, less dependencies π
New map icons
Bug fixes π
- Blank Screen after inactivity fixed #472
- Added 404 page #501
- Prevention of circular imports #477
- Auto update copyright year #481, #468
- Various fixes to
.debdeployment #533, #544, #503, #524 - Disable
nonefrom the list of networks to scan #550 - Notification wrong route #541
- Improved deploy scripts #549, #562, #564, #546
- Encrypt SSH keys in logs #523, #458
- MSSQL compatibility #492, #493
ringbugfixes #484- Telemetries that don't require briefs no longer throws errors in island #466
New contributors π
Welcome and thanks to our new contributors:
Attached binaries and hashes:
| Filename | Type | Version | Hash |
|---|---|---|---|
| monkey-windows-64.exe | Windows Agent | 1.8.0 | f0bc144ba4ff46094225adaf70d3e92e9aaddb13b59e4e47aa3c2b26fd7d9ad7 |
| monkey-linux-64 | Linux Agent | 1.8.0 | d41314e5df72d5a470974522935c0b03dcb1c1e6b094d4ab700b04d5fec59ae6 |
| monkey-windows-32.exe | Windows Agent | 1.8.0 | 1ddb093f9088a4d4c0af289ff568bbe7a0d057e725e6447055d4fe6c5f4e2c08 |
| monkey-linux-32 | Linux Agent | 1.8.0 | 217cc2b9481f6454fa0a13adf12d9b29ce4e1e6a319971c8db9b446952ce3fb2 |