Closed CSPF-Founder closed 6 years ago
Hey, The 41.50.73.31 (or 4150 and 1337 reversed) is a debug magic value, it's not a commercial IP. Seems like it's time to change it to a non routable IP 👍
The Monkey attempts to connect to this IP when nothing is provided, as a hard coded default value in the compiled executable (will be changed in the next release). This IP is overruled when receiving an IP from the command line, configuration file or the Monkey Island.
we have given command line argument as "-s 127.0.0.1:5000". It still listens on the the above mentioned IP. Refer the screen shot.
Also, there is no documentation for using this command. Found this config option in some other blog post.
1 - Please note, the Monkey is not listening to these IPs, it is trying to communicate with these IPs. 2 - The moment the Monkey successfully communicates with the Island, the hard coded Island IP address will be removed in favour of what you defined in the Island server.
We will remove this IP address in favour of a non routable IP in the next version.
It should have been mentioned clearly in the readme. It can't be trusted and used for PenTesting, if it is going to connect to some IP address by default and we dont know what is collecting. Hope you can remove the default IP address in next version before users start using this tool. is all features in github version same as commercial tool or is it stripped down version.
The code available through the Infection Monkey website is simply packaged versions (Deb, MSI, dockerfile, etc.) of the code available in Github.
Fixed in develop and master.
Hi,
When we try to run the application server, it listens on IP "41.50.73.31". There is no steps given to modify the listening server. After search, i found the location of config file. However, even after editing the IP address to 127.0.0.1, it still listens on "41.50.73.31". Is this your IP? Is your tool open source/free for usage or does it collect some kind of intelligence for your commercial product?