search

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform
https://www.guardicore.com/infectionmonkey/
GNU General Public License v3.0
6.56k stars 765 forks source link

Is it back connecting to Your IP? #149

Closed CSPF-Founder closed 6 years ago

CSPF-Founder commented 6 years ago

Hi,

When we try to run the application server, it listens on IP "41.50.73.31". There is no steps given to modify the listening server. After search, i found the location of config file. However, even after editing the IP address to 127.0.0.1, it still listens on "41.50.73.31". Is this your IP? Is your tool open source/free for usage or does it collect some kind of intelligence for your commercial product?

danielguardicore commented 6 years ago

Hey, The 41.50.73.31 (or 4150 and 1337 reversed) is a debug magic value, it's not a commercial IP. Seems like it's time to change it to a non routable IP 👍

The Monkey attempts to connect to this IP when nothing is provided, as a hard coded default value in the compiled executable (will be changed in the next release). This IP is overruled when receiving an IP from the command line, configuration file or the Monkey Island.

CSPF-Founder commented 6 years ago

screenshot

we have given command line argument as "-s 127.0.0.1:5000". It still listens on the the above mentioned IP. Refer the screen shot.

Also, there is no documentation for using this command. Found this config option in some other blog post.

danielguardicore commented 6 years ago

1 - Please note, the Monkey is not listening to these IPs, it is trying to communicate with these IPs. 2 - The moment the Monkey successfully communicates with the Island, the hard coded Island IP address will be removed in favour of what you defined in the Island server.

We will remove this IP address in favour of a non routable IP in the next version.

CSPF-Founder commented 6 years ago

It should have been mentioned clearly in the readme. It can't be trusted and used for PenTesting, if it is going to connect to some IP address by default and we dont know what is collecting. Hope you can remove the default IP address in next version before users start using this tool. is all features in github version same as commercial tool or is it stripped down version.

danielguardicore commented 6 years ago

The code available through the Infection Monkey website is simply packaged versions (Deb, MSI, dockerfile, etc.) of the code available in Github.

danielguardicore commented 6 years ago

Fixed in develop and master.