Infection Monkey
Breach and attack simulation (BAS) software
System security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Infection Monkey and its alternatives fit your requirements.
Completely free
Free Trial unavailable
Free version
Small
Medium
Large
- Information technology and software
- Manufacturing
- Energy and utilities
What is Infection Monkey
Infection Monkey is an open-source breach and attack simulation tool used to emulate worm-like lateral movement across enterprise networks to identify security control gaps. Security teams use it to test segmentation, credential hygiene, and detection/response coverage by observing how the agent propagates and what it can access. It focuses on internal network traversal and misconfiguration exposure rather than providing a broad library of prebuilt attack scenarios typical of commercial BAS platforms.
Open-source and self-hosted
The software is available as open source and can be deployed in a customer-controlled environment. This supports internal testing without sending telemetry to a third-party SaaS by default. It also enables code review and customization for specific lab or enterprise constraints.
Strong lateral-movement focus
The tool is designed to simulate internal propagation and lateral movement, which helps validate network segmentation and access boundaries. It can surface reachable hosts, exposed services, and paths that enable spread. This makes it useful for assessing blast radius and internal containment assumptions.
Useful for control validation
Running the simulation provides observable outcomes that can be mapped to defensive controls such as endpoint protections, credential policies, and monitoring. Teams can use results to prioritize remediation on misconfigurations and overly permissive access. It can complement broader security validation programs by concentrating on internal spread behavior.
Narrow BAS scenario coverage
Compared with commercial BAS platforms, it typically offers a narrower set of prebuilt attack techniques and campaign workflows. It is less oriented toward continuous validation across email, web, cloud, and endpoint vectors in a single console. Organizations may need additional tools to cover a wider range of adversary behaviors.
Operational overhead to run
As a self-hosted open-source tool, deployment, upgrades, and environment hardening are the customer’s responsibility. Effective use often requires security engineering effort to configure, scope safely, and interpret results. This can be a barrier for smaller teams seeking turnkey validation.
Limited enterprise governance features
Open-source tooling commonly lacks packaged capabilities such as role-based access controls, multi-tenant management, audit-ready reporting, and formal support SLAs. These gaps can complicate adoption in regulated environments. Teams may need to build internal processes and reporting around the tool.
Plan & Pricing
Infection Monkey (open-source): Free — open-source download distributed by Guardicore/Akamai (no paid tiers or pricing listed on the vendor website).
Seller details
Akamai Technologies, Inc.
Cambridge, MA, USA
1998
Public
https://www.akamai.com
https://x.com/Akamai
https://www.linkedin.com/company/akamai-technologies/
