diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
index ac4bcbcd38c..6004f9a4047 100644
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,29 +1,32 @@
----
-name: 🐛 Bug report
-about: Create a report to help us fix things!
-
----
-
-
-
-## Describe the bug
-A clear and concise description of what the bug is.
-
-## To Reproduce
-Steps to reproduce the behavior:
-1. Configure the Monkey with X settings
-2. Run the monkey on specific machine
-3. See error
-
-## Expected behavior
-A description of what you expected to happen.
-
-## Screenshots
-If applicable, add screenshots to help explain your problem.
-
-## Machine version (please complete the following information):
- - OS: Windows or Linux
+---
+name: "\U0001F41B Bug report"
+about: Create a report to help us fix things!
+title: ''
+labels: Bug
+assignees: ''
+
+---
+
+
+
+## Describe the bug
+A clear and concise description of what the bug is.
+
+## To Reproduce
+Steps to reproduce the behavior:
+1. Configure the Monkey with X settings
+2. Run the monkey on specific machine
+3. See error
+
+## Expected behavior
+A description of what you expected to happen.
+
+## Screenshots
+If applicable, add screenshots to help explain your problem.
+
+## Machine version (please complete the following information):
+ - OS: Windows or Linux
diff --git a/.github/ISSUE_TEMPLATE/Documentation_request.md b/.github/ISSUE_TEMPLATE/Documentation_request.md
new file mode 100644
index 00000000000..2a81efc7c29
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/Documentation_request.md
@@ -0,0 +1,28 @@
+---
+name: "\U0001F4C3 Documentation request"
+about: Suggest additions or fixes to our documentation hub!
+title: ''
+labels: Documentation
+assignees: ''
+
+---
+
+## Documentation request
+
+
+
+### Add a new page 🆕
+
+**What documentation you'd like us to add?**
+Put suggestion here.
+
+**Where in the documentation tree?**
+Put section here.
+
+### Edit existing content 📝
+
+**Which page(s) do you want us to edit?**
+Put link here.
+
+**What do you think should be changed?**
+Put requested changes here.
diff --git a/.github/ISSUE_TEMPLATE/Feature_request.md b/.github/ISSUE_TEMPLATE/Feature_request.md
index a59c5f6242f..37e1ab0361b 100644
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -1,6 +1,9 @@
---
name: "\U0001F680 Feature request"
about: Suggest an idea for this project
+title: ''
+labels: Feature
+assignees: ''
---
@@ -17,4 +20,4 @@ Please describe the problem you are trying to solve.
Please describe the desired behavior.
**Describe alternatives you've considered**
-Please describe alternative solutions or features you have considered.
\ No newline at end of file
+Please describe alternative solutions or features you have considered.
diff --git a/.gitignore b/.gitignore
index 960e8c67c0d..2f48a67817b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -90,3 +90,9 @@ profiler_logs/
# vim swap files
*.swp
+
+# Server config might contain credentials. Don't commit by default.
+/monkey/monkey_island/cc/server_config.json
+
+# Virtualenv
+venv/
diff --git a/.gitmodules b/.gitmodules
index 63b69ebab1f..b77ba5a43bb 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -2,3 +2,6 @@
[submodule "monkey/monkey_island/cc/services/attack/attack_data"]
path = monkey/monkey_island/cc/services/attack/attack_data
url = https://github.com/guardicore/cti
+[submodule "docs/themes/learn"]
+ path = docs/themes/learn
+ url = https://github.com/ShayNehmad/hugo-theme-learn.git
diff --git a/.travis.yml b/.travis.yml
index c7b12ca860c..d1178458b79 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,10 +18,14 @@ os: linux
install:
# Python
+- pip freeze
- pip install -r monkey/monkey_island/requirements.txt # for unit tests
-- pip install flake8 pytest dlint # for next stages
+- pip install flake8 pytest dlint isort # for next stages
- pip install coverage # for code coverage
- pip install -r monkey/infection_monkey/requirements.txt # for unit tests
+- pip install pipdeptree
+# Fail builds on possible conflicting dependencies.
+- pipdeptree --warn fail
# node + npm + eslint
- node --version
@@ -33,6 +37,17 @@ install:
- node --version
- npm --version
+# linuxbrew (for hugo)
+- git clone https://github.com/Homebrew/brew ~/.linuxbrew/Homebrew
+- mkdir ~/.linuxbrew/bin
+- ln -s ~/.linuxbrew/Homebrew/bin/brew ~/.linuxbrew/bin
+- eval $(~/.linuxbrew/bin/brew shellenv)
+
+# hugo (for documentation)
+- brew install hugo
+# print hugo version (useful for debugging documentation build errors)
+- hugo version
+
before_script:
# Set the server config to `testing`. This is required for for the UTs to pass.
- python monkey/monkey_island/cc/set_server_config.py testing
@@ -54,6 +69,9 @@ script:
- PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT=120
- if [ $(tail -n 1 flake8_warnings.txt) -gt $PYTHON_WARNINGS_AMOUNT_UPPER_LIMIT ]; then echo "Too many python linter warnings! Failing this build. Lower the amount of linter errors in this and try again. " && exit 1; fi
+## Check import order
+- python -m isort . -c -p common -p infection_monkey -p monkey_island
+
## Run unit tests
- cd monkey # This is our source dir
- python -m pytest # Have to use `python -m pytest` instead of `pytest` to add "{$builddir}/monkey/monkey" to sys.path.
@@ -65,9 +83,13 @@ script:
- cd monkey_island/cc/ui
- npm ci # See https://docs.npmjs.com/cli/ci.html
- eslint ./src --quiet # Test for errors
-- JS_WARNINGS_AMOUNT_UPPER_LIMIT=490
+- JS_WARNINGS_AMOUNT_UPPER_LIMIT=28
- eslint ./src --max-warnings $JS_WARNINGS_AMOUNT_UPPER_LIMIT # Test for max warnings
+# Build documentation
+- cd $TRAVIS_BUILD_DIR/docs
+- hugo --verbose --environment staging
+
after_success:
# Upload code coverage results to codecov.io, see https://github.com/codecov/codecov-bash for more information
- bash <(curl -s https://codecov.io/bash)
diff --git a/README.md b/README.md
index bf976845938..63d4bd37d32 100644
--- a/README.md
+++ b/README.md
@@ -51,17 +51,16 @@ The Infection Monkey uses the following techniques and exploits to propagate to
* SambaCry
* Elastic Search (CVE-2015-1427)
* Weblogic server
- * and more
+ * and more, see our [Documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/exploiters/) for more information about our RCE exploiters.
## Setup
-Check out the [Setup](https://github.com/guardicore/monkey/wiki/setup) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/wt/).
+Check out the [Setup](https://www.guardicore.com/infectionmonkey/docs/setup/) page in the Wiki or a quick getting [started guide](https://www.guardicore.com/infectionmonkey/docs/usage/getting-started/).
-The Infection Monkey supports a variety of platforms, documented [in the wiki](https://github.com/guardicore/monkey/wiki/OS-compatibility).
+The Infection Monkey supports a variety of platforms, documented [in our documentation hub](https://www.guardicore.com/infectionmonkey/docs/reference/operating_systems_support/).
## Building the Monkey from source
-To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts) folder.
-If you only want to build the monkey from source, see [Setup](https://github.com/guardicore/monkey/wiki/Setup#compile-it-yourself)
-and follow the instructions at the readme files under [infection_monkey](monkey/infection_monkey) and [monkey_island](monkey/monkey_island).
+To deploy development version of monkey you should refer to readme in the [deployment scripts](deployment_scripts)
+folder or follow documentation in [documentation hub](https://www.guardicore.com/infectionmonkey/docs/development/setup-development-environment/).
### Build status
| Branch | Status |
diff --git a/deployment_scripts/config b/deployment_scripts/config
index 5607d37fd9b..bda54e3905e 100644
--- a/deployment_scripts/config
+++ b/deployment_scripts/config
@@ -1,21 +1,44 @@
#!/usr/bin/env bash
# Absolute monkey's path
-MONKEY_FOLDER_NAME="infection_monkey"
+export MONKEY_FOLDER_NAME="infection_monkey"
# Url of public git repository that contains monkey's source code
-MONKEY_GIT_URL="https://github.com/guardicore/monkey"
+export MONKEY_GIT_URL="https://github.com/guardicore/monkey"
+
+get_latest_release() {
+ curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub API
+ grep '"tag_name":' | # Get tag line
+ sed -E 's/.*"([^"]+)".*/\1/' # Pluck JSON value
+}
+
+MONKEY_LATEST_RELEASE=$(get_latest_release "monkey/guardicore")
# Monkey binaries
-LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/monkey-linux-32"
LINUX_32_BINARY_NAME="monkey-linux-32"
-LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/monkey-linux-64"
+LINUX_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-32"
+export LINUX_32_BINARY_URL
+export LINUX_32_BINARY_NAME
+
LINUX_64_BINARY_NAME="monkey-linux-64"
-WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/monkey-windows-32.exe"
+LINUX_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-linux-64"
+export LINUX_64_BINARY_URL
+export LINUX_64_BINARY_NAME
+
WINDOWS_32_BINARY_NAME="monkey-windows-32.exe"
-WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/monkey-windows-64.exe"
+WINDOWS_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-32.exe"
+export WINDOWS_32_BINARY_URL
+export WINDOWS_32_BINARY_NAME
+
WINDOWS_64_BINARY_NAME="monkey-windows-64.exe"
+WINDOWS_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/monkey-windows-64.exe"
+export WINDOWS_64_BINARY_URL
+export WINDOWS_64_BINARY_NAME
# Other binaries for monkey
-TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/traceroute64"
-TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/traceroute32"
-SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/sc_monkey_runner64.so"
-SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/v1.7.0/sc_monkey_runner32.so"
\ No newline at end of file
+TRACEROUTE_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute64"
+export TRACEROUTE_64_BINARY_URL
+TRACEROUTE_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/traceroute32"
+export TRACEROUTE_32_BINARY_URL
+SAMBACRY_64_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner64.so"
+export SAMBACRY_64_BINARY_URL
+SAMBACRY_32_BINARY_URL="https://github.com/guardicore/monkey/releases/download/$($MONKEY_LATEST_RELEASE)/sc_monkey_runner32.so"
+export SAMBACRY_32_BINARY_URL
diff --git a/deployment_scripts/config.ps1 b/deployment_scripts/config.ps1
index b18b7c63c95..21b9beca679 100644
--- a/deployment_scripts/config.ps1
+++ b/deployment_scripts/config.ps1
@@ -1,12 +1,14 @@
# Absolute monkey's path
$MONKEY_FOLDER_NAME = "infection_monkey"
# Url of public git repository that contains monkey's source code
+$MONKEY_REPO = "guardicore/monkey"
$MONKEY_GIT_URL = "https://github.com/guardicore/monkey"
$MONKEY_RELEASES_URL = $MONKEY_GIT_URL + "/releases"
-$MONKEY_LATEST_VERSION = "v1.7.0"
+$MONKEY_API_RELEASES_URL = "https://api.github.com/repos/$MONKEY_REPO/releases"
+$MONKEY_LATEST_VERSION = (Invoke-WebRequest $MONKEY_API_RELEASES_URL | ConvertFrom-Json)[0].tag_name
$MONKEY_DOWNLOAD_URL = $MONKEY_RELEASES_URL + "/download/" + $MONKEY_LATEST_VERSION + "/"
# Link to the latest python download or install it manually
-$PYTHON_URL = "https://www.python.org/ftp/python/3.7.6/python-3.7.6-amd64.exe"
+$PYTHON_URL = "https://www.python.org/ftp/python/3.7.7/python-3.7.7-amd64.exe"
# Monkey binaries
@@ -29,8 +31,6 @@ $TRACEROUTE_32_BINARY_URL = $MONKEY_DOWNLOAD_URL + "traceroute32"
$MONKEY_ISLAND_DIR = Join-Path "\monkey" -ChildPath "monkey_island"
$MONKEY_DIR = Join-Path "\monkey" -ChildPath "infection_monkey"
$SAMBA_BINARIES_DIR = Join-Path -Path $MONKEY_DIR -ChildPath "\bin"
-$MK32_DLL = "mk32.zip"
-$MK64_DLL = "mk64.zip"
$TEMP_PYTHON_INSTALLER = ".\python.exe"
$TEMP_MONGODB_ZIP = ".\mongodb.zip"
$TEMP_OPEN_SSL_ZIP = ".\openssl.zip"
@@ -44,6 +44,4 @@ $MONGODB_URL = "https://downloads.mongodb.org/win32/mongodb-win32-x86_64-2012plu
$OPEN_SSL_URL = "https://indy.fulgan.com/SSL/openssl-1.0.2u-x64_86-win64.zip"
$CPP_URL = "https://go.microsoft.com/fwlink/?LinkId=746572"
$NPM_URL = "https://nodejs.org/dist/v12.14.1/node-v12.14.1-x64.msi"
-$MK32_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk32.zip"
-$MK64_DLL_URL = "https://github.com/guardicore/mimikatz/releases/download/1.1.0/mk64.zip"
$UPX_URL = "https://github.com/upx/upx/releases/download/v3.96/upx-3.96-win64.zip"
diff --git a/deployment_scripts/deploy_windows.ps1 b/deployment_scripts/deploy_windows.ps1
index 6872f5c3a9f..3a57e9dcb6a 100644
--- a/deployment_scripts/deploy_windows.ps1
+++ b/deployment_scripts/deploy_windows.ps1
@@ -226,20 +226,6 @@ function Deploy-Windows([String] $monkey_home = (Get-Item -Path ".\").FullName,
Remove-Item $TEMP_UPX_ZIP
}
- # Download mimikatz binaries
- $mk32_path = Join-Path -Path $binDir -ChildPath $MK32_DLL
- if (!(Test-Path -Path $mk32_path))
- {
- "Downloading mimikatz 32 binary"
- $webClient.DownloadFile($MK32_DLL_URL, $mk32_path)
- }
- $mk64_path = Join-Path -Path $binDir -ChildPath $MK64_DLL
- if (!(Test-Path -Path $mk64_path))
- {
- "Downloading mimikatz 64 binary"
- $webClient.DownloadFile($MK64_DLL_URL, $mk64_path)
- }
-
# Download sambacry binaries
$samba_path = Join-Path -Path $monkey_home -ChildPath $SAMBA_BINARIES_DIR
$samba32_path = Join-Path -Path $samba_path -ChildPath $SAMBA_32_BINARY_NAME
diff --git a/docs/.gitignore b/docs/.gitignore
new file mode 100644
index 00000000000..9ae0f082138
--- /dev/null
+++ b/docs/.gitignore
@@ -0,0 +1,2 @@
+/public/
+/resources/_gen/
diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 00000000000..96129ce857e
--- /dev/null
+++ b/docs/README.md
@@ -0,0 +1,5 @@
+# Monkey documentation
+
+This folder contains the Monkey Documentation site.
+
+For more information see `content/development/contribute-documentation.md`.
diff --git a/docs/archetypes/default.md b/docs/archetypes/default.md
new file mode 100644
index 00000000000..00e77bd79be
--- /dev/null
+++ b/docs/archetypes/default.md
@@ -0,0 +1,6 @@
+---
+title: "{{ replace .Name "-" " " | title }}"
+date: {{ .Date }}
+draft: true
+---
+
diff --git a/docs/config/_default/config.toml b/docs/config/_default/config.toml
new file mode 100644
index 00000000000..5b582c7cd71
--- /dev/null
+++ b/docs/config/_default/config.toml
@@ -0,0 +1,69 @@
+# when deploying to prod, use baseURL = "https://www.guardicore.com/infectionmonkey/docs"
+# baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
+baseURL = ""
+languageCode = "en-us"
+title = "Guardicore Infection Monkey - Documentation Hub"
+
+theme = "learn"
+
+[params]
+ # Change default color scheme with a variant one. See it in the themes folder.
+ themeVariant = "monkey"
+ # Prefix URL to edit current page. Will display an "Edit this page" button on top right hand corner of every page.
+ editURL = "https://github.com/guardicore/monkey/edit/develop/docs/content/"
+ # Author of the site, will be used in meta information
+ author = "Guardicore"
+ # Description of the site, will be used in meta information
+ description = "Guardicore Infection Monkey - Documentation hub"
+ # Shows a checkmark for visited pages on the menu
+ showVisitedLinks = false
+ # Disable search function. It will hide search bar
+ disableSearch = false
+ # Javascript and CSS cache are automatically busted when new version of site is generated.
+ # Set this to true to disable this behavior (some proxies don't handle well this optimization)
+ disableAssetsBusting = false
+ # Set this to true to disable copy-to-clipboard button for inline code.
+ disableInlineCopyToClipBoard = false
+ # A title for shortcuts in menu is set by default. Set this to true to disable it.
+ disableShortcutsTitle = false
+ # When using mulitlingual website, disable the switch language button.
+ disableLanguageSwitchingButton = false
+ # Hide breadcrumbs in the header and only show the current page title
+ disableBreadcrumb = false
+ # Hide Next and Previous page buttons normally displayed full height beside content
+ disableNextPrev = true
+ # Order sections in menu by "weight" or "title". Default to "weight"
+ ordersectionsby = "weight"
+ # Provide a list of custom css files to load relative from the `static/` folder in the site root.
+ custom_css = ["css/labels.css", "css/shadow_around_images.css"]
+
+[outputs]
+ home = ["HTML", "RSS", "JSON"]
+
+[[menu.shortcuts]]
+name = " Homepage"
+identifier = "homepage"
+url = "https://infectionmonkey.com"
+weight = 10
+
+[[menu.shortcuts]]
+name = " GitHub"
+identifier = "github"
+url = "https://github.com/guardicore/monkey"
+weight = 20
+
+[[menu.shortcuts]]
+name = " Slack"
+identifier = "slack"
+url = "https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU"
+weight = 30
+
+[[menu.shortcuts]]
+name = " Email"
+identifier = "email"
+url = "mailto:support@infectionmonkey.com"
+weight = 40
+
+# Enables raw html in markdown.
+[markup.goldmark.renderer]
+unsafe = true
diff --git a/docs/config/production/config.toml b/docs/config/production/config.toml
new file mode 100644
index 00000000000..819657d4ce1
--- /dev/null
+++ b/docs/config/production/config.toml
@@ -0,0 +1,2 @@
+baseURL = "https://www.guardicore.com/infectionmonkey/docs"
+canonifyURLs = true
diff --git a/docs/config/staging/config.toml b/docs/config/staging/config.toml
new file mode 100644
index 00000000000..dd159fdd8a0
--- /dev/null
+++ b/docs/config/staging/config.toml
@@ -0,0 +1,2 @@
+baseURL = "https://staging-covuyicu.kinsta.cloud/infectionmonkey/docs/"
+canonifyURLs = true
diff --git a/docs/content/FAQ/_index.md b/docs/content/FAQ/_index.md
new file mode 100644
index 00000000000..5e0ef505ec3
--- /dev/null
+++ b/docs/content/FAQ/_index.md
@@ -0,0 +1,154 @@
+---
+title: "FAQ"
+date: 2020-06-18T15:11:52+03:00
+draft: false
+pre: " "
+---
+
+Here are some of the most common questions we receive about the Infection Monkey. If the answer you’re looking for isn’t here, talk with us [on our Slack channel](https://infectionmonkey.slack.com/), email us at [support@infectionmonkey.com](mailto:support@infectionmonkey.com) or [open an issue on GitHub](https://github.com/guardicore/monkey).
+
+- [Where can I get the latest Monkey version? 📰](#where-can-i-get-the-latest-monkey-version)
+- [How long does a single Monkey run for? Is there a time limit?](#how-long-does-a-single-monkey-run-for-is-there-a-time-limit)
+- [Should I run the Monkey continuously?](#should-i-run-the-monkey-continuously)
+ - [Which queries does Monkey perform to the Internet exactly?](#which-queries-does-monkey-perform-to-the-internet-exactly)
+- [Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?](#where-can-i-find-the-log-files-of-the-monkey-and-the-monkey-island-and-how-can-i-read-them)
+ - [Monkey Island](#monkey-island)
+ - [Monkey agent](#monkey-agent)
+- [Running the Monkey in a production environment](#running-the-monkey-in-a-production-environment)
+ - [How much of a footprint does the Monkey leave?](#how-much-of-a-footprint-does-the-monkey-leave)
+ - [What’s the Monkey’s impact on system resources usage?](#whats-the-monkeys-impact-on-system-resources-usage)
+ - [Is it safe to use real passwords and usernames in the Monkey’s configuration?](#is-it-safe-to-use-real-passwords-and-usernames-in-the-monkeys-configuration)
+ - [How do you store sensitive information on Monkey Island?](#how-do-you-store-sensitive-information-on-monkey-island)
+ - [How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?](#how-stable-are-the-exploitations-used-by-the-monkey-will-the-monkey-crash-my-systems-with-its-exploits)
+- [After I’ve set up Monkey Island, how can I execute the Monkey?](#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey)
+- [How can I make the monkey propagate “deeper” into the network?](#how-can-i-make-the-monkey-propagate-deeper-into-the-network)
+- [The report returns a blank screen](#the-report-returns-a-blank-screen)
+- [How can I get involved with the project? 👩💻👨💻](#how-can-i-get-involved-with-the-project)
+
+## Where can I get the latest Monkey version? 📰
+
+For the latest **stable** release for users, visit [our downloads page](https://www.guardicore.com/infectionmonkey/#download). **This is the recommended and supported version**!
+
+If you want to see what has changed between versions, refer to the [releases page on GitHub](https://github.com/guardicore/monkey/releases). For the latest development version, visit the [develop version on GitHub](https://github.com/guardicore/monkey/tree/develop).
+
+## How long does a single Monkey run for? Is there a time limit?
+
+The Monkey shuts off either when it can't find new victims, or when it has exceeded the quota of victims as defined in the configuration.
+
+## Should I run the Monkey continuously?
+
+Yes! This will allow you to verify that no new security issues were identified by the Monkey since the last time you ran it.
+
+Does the Infection Monkey require a connection to the Internet?
+
+The Infection Monkey does not require internet access to function.
+
+If internet access is available, the Monkey will use the Internet for two purposes:
+
+- To check for updates.
+- To check if machines can reach the internet.
+
+### Which queries does Monkey perform to the Internet exactly?
+
+The Monkey performs queries out to the Internet on two separate occasions:
+
+1. The Infection Monkey agent checks if it has internet access by performing requests to pre-configured domains. By default, these domains are `updates.infectionmonkey.com` and `www.google.com`. The request doesn't include any extra information - it's a GET request with no extra parameters. Since the Infection Monkey is 100% open-source, you can find the domains in the configuration [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/config.py#L152) and the code that performs the internet check [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/infection_monkey/network/info.py#L123). This **IS NOT** used for statistics collection.
+1. After installation of the Monkey Island, the Monkey Island sends a request to check for updates. The request doesn't include any PII other than the IP address of the request. It also includes the server's deployment type (e.g. Windows Server, Debian Package, AWS Marketplace, etc.) and the server's version (e.g. "1.6.3"), so we can check if we have an update available for this type of deployment. Since the Infection Monkey is 100% open-source, you can inspect the code that performs this [here](https://github.com/guardicore/monkey/blob/85c70a3e7125217c45c751d89205e95985b279eb/monkey/monkey_island/cc/services/version_update.py#L37). This **IS** used for statistics collection. However due to the anonymous nature of this data we use this to get an aggregate assumption as to how many deployments we see over a specific time period - no "personal" tracking.
+
+## Where can I find the log files of the Monkey and the Monkey Island, and how can I read them?
+
+### Monkey Island
+
+The Monkey Island’s log file can be downloaded directly from the UI. Click the “log” section and choose “Download Monkey Island internal logfile”, like so:
+
+![How to download Monkey Island internal log file](/images/faq/download_log_monkey_island.png "How to download Monkey Island internal log file")
+
+It can also be found as a local file on the Monkey Island server, where the Monkey Island was executed, called `info.log`.
+
+The log enables you to see which requests were requested from the server, and extra logs from the backend logic. The log will contain entries like these ones for example:
+
+```log
+2019-07-23 10:52:23,927 - wsgi.py:374 - _log() - INFO - 200 GET /api/local-monkey (10.15.1.75) 17.54ms
+2019-07-23 10:52:23,989 - client_run.py:23 - get() - INFO - Monkey is not running
+2019-07-23 10:52:24,027 - report.py:580 - get_domain_issues() - INFO - Domain issues generated for reporting
+```
+
+### Monkey agent
+
+The Monkey log file can be found in the following paths on machines where it was executed:
+
+- Path on Linux: `/tmp/user-1563`
+- Path on Windows: `%temp%\\~df1563.tmp`
+
+The logs contain information about the internals of the Monkey’s execution. The log will contain entries like these ones for example:
+
+```log
+2019-07-22 19:16:44,228 [77598:140654230214464:INFO] main.main.116: >>>>>>>>>> Initializing monkey (InfectionMonkey): PID 77598 <<<<<<<<<<
+2019-07-22 19:16:44,231 [77598:140654230214464:INFO] monkey.initialize.54: Monkey is initializing...
+2019-07-22 19:16:44,231 [77598:140654230214464:DEBUG] system_singleton.try_lock.95: Global singleton mutex '{2384ec59-0df8-4ab9-918c-843740924a28}' acquired
+2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] monkey.initialize.81: Added default server: 10.15.1.96:5000
+2019-07-22 19:16:44,234 [77598:140654230214464:INFO] monkey.start.87: Monkey is running...
+2019-07-22 19:16:44,234 [77598:140654230214464:DEBUG] control.find_server.65: Trying to wake up with Monkey Island servers list: ['10.15.1.96:5000', '192.0.2.0:5000']
+2019-07-22 19:16:44,235 [77598:140654230214464:DEBUG] control.find_server.78: Trying to connect to server: 10.15.1.96:5000
+2019-07-22 19:16:44,238 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): 10.15.1.96:5000
+2019-07-22 19:16:44,249 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://10.15.1.96:5000 "GET /api?action=is-up HTTP/1.1" 200 15
+2019-07-22 19:16:44,253 [77598:140654230214464:DEBUG] connectionpool._new_conn.815: Starting new HTTPS connection (1): updates.infectionmonkey.com:443
+2019-07-22 19:16:45,013 [77598:140654230214464:DEBUG] connectionpool._make_request.396: https://updates.infectionmonkey.com:443 "GET / HTTP/1.1" 200 61
+```
+
+## Running the Monkey in a production environment
+
+### How much of a footprint does the Monkey leave?
+
+The Monkey leaves hardly any trace on the target system. It will leave:
+
+- Log files in the following locations:
+ - Path on Linux: `/tmp/user-1563`
+ - Path on Windows: `%temp%\\~df1563.tmp`
+
+### What’s the Monkey’s impact on system resources usage?
+
+The Infection Monkey uses less than single-digit percent of CPU time and very low RAM usage. For example, on a single-core Windows Server machine, the Monkey consistently uses 0.06% CPU, less than 80MB of RAM and a small amount of I/O periodically.
+
+If you do experience any performance issues please let us know on [our Slack channel](https://infectionmonkey.slack.com/) or via [opening an issue on GitHub](https://github.com/guardicore/monkey).
+
+### Is it safe to use real passwords and usernames in the Monkey’s configuration?
+
+Absolutely! User credentials are stored encrypted in the Monkey Island server. This information is then accessible only to users that have access to the Island.
+
+We advise to limit access to the Monkey Island server by following our [password protection guide](../usage/island/password-guide).
+
+### How do you store sensitive information on Monkey Island?
+
+Sensitive data such as passwords, SSH keys and hashes are stored on the Monkey Island’s database in an encrypted fashion. This data is transmitted to the Infection Monkeys in an encrypted fashion (HTTPS) and is not stored locally on the victim machines.
+
+When you reset the Monkey Island configuration, the Monkey Island wipes the information.
+
+### How stable are the exploitations used by the Monkey? Will the Monkey crash my systems with its exploits?
+
+The Monkey does not use any exploits or attacks that may impact the victim system.
+
+This means we avoid using some very strong (and famous) exploits such as [EternalBlue](https://www.guardicore.com/2017/05/detecting-mitigating-wannacry-copycat-attacks-using-guardicore-centra-platform/). This exploit was used in WannaCry and NotPetya with huge impact. But because it may crash a production system, we aren’t using it.
+
+## After I’ve set up Monkey Island, how can I execute the Monkey?
+
+See our detailed [getting started](../content/usage/getting-started) guide.
+
+## How can I make the monkey propagate “deeper” into the network?
+
+If you wish to simulate a very “deep” attack into your network, you can try to increase the *propagation depth* parameter in the configuration. This parameter tells the Monkey how far to propagate into your network from the “patient zero” machine in which it was launched manually.
+
+To do this, change the “Distance from Island” parameter in the “Basic - Network” tab of the configuration:
+
+![How to increase propagation depth](/images/faq/prop_depth.png "How to increase propagation depth")
+
+## The report returns a blank screen
+
+This is sometimes caused when Monkey Island is installed with an old version of MongoDB. Make sure your MongoDB version is up to date using the `mongod --version` command on Linux or the `mongod -version` command on Windows. If your version is older than **4.0.10**, this might be the problem. To update your Mongo version:
+
+- **Linux**: First, uninstall the current version with `sudo apt uninstall mongodb` and then install the latest version using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/).
+- **Windows**: First, remove the MongoDB binaries from the `monkey\monkey_island\bin\mongodb` folder. Download and install the latest version of mongodb using the [official mongodb manual](https://docs.mongodb.com/manual/administration/install-community/). After installation is complete, copy the files from the `C:\Program Files\MongoDB\Server\4.2\bin` folder to the `monkey\monkey_island\bin\mongodb folder`. Try to run the Island again and everything should work.
+
+## How can I get involved with the project? 👩💻👨💻
+
+The Monkey is an open-source project, and we weclome contributions and contributors. Check out the [contribution documentation](../development) for more information.
diff --git a/docs/content/_index.md b/docs/content/_index.md
new file mode 100644
index 00000000000..f363f724398
--- /dev/null
+++ b/docs/content/_index.md
@@ -0,0 +1,30 @@
+---
+title: "Infection Monkey Documentation Hub"
+date: 2020-05-26T18:15:37+03:00
+draft: false
+---
+
+# Infection Monkey documentation hub
+
+{{< homepage_shortcuts >}}
+
+## What is Guardicore Infection Monkey?
+
+The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island Command and Control server.
+
+![Infection Monkey Documentation Hub Logo](/images/monkey-teacher.svg?height=400px "Infection Monkey Documentation Hub Logo")
+
+The Infection Monkey is comprised of two parts:
+
+* Monkey - A tool which infects other machines and propagates to them.
+* Monkey Island - A dedicated UI to visualize the Infection Monkey's progress inside the data center.
+
+To read more about the Monkey and download it, visit [our homepage](https://infectionmonkey.com/).
+
+## Getting Started
+
+If you haven't downloaded Infection Monkey yet you can do so [from our homepage](https://www.guardicore.com/infectionmonkey/#download). After downloading the Monkey, install it using one of our [setup guides](setup), and read our [getting started guide](usage/getting-started) for a quick-start on Monkey!
+
+## Support and community
+
+If you need help or want to talk all things Monkey, you can [join our public Slack workspace](https://join.slack.com/t/infectionmonkey/shared_invite/enQtNDU5MjAxMjg1MjU1LWM0NjVmNWE2ZTMzYzAxOWJiYmMxMzU0NWU3NmUxYjcyNjk0YWY2MDkwODk4NGMyNDU4NzA4MDljOWNmZWViNDU) or [contact us via Email](mailto:support@infectionmonkey.com).
diff --git a/docs/content/development/_index.md b/docs/content/development/_index.md
new file mode 100644
index 00000000000..deab32e6c0b
--- /dev/null
+++ b/docs/content/development/_index.md
@@ -0,0 +1,43 @@
++++
+title = "Contribute"
+date = 2020-05-26T20:55:04+03:00
+weight = 30
+chapter = true
+pre = ' '
+tags = ["development", "contribute"]
++++
+
+# Securing networks together
+
+Want to help secure networks? That's great!
+
+## How should I start?
+
+Here's a few short links to help you get started.
+
+* [Getting up and running](../setup-development-environment) - To help you get a working development setup.
+* [Contributing guidelines](https://github.com/guardicore/monkey/blob/master/CONTRIBUTING.md) - Some guidelines to help you submit.
+
+## What are we looking for?
+
+You can take a look at [our roadmap](https://github.com/guardicore/monkey/projects/5) to see what issues we're thinking about doing soon. We are looking for:
+
+### More exploits! 💥
+
+The best way to find weak spots in the network is by attacking it. The [Exploit template](https://github.com/guardicore/monkey/wiki/Exploit-templates) page will help you add exploits.
+
+It's important to note that the Infection Monkey must be perfectly reliable otherwise no one will use it, so avoid memory corruption exploits _unless they're rock solid_ and focus on the logical vulns such as Shellshock.
+
+### Analysis plugins 🔬
+
+Successfully attacking every server in the network is no good unless the Monkey can explain how to prevent the attack. Whether it's detecting when the Monkey is using stolen credentials or when the Monkey can escape locked down networks, this is the part that actually helps secure different parts.
+
+### Better code 💪
+
+We always want to improve the core Monkey code, to make it smaller, faster and more reliable. If you have an idea of how to do it, or just want to modularise/improve test coverage for the code, do share!
+
+### Documentation 📚
+
+Every project requires better documentation. The Monkey is no different, so feel free to open PRs with suggestions, improvements or issues asking us to document different parts of the Monkey.
+
+The Monkey's documentation is stored in the `/docs/content` directory.
diff --git a/docs/content/development/add-zero-trust-test.md b/docs/content/development/add-zero-trust-test.md
new file mode 100644
index 00000000000..d43dcacef9b
--- /dev/null
+++ b/docs/content/development/add-zero-trust-test.md
@@ -0,0 +1,26 @@
+---
+title: "Adding Zero Trust Tests"
+date: 2020-07-14T10:19:08+03:00
+draft: false
+weight: 100
+---
+
+## How to add a new Zero Trust test to the Monkey?
+
+Assuming the Monkey agent is already sending the relevant telemetry, you'll need to add the test in two places.
+
+### `zero_trust_consts.py`
+
+In the file `/monkey/common/data/zero_trust_consts.py`,
+
+1. Add the test name to the TESTS set
+2. Add a relevant recommendation if exists
+3. Add the test to the TESTS_MAP dict. Make sure that all statuses (except `STATUS_UNEXECUTED`) have finding explanations.
+
+### `telemetry/processing.py`
+
+Find the relevant telemetry type you wish to test the finding in. This can be found in `/monkey/monkey_island/cc/services/telemetry/processing.py`. In the relevant `process_*_telemetry` function, add your Zero Trust testing code. Please put the zero trust tests under the `/monkey/monkey_island/cc/services/telemetry/zero_trust_tests` directory. There you can find examples of existing tests as well, so you'll know pretty much what you need to write.
+
+## How to test the new Zero Trust test I've implemented?
+
+Test ALL possible finding statuses you've defined in a fake network. Observe the events as well and see they were formatted correctly. If there's an algorithmic part to your Zero Trust test, please cover it using a Unit Test.
diff --git a/docs/content/development/adding-exploits.md b/docs/content/development/adding-exploits.md
new file mode 100644
index 00000000000..d6af6814c8e
--- /dev/null
+++ b/docs/content/development/adding-exploits.md
@@ -0,0 +1,7 @@
+---
+title: "Adding Exploits"
+date: 2020-06-08T19:53:00+03:00
+draft: true
+tags: ["contribute"]
+weight: 50
+---
diff --git a/docs/content/development/adding-post-breach-actions.md b/docs/content/development/adding-post-breach-actions.md
new file mode 100644
index 00000000000..a5445bfc999
--- /dev/null
+++ b/docs/content/development/adding-post-breach-actions.md
@@ -0,0 +1,76 @@
+---
+title: "Adding Post Breach Actions"
+date: 2020-06-08T19:53:13+03:00
+draft: false
+tags: ["contribute"]
+weight: 90
+---
+
+## What's this?
+
+This guide will show you how to create a new _Post Breach action_ for the Infection Monkey. _Post Breach actions_ are "extra" actions that the Monkey can perform on the victim machines after it propagated to them.
+
+## Do I need a new PBA?
+
+If all you want is to execute shell commands, then there's no need to add a new PBA - just configure the required commands in the Monkey Island configuration! If you think that those specific commands have reuse value in all deployments and not just your own, you can add a new PBA. If you need to run actual Python code, you must add a new PBA.
+
+## How to add a new PBA
+
+### Monkey side
+
+#### Framework
+
+1. Create your new action in the following directory: `monkey/infection_monkey/post_breach/actions` by first creating a new file with the name of your action.
+2. In that file, create a class that inherits from the `PBA` class:
+
+```python
+from infection_monkey.post_breach.pba import PBA
+
+class MyNewPba(PBA):
+```
+
+3. Set the action name in the constructor, like so:
+
+```python
+class MyNewPba(PBA):
+ def __init__(self):
+ super(MyNewPba, self).__init__(name="MyNewPba")
+```
+
+#### Implementation
+
+If your PBA consists only of simple shell commands, you can reuse the generic PBA by passing the commands into the constructor. See the `add_user.py` PBA for reference.
+
+Otherwise, you'll need to override the `run` method with your own implementation. See the `communicate_as_new_user.py` PBA for reference. Make sure to send the relevant PostBreachTelem upon success/failure. You can log during the PBA as well.
+
+### Island side
+
+#### Configuration
+
+You'll need to add your PBA to the `config_schema.py` file, under `post_breach_acts`, like so:
+
+```json
+"post_breach_acts": {
+ "title": "Post breach actions",
+ "type": "string",
+ "anyOf": [
+ # ...
+ {
+ "type": "string",
+ "enum": [
+ "MyNewPba"
+ ],
+ "title": "My new PBA",
+ "attack_techniques": []
+ },
+ ],
+ },
+```
+
+Now you can choose your PBA when configuring the Monkey on the Monkey island:
+
+![PBA in configuration](https://i.imgur.com/9PrcWr0.png)
+
+#### Telemetry processing
+
+If you wish to process your Post Breach action telemetry (for example, to analyze it for report data), add a processing function to the `POST_BREACH_TELEMETRY_PROCESSING_FUNCS` which can be found at `monkey/monkey_island/cc/services/telemetry/processing/post_breach.py`. You can look at the `process_communicate_as_new_user_telemetry` method as an example.
diff --git a/docs/content/development/adding-system-info-collectors.md b/docs/content/development/adding-system-info-collectors.md
new file mode 100644
index 00000000000..c9916e34b65
--- /dev/null
+++ b/docs/content/development/adding-system-info-collectors.md
@@ -0,0 +1,101 @@
+---
+title: "Adding System Info Collectors"
+date: 2020-06-09T11:03:42+03:00
+draft: false
+tags: ["contribute"]
+weight: 80
+---
+
+## What's this?
+
+This guide will show you how to create a new _System Info Collector_ for the Infection Monkey. _System Info Collectors_ are modules which each Monkey runs, that collect specific information and sends it back to the Island as part of the System Info Telemetry.
+
+### Do I need a new System Info Controller?
+
+If all you want is to execute a shell command, then there's no need to add a new collector - just configure the required commands in the Monkey Island configuration in the PBA section! Also, if there is a relevant collector and you only need to add more information to it, expand the existing one. Otherwise, you must add a new Collector.
+
+## How to add a new System Info Collector
+
+### Monkey side
+
+#### Framework
+
+1. Create your new collector in the following directory: `monkey/infection_monkey/system_info/collectors` by first creating a new file with the name of your collector.
+2. In that file, create a class that inherits from the `SystemInfoCollector` class:
+
+```py
+from infection_monkey.system_info.system_info_collector import SystemInfoCollector
+
+class MyNewCollector(SystemInfoCollector):
+```
+
+3. Set the Collector name in the constructor, like so:
+
+```py
+class MyNewCollector(SystemInfoCollector):
+ def __init__(self):
+ super(MyNewCollector, self).__init__(name="MyNewCollector")
+```
+
+#### Implementation
+
+Override the `collect` method with your own implementation. See the `EnvironmentCollector.py` Collector for reference. You can log during collection as well.
+
+### Island side
+
+#### Island Configuration
+
+##### Definitions
+
+You'll need to add your Collector to the `monkey_island/cc/services/config_schema.py` file, under `definitions/system_info_collectors_classes/anyOf`, like so:
+
+```json
+"system_info_collectors_classes": {
+ "title": "System Information Collectors",
+ "type": "string",
+ "anyOf": [
+ {
+ "type": "string",
+ "enum": [
+ "EnvironmentCollector"
+ ],
+ "title": "Which Environment this machine is on (on prem/cloud)",
+ "attack_techniques": []
+ },
+ { <=================================
+ "type": "string", <=================================
+ "enum": [ <=================================
+ "MyNewCollector" <=================================
+ ], <=================================
+ "title": "My new title", <=================================
+ "attack_techniques": [] <=================================
+ },
+ ],
+},
+```
+
+##### properties
+
+Also, you can add the Collector to be used by default by adding it to the `default` key under `properties/monkey/system_info/system_info_collectors_classes`:
+
+```json
+"system_info_collectors_classes": {
+ "title": "System info collectors",
+ "type": "array",
+ "uniqueItems": True,
+ "items": {
+ "$ref": "#/definitions/system_info_collectors_classes"
+ },
+ "default": [
+ "EnvironmentCollector",
+ "MyNewCollector" <=================================
+ ],
+ "description": "Determines which system information collectors will collect information."
+},
+```
+
+#### Telemetry processing
+
+1. Add a process function under `monkey_island/cc/telemetry/processing/system_info_collectors/{DATA_NAME_HERE}.py`. The function should parse the collector's result. See `processing/system_info_collectors/environment.py` for example.
+
+2. Add that function to `SYSTEM_INFO_COLLECTOR_TO_TELEMETRY_PROCESSORS` under `monkey_island/cc/services/telemetry/processing/system_info_collectors/system_info_telemetry_dispatcher.py`.
diff --git a/docs/content/development/contribute-documentation.md b/docs/content/development/contribute-documentation.md
new file mode 100644
index 00000000000..5d6913edb46
--- /dev/null
+++ b/docs/content/development/contribute-documentation.md
@@ -0,0 +1,104 @@
+---
+title: "Contribute Documentation"
+date: 2020-06-17T17:31:54+03:00
+draft: false
+weight: 1
+tags: ["contribute"]
+---
+
+The `/docs` folder contains the Monkey Documentation site.
+
+The site is based on [Hugo](https://gohugo.io/) and the [learn](https://themes.gohugo.io/theme/hugo-theme-learn/en) theme.
+
+- [Directory Structure](#directory-structure)
+ - [content](#content)
+ - [static](#static)
+ - [config](#config)
+ - [themes](#themes)
+ - [layouts and archtypes](#layouts-and-archtypes)
+ - [public and resources](#public-and-resources)
+- [How to contribute](#how-to-contribute)
+ - [Requirements](#requirements)
+ - [Adding and editing content](#adding-and-editing-content)
+ - [Add a new page](#add-a-new-page)
+ - [Editing an existing page](#editing-an-existing-page)
+ - [Building the content](#building-the-content)
+ - [Serve the documentation locally](#serve-the-documentation-locally)
+ - [Build the content for deployment](#build-the-content-for-deployment)
+ - [Troubleshooting](#troubleshooting)
+ - [`Error: Unable to locate config file or config directory. Perhaps you need to create a new site.`](#error-unable-to-locate-config-file-or-config-directory-perhaps-you-need-to-create-a-new-site)
+ - [`failed to extract shortcode: template for shortcode "children" not found` or theme doesn't seem right?](#failed-to-extract-shortcode-template-for-shortcode-children-not-found-or-theme-doesnt-seem-right)
+ - [CSS is missing](#css-is-missing)
+
+## Directory Structure
+
+By order of importance:
+
+### content
+
+The most important directory is `/content`: This is the directory which contains the content files. [Read this to understand how pages are organized in that folder](https://themes.gohugo.io//theme/hugo-theme-learn/en/cont/pages/).
+
+### static
+
+In this directory you should place images, `css` files, `js` files, and other static content the site should serve. To access that static content in a page, use something similar to this:
+
+```markdown
+![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
+```
+
+### config
+
+This folder controls a lot of parameters regarding the site generation.
+
+### themes
+
+This is the theme we're using. It's a submodule (so to get it you need to run `git submodule update`). It's our own fork of the [learn](https://themes.gohugo.io/hugo-theme-learn/) theme. If we want to make changes to the theme itself or pull updates from the upstream you'll do it here.
+
+### layouts and archtypes
+
+This directory includes custom [HTML partials](https://gohugo.io/templates/partials/), custom [shortcodes](https://gohugo.io/content-management/shortcodes/), and content templates. Best to not mess with the existing stuff here too much, but rather add new things.
+
+### public and resources
+
+These are the build output of `hugo` and should never be `commit`-ed to git.
+
+## How to contribute
+
+### Requirements
+
+You have to [install `hugo`](https://gohugo.io/getting-started/installing/), a text editor that's good for markdown (`vscode` and `vim` are good options), and `git`.
+
+### Adding and editing content
+
+#### Add a new page
+
+Run `hugo new folder/page.md`. Optionally add `--kind chapter` if this is a new chapter page. For example, `hugo new usage/getting-started.md` created the Getting Started page.
+
+#### Editing an existing page
+
+Edit the markdown file(s). [Here's a markdown cheatsheet](https://themes.gohugo.io//theme/hugo-theme-learn/en/cont/markdown/). If you want to add images, add them to the `static/images` folder and refer to them by name.
+
+### Building the content
+
+#### Serve the documentation locally
+
+Run `hugo server -D`. The server will be available locally at `http://localhost:1313/`. You can change the content/theme and the site will refresh automatically to reflect your changes.
+
+#### Build the content for deployment
+
+Run `hugo --environment staging` or `hugo --environment production`. This will create a static site in the `public` directory. This directory should be ignored by `git` - **make sure you don't add and commit it by mistake!**
+
+#### Troubleshooting
+
+##### `Error: Unable to locate config file or config directory. Perhaps you need to create a new site.`
+
+What is your working directory? It should be `monkey/docs`.
+
+##### `failed to extract shortcode: template for shortcode "children" not found` or theme doesn't seem right?
+
+Have you ran `git submodule update`?
+
+##### CSS is missing
+
+- Make sure that you're accessing the correct URL.
+- Check the `config.toml` file.
diff --git a/docs/content/development/setup-development-environment.md b/docs/content/development/setup-development-environment.md
new file mode 100644
index 00000000000..b2d0b7f1ee5
--- /dev/null
+++ b/docs/content/development/setup-development-environment.md
@@ -0,0 +1,25 @@
+---
+title: "Development setup"
+date: 2020-06-08T19:53:00+03:00
+draft: false
+weight: 5
+tags: ["contribute"]
+---
+
+## Deployment scripts
+
+To setup development environment using scripts look at the readme under [`/deployment_scripts`](https://github.com/guardicore/monkey/blob/develop/deployment_scripts). If you want to setup it manually or if run into some problems, read further below.
+
+## Agent
+
+The Agent, (what we refer as the Monkey), is a single Python project under the [`infection_monkey`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey) folder. Built for Python 3.7, you can get it up and running by setting up a [virtual environment](https://docs.python-guide.org/dev/virtualenvs/) and inside it installing the requirements listed under [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/requirements.txt).
+
+In order to compile the Monkey for distribution by the Monkey Island, you need to run the instructions listed in [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/readme.txt) on each supported environment.
+
+This means setting up an environment with Linux 32/64-bit with Python installed and a Windows 64-bit machine with developer tools + 32/64-bit Python versions.
+
+## Monkey Island
+
+The Monkey Island is a Python backend React frontend project. Similar to the agent, the backend's requirements are listed in the matching [`requirements.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/requirements.txt).
+
+To setup a working front environment, run the instructions listed in the [`readme.txt`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/readme.txt)
diff --git a/docs/content/reference/_index.md b/docs/content/reference/_index.md
new file mode 100644
index 00000000000..01a3a98f36f
--- /dev/null
+++ b/docs/content/reference/_index.md
@@ -0,0 +1,14 @@
++++
+title = "Reference"
+date = 2020-05-26T20:55:04+03:00
+weight = 30
+chapter = true
+pre = ' '
+tags = ["reference"]
++++
+
+# Reference
+
+Find detailed information about Infection Monkey.
+
+{{% children %}}
diff --git a/docs/content/reference/exploiters/ElasticGroovy.md b/docs/content/reference/exploiters/ElasticGroovy.md
new file mode 100644
index 00000000000..7325ccb863e
--- /dev/null
+++ b/docs/content/reference/exploiters/ElasticGroovy.md
@@ -0,0 +1,12 @@
+---
+title: "ElasticGroovy"
+date: 2020-07-14T08:41:40+03:00
+draft: false
+tags: ["exploit", "windows", "linux"]
+---
+
+CVE-2015-1427.
+
+> The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
+
+Logic is based on [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/12198a088132f047e0a86724bc5ebba92a73ac66/modules/exploits/multi/elasticsearch/search_groovy_script.rb).
diff --git a/docs/content/reference/exploiters/Hadoop.md b/docs/content/reference/exploiters/Hadoop.md
new file mode 100644
index 00000000000..7d9de287b97
--- /dev/null
+++ b/docs/content/reference/exploiters/Hadoop.md
@@ -0,0 +1,8 @@
+---
+title: "Hadoop"
+date: 2020-07-14T08:41:49+03:00
+draft: false
+tags: ["exploit", "linux", "windows"]
+---
+
+Remote code execution on HADOOP server with YARN and default settings. Logic based on [this vulhub module](https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn).
diff --git a/docs/content/reference/exploiters/MS08-067.md b/docs/content/reference/exploiters/MS08-067.md
new file mode 100644
index 00000000000..3f0c57cc361
--- /dev/null
+++ b/docs/content/reference/exploiters/MS08-067.md
@@ -0,0 +1,10 @@
+---
+title: "MS08 067"
+date: 2020-07-14T08:42:54+03:00
+draft: false
+tags: ["exploit", "windows"]
+---
+
+[MS08-067](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067) is a remote code execution vulnerability.
+
+This exploiter is unsafe. If an exploit attempt fails, this could also lead to a crash in Svchost.exe. If the crash in Svchost.exe occurs, the Server service will be affected. That might cause system crash due to the use of buffer overflow. It's therefore **not** enabled by default.
diff --git a/docs/content/reference/exploiters/MsSQL.md b/docs/content/reference/exploiters/MsSQL.md
new file mode 100644
index 00000000000..2d664503b81
--- /dev/null
+++ b/docs/content/reference/exploiters/MsSQL.md
@@ -0,0 +1,8 @@
+---
+title: "MsSQL"
+date: 2020-07-14T08:41:56+03:00
+draft: false
+tags: ["exploit", "windows"]
+---
+
+The Monkey will try to brute force into MsSQL server and uses insecure configuration to execute commands on server.
diff --git a/docs/content/reference/exploiters/SMBExec.md b/docs/content/reference/exploiters/SMBExec.md
new file mode 100644
index 00000000000..cccf0596d5f
--- /dev/null
+++ b/docs/content/reference/exploiters/SMBExec.md
@@ -0,0 +1,8 @@
+---
+title: "SMBExec"
+date: 2020-07-14T08:42:16+03:00
+draft: false
+tags: ["exploit", "windows"]
+---
+
+Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by Mimikatz.
diff --git a/docs/content/reference/exploiters/SSHExec.md b/docs/content/reference/exploiters/SSHExec.md
new file mode 100644
index 00000000000..d90d311cb37
--- /dev/null
+++ b/docs/content/reference/exploiters/SSHExec.md
@@ -0,0 +1,8 @@
+---
+title: "SSHExec"
+date: 2020-07-14T08:42:21+03:00
+draft: false
+tags: ["exploit", "linux"]
+---
+
+Brute forces using credentials provided by user (see ["Configuration"](../usage/configuration))and SSH keys gathered from systems.
diff --git a/docs/content/reference/exploiters/Sambacry.md b/docs/content/reference/exploiters/Sambacry.md
new file mode 100644
index 00000000000..1187d08edf1
--- /dev/null
+++ b/docs/content/reference/exploiters/Sambacry.md
@@ -0,0 +1,8 @@
+---
+title: "Sambacry"
+date: 2020-07-14T08:42:02+03:00
+draft: false
+tags: ["exploit", "linux"]
+---
+
+Bruteforces and searches for anonymous shares. Partially based on [the following implementation](https://github.com/CoreSecurity/impacket/blob/master/examples/sambaPipe.py) by CORE Security Technologies' impacket.
diff --git a/docs/content/reference/exploiters/Struts2.md b/docs/content/reference/exploiters/Struts2.md
new file mode 100644
index 00000000000..a81f61575bb
--- /dev/null
+++ b/docs/content/reference/exploiters/Struts2.md
@@ -0,0 +1,8 @@
+---
+title: "Struts2"
+date: 2020-07-14T08:42:30+03:00
+draft: false
+tags: ["exploit", "linux", "windows"]
+---
+
+Exploits struts2 java web framework. CVE-2017-5638. Logic based on [VEX WOO's PoC](https://www.exploit-db.com/exploits/41570).
diff --git a/docs/content/reference/exploiters/VSFTPD.md b/docs/content/reference/exploiters/VSFTPD.md
new file mode 100644
index 00000000000..ce5a6dcc37a
--- /dev/null
+++ b/docs/content/reference/exploiters/VSFTPD.md
@@ -0,0 +1,8 @@
+---
+title: "VSFTPD"
+date: 2020-07-14T08:42:39+03:00
+draft: false
+tags: ["exploit", "linux"]
+---
+
+Exploits a malicious backdoor that was added to the VSFTPD download archive. Logic based on [this MetaSploit module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb).
diff --git a/docs/content/reference/exploiters/WMIExec.md b/docs/content/reference/exploiters/WMIExec.md
new file mode 100644
index 00000000000..346bc6eedc7
--- /dev/null
+++ b/docs/content/reference/exploiters/WMIExec.md
@@ -0,0 +1,8 @@
+---
+title: "WMIExec"
+date: 2020-07-14T08:43:12+03:00
+draft: false
+tags: ["exploit", "windows"]
+---
+
+Brute forces WMI (Windows Management Instrumentation) using credentials provided by user (see ["Configuration"](../usage/configuration)) and hashes gathered by mimikatz.
diff --git a/docs/content/reference/exploiters/WebLogic.md b/docs/content/reference/exploiters/WebLogic.md
new file mode 100644
index 00000000000..051fa473216
--- /dev/null
+++ b/docs/content/reference/exploiters/WebLogic.md
@@ -0,0 +1,8 @@
+---
+title: "WebLogic"
+date: 2020-07-14T08:42:46+03:00
+draft: false
+tags: ["exploit", "linux", "windows"]
+---
+
+Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on a vulnerable WebLogic server.
diff --git a/docs/content/reference/exploiters/_index.md b/docs/content/reference/exploiters/_index.md
new file mode 100644
index 00000000000..4624081d8de
--- /dev/null
+++ b/docs/content/reference/exploiters/_index.md
@@ -0,0 +1,16 @@
++++
+title = "Exploiters"
+date = 2020-05-26T20:55:04+03:00
+weight = 100
+chapter = true
+pre = ' '
+tags = ["reference", "exploit"]
++++
+
+# Exploiters
+
+Infection Monkey uses various RCE exploiters. Most of these, in our knowledge, pose no risk to performance or services on victim machines. This documentation serves as a quick introduction to the exploiters currently implemented and vulnerabilities used by them.
+
+{{% children %}}
+
+You can check out the Exploiters' implementation yourself [in the Monkey's GitHub repository](https://github.com/guardicore/monkey/tree/develop/monkey/infection_monkey/exploit).
diff --git a/docs/content/reference/exploiters/shellshock.md b/docs/content/reference/exploiters/shellshock.md
new file mode 100644
index 00000000000..c220ae24fb5
--- /dev/null
+++ b/docs/content/reference/exploiters/shellshock.md
@@ -0,0 +1,10 @@
+---
+title: "ShellShock"
+date: 2020-07-14T08:41:32+03:00
+draft: false
+tags: ["exploit", "linux"]
+---
+
+CVE-2014-6271, based on [logic in NCC group's GitHub](https://github.com/nccgroup/shocker/blob/master/shocker.py).
+
+> GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock."
diff --git a/docs/content/reference/operating_systems_support.md b/docs/content/reference/operating_systems_support.md
new file mode 100644
index 00000000000..f3b1a44ba65
--- /dev/null
+++ b/docs/content/reference/operating_systems_support.md
@@ -0,0 +1,64 @@
+---
+title: "Operating systems"
+date: 2020-07-14T08:09:53+03:00
+draft: false
+pre: ' '
+weight: 10
+tags: ["setup", "reference", "windows", "linux"]
+---
+
+The Infection Monkey project supports many popular OSes (but we can always do more).
+
+The Monkey itself (the agent) has been tested to run on the following operating systems (on x64 architecture)
+
+### Monkey support
+
+#### Linux
+
+Compatibility depends on GLIBC version (2.14+)[^1]. By default these distributions are supported:
+
+- Centos 7+
+- Debian 7+
+- Kali 2019+
+- Oracle 7+
+- Rhel 7+
+- Suse 12+
+- Ubuntu 14+
+
+#### Windows
+
+- Windows 2012+
+- Windows 2012_R2+
+- Windows 7/Server 2008_R2 if [KB2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) is installed.
+- Windows vista/Server 2008 should also work if the same update is installed, but this wasn't tested.
+
+### Island support
+
+**The Monkey Island (control server)** runs out of the box on:
+
+- Ubuntu 18.04
+- Debian 9
+- Windows Server 2012
+- Windows Server 2012 R2
+- Windows Server 2016
+
+We provide a dockerfile from our [website](http://infectionmonkey.com/) that lets the Monkey Island run inside a container.
+
+### Old machine bootloader
+
+Some **Older machines** still get a partial compatibility as in they get exploited and reported, but monkey can't run on them. So instead of monkey, old machine bootloader (small c program) is ran, which reports some minor info like network interface configuration, GLIBC version, OS and so on.
+
+**Old machine bootloader** also has a GLIBC 2.14+ requirement for linux, because bootloader is included into pyinstaller bootloader which uses python3.7, which in turn requires GLIBC 2.14+. If you think partial support for older machines is important, don't hesitate to open a new issue about it.
+
+**Old machine bootloader** runs on machines with:
+
+- Centos 7+
+- Debian 7+
+- Kali 2019+
+- Oracle 7+
+- Rhel 7+
+- Suse 12+
+- Ubuntu 14+
+- **Windows XP/Server 2003+**
+
+[^1]: GLIBC >= 2.14 requirement comes from the fact that monkey is built using this GLIBC version and GLIBC is not backwards compatible. We are also limited to the oldest GLIBC version compatible with ptyhon3.7
diff --git a/docs/content/reference/scanners/_index.md b/docs/content/reference/scanners/_index.md
new file mode 100644
index 00000000000..cf047bb3b57
--- /dev/null
+++ b/docs/content/reference/scanners/_index.md
@@ -0,0 +1,51 @@
+---
+title: "Scanners"
+date: 2020-07-14T08:43:12+03:00
+draft: false
+weight: 20
+pre: ' '
+tags: ["reference"]
+---
+
+The Infection Monkey agent has two steps before attempting to exploit a victim, scanning and fingerprinting, it's possible to customize both steps in the configuration files.
+
+## Scanning
+
+Currently there are two scanners, [`PingScanner`][ping-scanner] and [`TcpScanner`][tcp-scanner] both inheriting from [`HostScanner`][host-scanner].
+
+The sole interface required is the `is_host_alive` interface, which needs to return True/False.
+
+[`TcpScanner`][tcp-scanner] is the default scanner and it checks for open ports based on the `tcp_target_ports` configuration setting.
+
+[`PingScanner`][ping-scanner] sends a ping message using the host OS utility `ping`.
+
+## Fingerprinting
+
+Fingerprinters are modules that collect server information from a specific victim. They inherit from the [`HostFinger`][host-finger] class and are listed under `finger_classes` configuration option.
+
+Currently implemented Fingerprint modules are:
+
+1. [`SMBFinger`][smb-finger] - Fingerprints target machines over SMB. Extracts computer name and OS version.
+2. [`SSHFinger`][ssh-finger] - Fingerprints target machines over SSH (port 22). Extracts the computer version and SSH banner.
+3. [`PingScanner`][ping-scanner] - Fingerprints using the machines TTL, to differentiate between Linux and Windows hosts.
+4. [`HTTPFinger`][http-finger] - Fingerprints over HTTP/HTTPS, using the ports listed in `HTTP_PORTS` in the configuration. Returns the server type and if it supports SSL.
+5. [`MySQLFinger`][mysql-finger] - Fingerprints over MySQL (port 3306). Extracts MySQL banner info - Version, Major/Minor/Build and capabilities.
+6. [`ElasticFinger`][elastic-finger] - Fingerprints over ElasticSearch (port 9200). Extracts the cluster name, node name and node version.
+
+## Adding a scanner/fingerprinter
+
+To add a new scanner/fingerprinter, create a new class that inherits from [`HostScanner`][host-scanner] or [`HostFinger`][host-finger] (depending on the interface). The class should be under the network module and should be imported under [`network/__init__.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/network/__init__.py).
+
+To be used by default, two files need to be changed - [`infection_monkey/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/config.py) and [`infection_monkey/example.conf`](https://github.com/guardicore/monkey/blob/master/monkey/infection_monkey/example.conf) to add references to the new class.
+
+At this point, the Monkey knows how to use the new scanner/fingerprinter but to make it easy to use, the UI needs to be updated. The relevant UI file is [`monkey_island/cc/services/config.py`](https://github.com/guardicore/monkey/blob/master/monkey/monkey_island/cc/services/config.py).
+
+ [elastic-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/elasticfinger.py
+ [http-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/httpfinger.py
+ [host-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
+ [host-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/__init__.py
+ [mysql-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/mysqlfinger.py
+ [ping-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/ping_scanner.py
+ [smb-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/smbfinger.py
+ [ssh-finger]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/sshfinger.py
+ [tcp-scanner]: https://github.com/guardicore/monkey/blob/develop/monkey/infection_monkey/network/tcp_scanner.py
diff --git a/docs/content/setup/_index.md b/docs/content/setup/_index.md
new file mode 100644
index 00000000000..e6493bbac9d
--- /dev/null
+++ b/docs/content/setup/_index.md
@@ -0,0 +1,22 @@
++++
+title = "Setup"
+date = 2020-05-26T20:55:04+03:00
+weight = 5
+chapter = true
+pre = ' '
+tags = ["setup"]
++++
+
+# Setting up Infection Monkey
+
+Setting up Infection Monkey is really easy! First, you need to {{% button href="https://infectionmonkey.com/" icon="fas fa-download" %}}download the Infection Monkey from our site{{% /button %}}.
+
+Once you've downloaded an installer, you can follow the relevant guide for your environment:
+
+{{% children %}}
+
+Once you're done setting the Monkey up, check out our [Getting Started](../usage/getting-started) guide!
+
+{{% notice tip %}}
+You can find information about [operating system compatibility and support here](../reference/operating_systems_support).
+{{% /notice %}}
diff --git a/docs/content/setup/accounts-and-security.md b/docs/content/setup/accounts-and-security.md
new file mode 100644
index 00000000000..574b07c3ca2
--- /dev/null
+++ b/docs/content/setup/accounts-and-security.md
@@ -0,0 +1,27 @@
+---
+title: "Accounts and Security"
+date: 2020-06-22T15:36:56+03:00
+draft: false
+weight: 50
+pre: " "
+tags: ["usage", "password"]
+---
+
+## Security in Infection Monkey
+
+The first time you launch Monkey Island (Infection Monkey CC server), you'll be prompted to create an account and secure your island. After your account is created, the server will only be accessible via the credentials you chose.
+
+If you want island to be accessible without credentials press *I want anyone to access the island*. Please note that this option is insecure: you should only pick this for use in development environments.
+
+## Resetting account credentials
+
+To reset credentials edit `monkey_island\cc\server_config.json` by deleting `user` and `password_hash` variables. Then restart the Monkey Island server and you should be prompted with registration form again.
+
+Example `server_config.json` for account reset:
+
+```json
+{
+ "server_config": "password",
+ "deployment": "develop"
+}
+```
diff --git a/docs/content/setup/aws.md b/docs/content/setup/aws.md
new file mode 100644
index 00000000000..bcbfaeb7599
--- /dev/null
+++ b/docs/content/setup/aws.md
@@ -0,0 +1,39 @@
+---
+title: "AWS"
+date: 2020-05-26T20:57:36+03:00
+draft: false
+pre: ' '
+weight: 5
+tags: ["setup", "aws"]
+---
+
+## Deployment
+
+On the [Infection Monkey’s AWS Marketplace page](https://aws.amazon.com/marketplace/pp/GuardiCore-Infection-Monkey/B07B3J7K6D), click **Continue to Subscribe**.
+
+1. Choose the desired region.
+1. Choose an EC2 instance type with at least 1GB of RAM for optimal performance or stick with the recommended.
+1. Select the VPC and subnet you want the instance to be in.
+1. In the Security Group section, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
+1. Choose an existing EC2 key pair for authenticating with your new instance.
+1. Click **Launch with 1-click.**
+
+At this point, AWS will instance and deploy your new machine.
+
+When ready, you can browse to the Infection Monkey running on your fresh deployment at:
+
+`https://{public-ip}:5000`
+
+You will be presented a login page. Use the username **monkey**, and the new EC2 instace’s instance ID for password. You can find the instance id by going to the EC2 console and selecting your instance. It should appear in the details pane below.
+
+![AWS instance ID](../../images/setup/aws/aws-instance-id.png "AWS instance ID")
+
+## Integration with AWS services
+
+The Monkey has built-in integrations with AWS services for better execution and reporting. See [Usage -> Integrations](../../usage/integrations) for more details.
+
+## Upgrading
+
+Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
+
+![Export configuration](../../images/setup/export-configuration.png "Export configuration")
diff --git a/docs/content/setup/azure.md b/docs/content/setup/azure.md
new file mode 100644
index 00000000000..a4a2eda84a0
--- /dev/null
+++ b/docs/content/setup/azure.md
@@ -0,0 +1,34 @@
+---
+title: "Azure"
+date: 2020-05-26T20:57:39+03:00
+draft: false
+pre: ' '
+weight: 6
+tags: ["setup", "azure"]
+---
+
+## Deployment
+
+Select [Infection Monkey from the Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/guardicore.infection_monkey) and click **GET IT NOW**.
+
+1. Under **Basics**:
+ 1. Choose a name for your Infection Monkey instance, such as InfectionMonkey.
+ 1. Choose a username and password or provide a SSH public key for authentication.
+ 1. Choose a resource group and the location your instance will be deployed in.
+1. Under **Size**
+ 1. Choose a machine size with at least 1GB of RAM for optimal performance.
+1. Under **Settings**
+ 1. Choose the network the new instance will be a member of.
+ 1. In the **Network Security Group** field, make sure ports 5000 and 5001 on the machine are accessible for inbound TCP traffic.
+1. Under **Summary**
+ 1. Review the details of the offer and click **Create**.
+
+At this point, Azure will instance and deploy your new machine. When ready, you can browse to the Infection Monkey running on your fresh deployment at:
+
+`https://{public-ip-address}:5000`
+
+## Upgrading
+
+Currently there's no "upgrade-in-place" option when a new version comes out. To get the new version, you can deploy a new machine from the marketplace. If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new Monkey Island.
+
+![Export configuration](../../images/setup/export-configuration.png "Export configuration")
diff --git a/docs/content/setup/debian.md b/docs/content/setup/debian.md
new file mode 100644
index 00000000000..a1d751411f6
--- /dev/null
+++ b/docs/content/setup/debian.md
@@ -0,0 +1,64 @@
+---
+title: "Debian"
+date: 2020-05-26T20:57:19+03:00
+draft: false
+pre: ' '
+weight: 1
+disableToc: false
+tags: ["setup", "debian", "linux"]
+---
+
+## Deployment
+
+To extract the `tar.gz` file, run `tar -xvzf monkey-island-debian.tar.gz`.
+
+To deploy the package, once you’ve extracted it, run the following commands:
+
+```sh
+sudo apt update
+sudo dpkg -i monkey_island.deb # this might print errors
+```
+
+If at this point, dpkg printed errors that look like this:
+
+```sh
+dpkg: error processing package gc-monkey-island (--install):
+ dependency problems - leaving unconfigured
+Errors were encountered while processing:
+ gc-monkey-island
+```
+
+That just means that not all dependencies were pre-installed on your system. That’s no problem! Just run the following command, which will install all dependencies and then install the Monkey Island:
+
+```sh
+sudo apt install -f
+```
+
+## Troubleshooting
+
+### Trying to install on Ubuntu <16.04
+
+If you’re trying to install the Monkey Island on Ubuntu 16.04 or older, you need to install the dependencies yourself, since Python 3.7 is only installable from the `deadsnakes` PPA. To install the Monkey Island on Ubuntu 16.04, follow the following steps:
+
+```sh
+sudo apt update
+sudo apt-get install libcurl4-openssl-dev
+sudo apt-get install software-properties-common
+sudo add-apt-repository ppa:deadsnakes/ppa
+sudo apt-get update
+sudo apt-get install python3.7-dev python3.7-venv python3-venv build-essential
+sudo dpkg -i monkey_island.deb # this might print errors
+sudo apt install -f
+```
+
+### The Monkey Island interface isn't accessible after installation
+
+To check the status of the Monkey Island after the installation, run the following command: `sudo service monkey-island status`.
+
+## Upgrading
+
+To upgrade when a new version comes out, download the new Monkey `.deb` file and install it. You should see a message like `Unpacking monkey-island (1.8.2) over (1.8.0)`. After which, the installation should complete successfully.
+
+If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
+
+![Export configuration](../../images/setup/export-configuration.png "Export configuration")
diff --git a/docs/content/setup/docker.md b/docs/content/setup/docker.md
new file mode 100644
index 00000000000..4a07293b8eb
--- /dev/null
+++ b/docs/content/setup/docker.md
@@ -0,0 +1,30 @@
+---
+title: "Docker"
+date: 2020-05-26T20:57:28+03:00
+draft: false
+pre: ' '
+weight: 4
+tags: ["setup", "docker", "linux", "windows"]
+---
+
+## Deployment
+
+To extract the `tar.gz` file, run `tar -xvzf monkey-island-docker.tar.gz`.
+
+Once you’ve extracted the container from the tar.gz file, run the following commands:
+
+```sh
+sudo docker load -i dk.monkeyisland.1.9.0.tar
+sudo docker pull mongo
+sudo mkdir -p /var/monkey-mongo/data/db
+sudo docker run --name monkey-mongo --network=host -v /var/monkey-mongo/data/db:/data/db -d mongo
+sudo docker run --name monkey-island --network=host -d guardicore/monkey-island:1.9.0
+```
+
+## Upgrading
+
+There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
+
+If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
+
+![Export configuration](../../images/setup/export-configuration.png "Export configuration")
diff --git a/docs/content/setup/vmware.md b/docs/content/setup/vmware.md
new file mode 100644
index 00000000000..5ee95818851
--- /dev/null
+++ b/docs/content/setup/vmware.md
@@ -0,0 +1,62 @@
+---
+title: "VMware"
+date: 2020-05-26T20:57:14+03:00
+draft: false
+pre: ' '
+weight: 3
+tags: ["setup", "vmware"]
+---
+
+## Deployment
+
+1. Deploy the Infection Monkey OVA by choosing Deploy OVF Template and follow the wizard instructions. *Note: make sure port 5000 and 5001 on the machine are accessible for inbound TCP traffic.*
+2. Turn on the Infection Monkey VM.
+3. Log in to the machine with the following credentials:
+ 1. Username: **monkeyuser**
+ 2. Password: **Noon.Earth.Always**
+4. It's recommended to change the machine passwords by running the following commands: `sudo passwd monkeyuser`, `sudo passwd root`.
+
+## OVA network modes
+
+The OVA can be used in one of two modes:
+
+1. In a network with DHCP configured. In this case, the Monkey Island will automatically query and receive an IP address from the network.
+1. With a static IP address.
+
+ In this case, you should login to the VM console with
+username `root` and password `G3aJ9szrvkxTmfAG`. After logging in, edit the interfaces file. You can do that by writing the following command in the prompt:
+
+ ```sh
+ sudo nano /etc/network/interfaces
+ ```
+
+ And change the lines:
+
+ ```sh
+ auto ens160
+ iface ens160 inet dhcp
+ ```
+
+ to the following:
+
+ ```sh
+ auto ens160
+ iface ens160 inet static
+ address AAA.BBB.CCC.DDD
+ netmask XXX.XXX.XXX.XXX
+ gateway YYY.YYY.YYY.YYY
+ ```
+
+ Save the changes then run the command
+
+ ```sh
+ sudo ifdown ens160 && ifup ens160
+ ```
+
+## Upgrading
+
+There's no "upgrade-in-place" option for Docker. To get the new version, download it, stop the current container, and run the installation commands again with the new file.
+
+If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
+
+![Export configuration](../../images/setup/export-configuration.png "Export configuration")
diff --git a/docs/content/setup/windows.md b/docs/content/setup/windows.md
new file mode 100644
index 00000000000..d8a6c84e962
--- /dev/null
+++ b/docs/content/setup/windows.md
@@ -0,0 +1,35 @@
+---
+title: "Windows"
+date: 2020-05-26T20:57:10+03:00
+draft: false
+pre: ' '
+weight: 2
+tags: ["setup", "windows"]
+---
+
+## Deployment
+
+Run the installer, and you should be met with the following screen:
+
+![Windows installer screenshot](../../images/setup/windows/installer-screenshot-1.png "Windows installer screenshot")
+
+1. Follow the steps of the installation.
+1. Run the Monkey Island by clicking on the desktop shortcut.
+
+## Troubleshooting
+
+### Missing windows update
+
+The installer requires [Windows update #2999226](https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows) to be installed. If you’re having trouble running the installer, please make sure to install that update via Windows Update or manually from the link.
+
+### Supported browsers
+
+The Monkey Island supports Chrome (and Chrome-based) browsers. Some Windows Servers only have Internet Explorer installed. Make sure to use Chrome or a similar modern browser. [You can download Google Chrome from here](https://www.google.com/chrome/).
+
+## Upgrading
+
+To upgrade, download the new installer and run it. The new Monkey version should be installed over the old one.
+
+If you'd like to keep your existing configuration, you can export it to a file by using the Export button and then import it to the new server.
+
+![Export configuration](../../images/setup/export-configuration.png "Export configuration")
diff --git a/docs/content/usage/_index.md b/docs/content/usage/_index.md
new file mode 100644
index 00000000000..c5faecd05bf
--- /dev/null
+++ b/docs/content/usage/_index.md
@@ -0,0 +1,13 @@
++++
+title = "Usage"
+date = 2020-05-26T20:57:53+03:00
+weight = 10
+chapter = true
+pre = ' '
++++
+
+# Usage
+
+If you're just starting with Infection Monkey, check out our [Getting Started](getting-started) page.
+
+If you haven't downloaded Monkey yet, {{% button href="https://www.guardicore.com/infectionmonkey/#download" icon="fas fa-download" %}}Get Infection Monkey here{{% /button %}}!
diff --git a/docs/content/usage/configuration/_index.md b/docs/content/usage/configuration/_index.md
new file mode 100644
index 00000000000..f10d81ce115
--- /dev/null
+++ b/docs/content/usage/configuration/_index.md
@@ -0,0 +1,20 @@
+---
+title: "Configuration"
+date: 2020-06-07T19:08:51+03:00
+draft: false
+chapter: true
+weight: 3
+pre: " "
+---
+
+# Configure the Monkey
+
+The Monkey is highly configurable. Nearly every part of it can be modified to turn it to a fast acting worm or into a port scanning and system information collecting machine.
+
+{{% notice warning %}}
+This section of the documentation is incomplete and under active construction.
+{{% /notice %}}
+
+See these documentation pages for information on each configuration value:
+
+{{% children description=true %}}
diff --git a/docs/content/usage/configuration/basic-credentials.md b/docs/content/usage/configuration/basic-credentials.md
new file mode 100644
index 00000000000..ffd6a87e4fc
--- /dev/null
+++ b/docs/content/usage/configuration/basic-credentials.md
@@ -0,0 +1,10 @@
+---
+title: "Credentials"
+date: 2020-06-09T12:20:08+03:00
+draft: false
+description: "Configure credentials that the Monkey will use for propagation."
+---
+
+In this screen you can feed the Monkey with “stolen” credentials for your network, simulating an attacker with inside knowledge.
+
+![Configure credentials](/images/usage/configruation/credentials.png "Configure credentials")
diff --git a/docs/content/usage/configuration/basic-network.md b/docs/content/usage/configuration/basic-network.md
new file mode 100644
index 00000000000..410f7a2ee5d
--- /dev/null
+++ b/docs/content/usage/configuration/basic-network.md
@@ -0,0 +1,12 @@
+---
+title: "Network"
+date: 2020-06-09T12:20:14+03:00
+draft: false
+description: "Configure settings related to the Monkey's network activity."
+---
+
+Here you can control multiple important settings, such as:
+
+* Network propagation depth - How many hops from the base machine will the Monkey spread
+* Local network scan - Should the Monkey attempt to attack any machine in its subnet
+* Scanner IP/subnet list - Specific IP ranges that the Monkey should try to attack.
diff --git a/docs/content/usage/file-checksums.md b/docs/content/usage/file-checksums.md
new file mode 100644
index 00000000000..d892ff24ab7
--- /dev/null
+++ b/docs/content/usage/file-checksums.md
@@ -0,0 +1,54 @@
+---
+title: "Verify Integrity - Checksums"
+date: 2020-06-08T19:53:47+03:00
+draft: false
+weight: 100
+pre: " "
+---
+
+The official distribution of Infection Monkey is compiled and supplied by Guardicore ([download from our official site here](https://www.guardicore.com/infectionmonkey/#download)). The team signs all software packages to certify that a particular Infection Monkey package is a valid and unaltered Infection Monkey release. Before installing Monkey, you should validate the package using the SHA-256 checksum.
+
+## How to get SHA-256 checksum
+
+### On Windows
+
+Use the `Get-FileHash` PowerShell commandlet, like so:
+
+```powershell
+Get-FileHash '.\Monkey Island v1.8.2_3536_windows.exe' | Format-List
+
+# Should print
+# Algorithm : SHA256
+# Hash : 2BE528685D675C882604D98382ADB739F5BA0A7E234E3569B21F535173BD9569
+# Path : C:\Users\shay.nehmad\Desktop\work\compiled monkeys\1.8.2\Monkey Island v1.8.2_3536_windows.exe
+```
+
+### On Linux
+
+Use the `sha256sum` shell command, like so:
+
+```sh
+sha256sum monkey-linux-64
+# Should print:
+# 734dd2580f3d483210daf54c063a0a972911bbe9afb6ebc6278f86cd6b05e7ab monkey-linux-64
+```
+
+## Latest version checksums
+
+| Filename | Type | Version | SHA256 hash |
+|-|-|-|-|
+monkey-windows-64.exe | Windows Agent | 1.8.2 | `2e6a1cb5523d87ddfd48f75b10114617343fbac8125fa950ba7f00289b38b550`
+monkey-windows-32.exe | Windows Agent | 1.8.2 | `86a7d7065e73b795e38f2033be0c53f3ac808cc67478aed794a7a6c89123979f`
+monkey-linux-64 | Linux Agent | 1.8.2 | `4dce4a115d41b43adffc11672fae2164265f8902267f1355d02bebb802bd45c5`
+monkey-linux-32 | Linux Agent | 1.8.2 | `39d3fe1c7b33482a8cb9288d323dde17b539825ab2d736be66a9582764185478`
+infection_monkey_deb.tgz | Debian Package | 1.8.2 | `2a6b4b9b846566724ff985c6cc8283222b981b3495dd5a8920b6bc3f34d556e2`
+Monkey Island v1.8.2_3536_windows.exe | Windows Installer | 1.8.2 | `2be528685d675c882604d98382adb739f5ba0a7e234e3569b21f535173bd9569`
+Monkey Island v1.8.2_3536_windowszt.exe | Windows Installer | 1.8.2 | `f282ce4dd50abe54671948fb5b3baf913087459444e451660971290a72fe244a`
+infection_monkey_docker_docker_20200607_172156.tgz | Docker | 1.8.2 | `0e4bc731ef7e8bf19b759709672375890136c008526be454850d334d9ba5012d`
+infection_monkey_docker_dockerzt_20200607_172521.tgz | Docker | 1.8.2 | `0f4b0cd6fd54dc14ea50c5d2fb3fc711e9863518bd5bffd04e08a0f17eb99e75`
+
+## All checksums
+
+### 1.8.0 and older
+
+You can find all these checksums in [this page](https://www.guardicore.com/infectionmonkey/checksums.html).
diff --git a/docs/content/usage/getting-started.md b/docs/content/usage/getting-started.md
new file mode 100644
index 00000000000..631957506cf
--- /dev/null
+++ b/docs/content/usage/getting-started.md
@@ -0,0 +1,53 @@
+---
+title: "Getting Started"
+date: 2020-05-26T21:01:12+03:00
+draft: false
+weight: 1
+pre: " "
+tags: ["usage"]
+---
+
+## Using the Infection Monkey
+
+After deploying the Monkey Island in your environment, navigate to `https://:5000`.
+
+### First-time setup
+
+On your first login, you'll be asked to set up a username and password for the Monkey Island server. [See this page for more details](../accounts-and-security).
+
+### Run the Monkey
+
+To get the Infection Monkey running as fast as possible, click **Run Monkey**. Optionally, you can configure the Monkey before you continue by clicking **Configuration** (see [how to configure the monkey](../configuration)).
+
+To run the monkey, select one of the following options:
+
+![Run Page](/images/usage/getting-started/run_page_with_arrows.jpg "Run Page")
+
+1. Click **Run on C&C Server** to run the Infection Monkey on the Monkey Island server. This simulates an attacker trying to propagate through local network from Monkey Island machine.
+2. Click **Run on machine of your choice** to download and execute the Infection Monkey on a machine of your choice. Then follow the instructions and execute the generated command on the machine of your choice. This simulates an attacker who has breached one of your servers. The Monkey will map all accessible machines and their open services and try to steal credentials and use its exploits to propagate.
+
+![Run on machine of your choice](/images/usage/getting-started/run_page_button_no_arrow.jpg "Run on machine of your choice")
+
+{{% notice tip %}}
+If you're running in an AWS cloud environment, check out [Usage -> Integrations](../../usage/integrations) for information about how Monkey integrates with AWS.
+{{% /notice %}}
+
+### Infection Map
+
+Next, click **Infection Map** to see the Infection Monkey in action.
+
+![Run page to infection map page](/images/usage/getting-started/run_page_button.JPG "Run page to infection map page")
+
+At first, the infection map will look like this:
+
+![Start of Monkey execution](/images/usage/getting-started/run_island.JPG "Start of Monkey execution")
+
+Within a few minutes, the Infection Monkey should be able to find and attack accessible machines.
+
+![Middle of Monkey execution](/images/usage/getting-started/single_exploitation.JPG "Middle of Monkey execution")
+
+As the Infection Monkey continues, the map should be filled with accessible and “hacked” machines. Once all the Infection Monkeys have finished propagating, click **Reports** to see the reports. See [Infection Monkey Reports](../reports) for more info.
+
+![End of Monkey execution](/images/usage/getting-started/exploitation_tunneling_arrow.jpg "End of Monkey execution")
+
+Congratulations, you finished first successful execution of the Infection Monkey! 🎉 To thoroughly test your network, you can run the Infection Monkey from different starting locations using different configurations.
diff --git a/docs/content/usage/integrations/_index.md b/docs/content/usage/integrations/_index.md
new file mode 100644
index 00000000000..a7e2157f6b0
--- /dev/null
+++ b/docs/content/usage/integrations/_index.md
@@ -0,0 +1,14 @@
+---
+title: "Integrations"
+date: 2020-06-28T10:38:05+03:00
+draft: false
+chapter: true
+weight: 10
+pre: " "
+---
+
+# Integrate the Monkey with 3rd party software
+
+The Monkey likes working together. See these documentation pages for information on each integration the Monkey currently offers:
+
+{{% children description=true %}}
diff --git a/docs/content/usage/integrations/aws-run-on-ec2-machine.md b/docs/content/usage/integrations/aws-run-on-ec2-machine.md
new file mode 100644
index 00000000000..0183dc2410a
--- /dev/null
+++ b/docs/content/usage/integrations/aws-run-on-ec2-machine.md
@@ -0,0 +1,150 @@
+---
+title: "Running the monkey on AWS EC2 instances"
+date: 2020-06-28T10:44:05+03:00
+draft: false
+description: "Use AWS SSM to execute Infection Monkey on your AWS instances."
+tags: ["aws", "integration"]
+---
+
+## When to use this feature
+
+If your network is deployed on Amazon Web Services (with EC2 instances), and you'd like to run the Infection Monkey in order to test it, this page is for you. You can easily run the monkey on **various instances** within your network - in a secure fashion, **without** feeding the Island with any credentials or running shell commands on the machines you want to test.
+
+The results will be exported to AWS security hub automatically, as well. To see more information about that, see the [Infection Monkey and AWS Security Hub documentation](https://github.com/guardicore/monkey/wiki/Infection-Monkey-and-AWS-Security-Hub).
+
+![AWS EC2 logo](/images/usage/integrations/aws-ec2.svg?height=250px "AWS EC2 logo")
+
+## Setup
+
+Assuming your network is already set up in AWS EC2, follow these quick steps to get up and running.
+
+### Monkey Island deployment
+
+In order to run the Monkeys directly from the Monkey Island server, you need to deploy the Monkey Island server to an AWS EC2 instance in the same network which you want to test. For information about deploying the Monkey Island server, see [setup](../../../setup).
+
+### Setup IAM roles
+
+In order for the Island to successfully view your instances, you'll need to set appropriate IAM roles to your instances. You can read more about IAM roles [in Amazon's documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html), but it's not necessary in order to follow this setup.
+
+#### Creating a custom IAM role
+
+Go to the [AWS IAM roles dashboard](https://console.aws.amazon.com/iam/home?#/roles) and create a new IAM role for EC2. The role will need to have some specific permissions (see Appendix A), but you can just create a role with the `AmazonEC2RoleforSSM`, `AWSSecurityHubFullAccess` and `AmazonSSMFullAccess` pre-made permissions. In the end it should like something like this:
+
+![Creating a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-3.png "Creating a custom IAM role")
+
+#### Applying the IAM role to an instance
+
+For each instance you'd like to access from the island, apply the new IAM role you've just created to the instance. For example:
+
+![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-4.png "Applying a custom IAM role")
+
+After applying the IAM role you should see this screen:
+
+![Applying a custom IAM role](/images/usage/integrations/monkey-island-aws-screenshot-5.png "Applying a custom IAM role")
+
+**Note: after setting IAM roles, the roles might take a few minutes (up to 10 minutes sometimes) to effectively kick in.** This is how AWS works and is not related to the Monkey implementation. See [this StackOverflow thread for more details.](https://stackoverflow.com/questions/20156043/how-long-should-i-wait-after-applying-an-aws-iam-policy-before-it-is-valid)
+
+### Setup SSM agent
+
+If your EC2 instances don't have the _SSM agent_ installed, they will not be able to execute SSM commands, which means you won't see them in the AWS machines table on the monkey island. Generally speaking, most new EC2 instances ought to have SSM pre-installed; The SSM Agent is installed, by default, on Amazon Linux base AMIs dated 2017.09 and later, and on Amazon Linux 2, Ubuntu Server 16.04, and Ubuntu Server 18.04 LTS AMIs.
+
+See [Amazon's documentation about working with SSM agents](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) for more details on how to check if you have an SSM agent and how to manually install one if you don't have one.
+
+## Usage
+
+### Running the monkey
+
+When you run the monkey island on an AWS instance, the island detects it's running on AWS and present the following option in the _"Run Monkey"_ page, like so:
+
+![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-1.png "Running a Monkey on EC2 Instance")
+
+And then you can choose one of the available instances as "patient zero" like so:
+
+1. Click on "Run on AWS"
+2. Choose the relevant Network Interface
+3. Select the machines you'd like to run the Monkey on
+4. Click "Run on Selected Machines", and watch the monkey go! 🐒
+
+![Running a Monkey on EC2 Instance](/images/usage/integrations/monkey-island-aws-screenshot-2.png "Running a Monkey on EC2 Instance")
+
+## Notes
+
+- The machines which can use IAM roles and be listed MUST be internet connected (or you can set up a proxy for IAM). This is standard AWS practice and you can read about it (and about how to set up the required proxy machines) in AWS IAM documentation.
+- You can see the monkey in [the AWS marketplace](https://aws.amazon.com/marketplace/pp/B07B3J7K6D).
+
+### Appendix A: Specific policy permissions required
+
+The IAM role will need to have, at least, the following specific permissions:
+
+#### For executing the Monkey on other machines - SSM
+
+- `"ssm:SendCommand"`
+- `"ssm:DescribeInstanceInformation"`
+- `"ssm:GetCommandInvocation"`
+
+Here's the policy of the IAM role, as a JSON object:
+```json
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Sid": "VisualEditor0",
+ "Effect": "Allow",
+ "Action": [
+ "ssm:SendCommand",
+ "ssm:DescribeInstanceInformation",
+ "ssm:GetCommandInvocation"
+ ],
+ "Resource": "*"
+ }
+ ]
+}
+```
+
+#### For exporting security findings to the Security Hub - security hub
+
+_Note: these can be set on the Monkey Island machine alone, since it's the only one exporting findings to the AWS secutiry hub._
+
+- `"securityhub:UpdateFindings"`
+- `"securityhub:BatchImportFindings"`
+
+Here's the policy for SecurityHub, as a JSON object:
+
+```json
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Sid": "VisualEditor0",
+ "Effect": "Allow",
+ "Action": [
+ "securityhub:UpdateFindings",
+ "securityhub:BatchImportFindings"
+ ],
+ "Resource": "*"
+ }
+ ]
+}
+```
+
+The JSON object for both of the policies combined therefore is:
+
+```json
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Sid": "VisualEditor0",
+ "Effect": "Allow",
+ "Action": [
+ "ssm:SendCommand",
+ "ssm:DescribeInstanceInformation",
+ "securityhub:UpdateFindings",
+ "securityhub:BatchImportFindings",
+ "ssm:GetCommandInvocation"
+ ],
+ "Resource": "*"
+ }
+ ]
+}
+```
diff --git a/docs/content/usage/integrations/aws-security-hub.md b/docs/content/usage/integrations/aws-security-hub.md
new file mode 100644
index 00000000000..364890b3ade
--- /dev/null
+++ b/docs/content/usage/integrations/aws-security-hub.md
@@ -0,0 +1,43 @@
+---
+title: "AWS Security Hub integration"
+date: 2020-06-28T10:38:12+03:00
+draft: false
+description: "Correlate the Monkey's findings with the native security solutions and benchmark scores."
+tags: ["aws", "integration"]
+---
+
+The Infection Monkey integration with the [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) allows anyone to verify and test the resilience of their AWS environment and correlate this information with the native security solutions and benchmark score.
+
+![AWS security hub logo](/images/usage/integrations/AWS-Security-Hub-logo.png "AWS security hub logo")
+
+The integration will send _all_ Infection Monkey findings (typically low tens of findings) to the security hub at the end of a Monkey breach simulation.
+
+## Setup
+
+If the correct permissions have been set on the AWS IAM role of the Monkey Island machine, then the Island will automatically export its findings to the AWS security hub.
+
+### Specific permissions required for security hub
+
+- `"securityhub:UpdateFindings"`
+- `"securityhub:BatchImportFindings"`
+
+Note that the integration is specifically between your Monkey Island and the security hub. The Infection Monkey is an free project and there is no centralised infrastructure.
+
+## Integration details
+
+The Infection Monkey reports the following types of issues to the AWS security hub: `Software and Configuration Checks/Vulnerabilities/CVE`.
+
+Specifically, the Island sends findings for all vulnerabilities it finds along with generic findings on the network (such as segmentation issues). Our normalized severity is 100, while most issues we report range between 1 and 10.
+
+## Regions
+
+The Infection Monkey is usable on all public AWS instances.
+
+## Example
+
+After setting up a monkey environment in AWS and attaching the correct IAM roles to the monkey island machine, the report findings were exported to the security hub.
+
+1. Navigate to `Findings`.
+2. Press on a specific finding to see more details and possible solutions.
+
+![AWS Security hub console example](images/usage/integrations/security-hub-console-example.png "AWS Security hub console example")
diff --git a/docs/content/usage/reports/_index.md b/docs/content/usage/reports/_index.md
new file mode 100644
index 00000000000..8d1da79b95d
--- /dev/null
+++ b/docs/content/usage/reports/_index.md
@@ -0,0 +1,13 @@
++++
+title = "Reports"
+date = 2020-06-24T21:16:03+03:00
+weight = 5
+chapter = true
+pre = " "
++++
+
+# Infection Monkey's Reports
+
+The Monkey offers three reports:
+
+{{% children %}}
diff --git a/docs/content/usage/reports/mitre.md b/docs/content/usage/reports/mitre.md
new file mode 100644
index 00000000000..05f87ba03d9
--- /dev/null
+++ b/docs/content/usage/reports/mitre.md
@@ -0,0 +1,35 @@
+---
+title: "MITRE ATT&CK report"
+date: 2020-06-24T21:17:18+03:00
+draft: false
+---
+
+{{% notice info %}}
+Check out [the documentation for the other reports as well](../).
+{{% /notice %}}
+
+The Monkey maps its actions to the [MITRE ATT&CK](https://attack.mitre.org/) knowledge base: It provides a new report with the utilized techniques and recommended mitigations, to help you simulate an APT attack on your network and mitigate real attack paths intelligently.
+
+Watch an overview video:
+
+{{% youtube 3tNrlutqazQ %}}
+
+## How to use the report
+
+The MITRE ATT&CK report is centred around the ATT&CK matrix:
+
+![MITRE Report](/images/usage/reports/mitre-report-0.jpg "MITRE Report")
+
+The Monkey rates your network on the attack techniques it attempted. For each technique, you can get
+
+- {{< label danger Red >}}: The Monkey **successfully used** the technique in the simulation. That means your network is vulnerable to this technique being employed.
+- {{< label warning Yellow >}}: The Monkey **tried to use** the technique, but didn’t manage to. That means your network isn’t vulnerable to the way Monkey employs this technique.
+- {{< label other Grey >}}: The Monkey **didn't try** the technique this time. Perhaps it wasn't relevant to this network or wasn't configured.
+
+Then, you can see exactly HOW the technique was used in this attack, and also what you should do to mitigate it, by clicking on the technique and seeing the details. For example, let’s look at the [**Brute Force**](https://attack.mitre.org/techniques/T1110/) technique that’s a part of employing the [**Credentials Access**](https://attack.mitre.org/tactics/TA0006/) tactic:
+
+![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access.png "MITRE Report Credentials Access technique")
+
+In this example, you can see how the Monkey was able to use one old `root` password to access all machines in the network. When scrolling to the bottom of this list, you can also see the mitigation recommended, including **Account Use Policies** and implementing **Multiple Factor Authentication**.
+
+![MITRE Report Credentials Access technique](/images/usage/reports/mitre-report-cred-access-mitigations.png "MITRE Report Credentials Access technique")
diff --git a/docs/content/usage/reports/security.files/infection_monkey_security_report_example.pdf b/docs/content/usage/reports/security.files/infection_monkey_security_report_example.pdf
new file mode 100644
index 00000000000..ed25290d40d
Binary files /dev/null and b/docs/content/usage/reports/security.files/infection_monkey_security_report_example.pdf differ
diff --git a/docs/content/usage/reports/security.md b/docs/content/usage/reports/security.md
new file mode 100644
index 00000000000..a36106183c4
--- /dev/null
+++ b/docs/content/usage/reports/security.md
@@ -0,0 +1,97 @@
+---
+title: "Security report"
+date: 2020-06-24T21:16:10+03:00
+draft: false
+---
+
+{{% notice info %}}
+Check out [the documentation for the other reports as well](../).
+{{% /notice %}}
+
+The Monkey's Security Report is built to provide you with actionable recommendations and insight to the Attacker's view of your network. You can download a PDF of this example report:
+
+{{%attachments title="Download the PDF" pattern=".*(pdf)"/%}}
+
+The report is split into 3 main categories: "Overview", "Recommendations" and "The network from the Monkey's eyes".
+
+- [Overview](#overview)
+ - [High level information](#high-level-information)
+ - [Used Credentials](#used-credentials)
+ - [Exploits and targets](#exploits-and-targets)
+ - [Security Findings](#security-findings)
+- [Recommendations](#recommendations)
+ - [Machine related recommendations relating to specific CVEs](#machine-related-recommendations-relating-to-specific-cves)
+ - [Machine related recommendations relating to network security and segmentation](#machine-related-recommendations-relating-to-network-security-and-segmentation)
+- [The network from the Monkey's eyes](#the-network-from-the-monkeys-eyes)
+ - [Network infection map](#network-infection-map)
+ - [Scanned servers](#scanned-servers)
+ - [Exploits and post-breach actions](#exploits-and-post-breach-actions)
+ - [Stolen Credentials](#stolen-credentials)
+
+## Overview
+
+The overview section of the report provides high-level information about the Monkey execution and the main security findings that the Monkey has found.
+
+### High level information
+
+The report starts with information about the execution, including how long the simulation took and from which machine the infection started from.
+
+![Overview](/images/usage/reports/sec_report_1_overview.png "Overview")
+
+### Used Credentials
+
+The report will show which credentials were used for brute-forcing.
+
+![Used Credentials](/images/usage/reports/sec_report_2_users_passwords.png "Used Credentials")
+
+### Exploits and targets
+
+The report shows which exploits were attempted in this simulation and which targets the Monkey scanned and tried to exploit.
+
+![Exploits and Targets](/images/usage/reports/sec_report_3_exploits_ips.png "Exploits and Targets")
+
+### Security Findings
+
+The report highlights the most important security threats and issues the Monkey discovered during the attack.
+
+![Threats and issues](/images/usage/reports/sec_report_4_threats_and_issues.png "Threats and issues")
+
+## Recommendations
+
+This section contains the Monkey's recommendations for improving your security - what mitigations you need to implement.
+
+### Machine related recommendations relating to specific CVEs
+
+![Machine related recommendations](/images/usage/reports/sec_report_5_machine_related.png "Machine related recommendations")
+
+### Machine related recommendations relating to network security and segmentation
+
+![Machine related recommendations](/images/usage/reports/sec_report_6_machine_related_network.png "Machine related recommendations")
+
+## The network from the Monkey's eyes
+
+This section contains the Infection Map and some summary tables on servers the Monkey has found.
+
+### Network infection map
+
+This part shows the network map and a breakdown of how many machines were breached.
+
+![Network map](/images/usage/reports/sec_report_7_network_map.png "Network map")
+
+### Scanned servers
+
+This part shows the attack surface the Monkey has found.
+
+![Scanned servers](/images/usage/reports/sec_report_8_network_services.png "Scanned servers")
+
+### Exploits and post-breach actions
+
+This part shows which exploits and Post Breach Actions the Monkey has performed in this simulation.
+
+![Exploits and PBAs](/images/usage/reports/sec_report_9_exploits_pbas.png "Exploits and PBAs")
+
+### Stolen Credentials
+
+This part shows which credentials the Monkey was able to steal from breached machines in this simulation.
+
+![Stolen creds](/images/usage/reports/sec_report_10_stolen_credentials.png "Stolen creds")
diff --git a/docs/content/usage/reports/zero-trust.md b/docs/content/usage/reports/zero-trust.md
new file mode 100644
index 00000000000..8d6c55aaaff
--- /dev/null
+++ b/docs/content/usage/reports/zero-trust.md
@@ -0,0 +1,46 @@
+---
+title: "Zero Trust report"
+date: 2020-06-24T21:16:18+03:00
+draft: false
+---
+
+{{% notice info %}}
+Check out [the documentation for the other reports as well](../).
+{{% /notice %}}
+
+The Guardicore Infection Monkey runs different tests to evaluate your network adherence to key components of the Zero Trust framework as established by Forrester, such as whether you have applied segmentation, user identity, encryption and more. Then, the Monkey generates a status report with detailed explanations of security gaps and prescriptive instructions on how to rectify them.
+
+## Summary
+
+This diagram provides a quick glance at how your organization scores on each component of the Forrester’s Zero Trust model with **Failed**, **Verify**, **Passed** and **Unexecuted** verdicts.
+
+- {{< label danger Failed >}} At least one of the tests related to this component failed. This means that the Infection Monkey detected an unmet Zero Trust requirement.
+- {{< label warning Verify >}} At least one of the tests’ results related to this component requires further manual verification.
+- {{< label success Passed >}} All Tests related to this pillar passed. No violation of a Zero Trust guiding principle was detected.
+- {{< label other Unexecuted >}} This status means no tests were executed for this pillar.
+
+![Zero Trust Report summary](/images/usage/reports/ztreport1.png "Zero Trust Report summary")
+
+## Test Results
+
+See how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust components so you can quickly navigate to the components you care about first.
+
+![Zero Trust Report test results](/images/usage/reports/ztreport2.png "Zero Trust Report test results")
+
+## Findings
+
+Deep-dive into the details of each test, and see the explicit events and exact timestamps in which things happened in your network. This will enable you to match up with your SOC logs and alerts and to gain deeper insight as to what exactly happened during each of the tests.
+
+![Zero Trust Report Findings](/images/usage/reports/ztreport3.png "Zero Trust Report Findings")
+
+## Events
+
+The results are exportable. Click Export after clicking on Events to view them in a machine-readable format.
+
+![Zero Trust Report events](/images/usage/reports/ztreport4.png "Zero Trust Report events")
+
+## Overview Video
+
+You can check out an overview video here:
+
+{{% youtube z4FNu3WCd9o %}}
diff --git a/docs/content/usage/scenarios.md b/docs/content/usage/scenarios.md
new file mode 100644
index 00000000000..20cab0d27d0
--- /dev/null
+++ b/docs/content/usage/scenarios.md
@@ -0,0 +1,104 @@
+---
+title: "Scenarios"
+date: 2020-05-26T21:01:19+03:00
+draft: false
+weight: 2
+tags: ["usage"]
+pre: " "
+---
+
+In this page we show how you can use the Infection Monkey to simulate breach and attack scenarios as well as to share some cool tips and tricks you can use to up your Infection Monkey game. This page is aimed at both novice and experienced Monkey users. You can also refer to [our FAQ](../../faq) for more specific questions and answers.
+
+Here are a few scenarios that can be replicated in your own environment by executing the Monkey from different locations within the network, or with some tweaks to the Monkey’s configuration.
+
+{{% notice note %}}
+No worries! The Monkey does not cause any permanent system modifications that impact security or operations. You will be able to track the Monkey using the log files it leaves in well defined locations. [See our FAQ for more details](../faq).
+{{% /notice %}}
+
+- [Your network has been breached via internet facing servers](#your-network-has-been-breached-via-internet-facing-servers)
+ - [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey)
+- [You are the newest victim of a phishing fraud! 🎣](#you-are-the-newest-victim-of-a-phishing-fraud)
+ - [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-1)
+- [You want to test your network segmentation](#you-want-to-test-your-network-segmentation)
+ - [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-2)
+- [You want to verify your security solutions, procedures and teams are working as intended](#you-want-to-verify-your-security-solutions-procedures-and-teams-are-working-as-intended)
+ - [Simulate this scenario using the Monkey](#simulate-this-scenario-using-the-monkey-3)
+- [Other useful tips](#other-useful-tips)
+
+## Your network has been breached via internet facing servers
+
+Whether it was the [Hex-men campaign](https://www.guardicore.com/2017/12/beware-the-hex-men/) that hit your Internet-facing DB server, a [cryptomining operation that attacked your WordPress site](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining-2/) or any other malicious campaign – the attackers are now trying to go deeper into your network.
+
+### Simulate this scenario using the Monkey
+
+To simulate this breach scenario, execute the Infection Monkey on different machines that host internet-facing services such as your web servers (Apache, Tomcat, NGINX…) or your VPN servers. To see how to execute the Monkey on these servers, [refer to this FAQ question](../../faq#after-ive-set-up-monkey-island-how-can-i-execute-the-monkey).
+
+{{% notice tip %}}
+If you want to simulate a very “deep” attack into your network, see our [configuration documentation](../configuration).
+{{% /notice %}}
+
+After executing the Monkey, evaluate the results of this simulation using the information in the Report page. There you will find a summary of the most important things the simulation has discovered, a detailed report of all the Monkey’s findings and more. You can also use the Infection Map to analyze the Monkey’s progress through the network, and to see each Monkey’s detailed telemetry and logs.
+
+## You are the newest victim of a phishing fraud! 🎣
+
+Almost everyone is prone to phishing attacks. Results of a successful phishing attempt can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
+
+This scenario begins in a section of the network which is a potential phishing spot. Phishing attacks target human users - as such, these types of attacks try to penetrate the network via a service an employee is using, such as an email with an attached malware or social media message with a link redirecting to a malicious website. These are just two examples of where and how an attacker may choose to launch their campaign.
+
+### Simulate this scenario using the Monkey
+
+To simulate the damage from a successful phishing attack using the Infection Monkey, choose machines in your network from potentially problematic group of machines, such as the laptop of one of your heavy email users or one of your strong IT users (think of people who are more likely to correspond with people outside of your organization).
+
+- After setting up the Island add the users’ **real** credentials (usernames and passwords) to the Monkey’s configuration (Don’t worry, this sensitive data is not accessible and is not distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Island’s configuration). Now you can simulate an attacker attempting to probe deeper in the network with credentials “successfully” phished.
+- You can configure these credentials for the Monkey as follows:
+From the **“Basic - Credentials”** tab of the Island’s configuration, under the **“Exploit password list”** press the ‘+’ button and add the passwords you would like the Monkey to use. Do the same with usernames in the **“Exploit user list”**.
+
+![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
+
+After supplying the Monkey with the passwords and usernames, execute the Monkey from the simulated “victim” machines. To do this, click “**2. Run Monkey**” from the left sidebar menu and choose “**Run on machine of your choice**”.
+
+## You want to test your network segmentation
+
+Segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually, typically using policies. A useful way to test the effectiveness of your segmentation is to ensure that your network segments are properly separated, e,g, your Development is separated from your Production, your applications are separated from one another etc. "to security test is to verify that your network segmentation is configured properly. This way you make sure that even if a certain attacker has breached your defenses, it can’t move laterally from point A to point B.
+
+[Segmentation is key](https://www.guardicore.com/use-cases/micro-segmentation/) to protecting your network, reducing the attack surface and minimizing the damage of a breach. The Monkey can help you test your segmentation settings with its cross-segment traffic testing feature.
+
+### Simulate this scenario using the Monkey
+
+As an example, the following configuration makes sure machines in the “10.0.0.0/24” segment (segment A) and the “11.0.0.2/32” segment (segment B) can’t communicate with each other, along with an additional machine in 13.37.41.50.
+
+![How to configure network segmentation testing](/images/usage/scenarios/segmentation-config.png "How to configure network segmentation testing")
+
+## You want to verify your security solutions, procedures and teams are working as intended
+
+The Infection Monkey can help you verify that your security solutions are working the way you expected them to. These may include your IR and SOC teams, your SIEM, your firewall, your endpoint security solution, and more.
+
+### Simulate this scenario using the Monkey
+
+Run the Monkey with whichever configuration you prefer. The default is good enough for many cases; but for example, you can add some old users and passwords. Running the Monkey on both the Island and on a few other machines in the network is also recommended, as it increases coverage and propagation rates.
+
+After running the Monkey, follow the Monkeys’ actions on the Monkey Island’s infection map.
+
+Now you can match this activity from the Monkey timeline display to your internal SIEM and make sure your security solutions are identifying and correctly alerting on different attacks.
+
+- The red arrows indicate successful exploitations. If you see red arrows, those incidents ought to be reported as exploitation attempts, so check whether you are receiving alerts from your security systems as expected.
+- The orange arrows indicate scanning activity, usually used by attackers to locate potential vulnerabilities. If you see orange arrows, those incidents ought to be reported as scanning attempts (and possibly as segmentation violations).
+- The blue arrows indicate tunneling activity, usually used by attackers to infiltrate “protected” networks from the Internet. Perhaps someone is trying to bypass your firewall to gain access to a protected service in your network? Check if your micro-segmentation / firewall solution identify or report anything.
+
+While running this scenario, be on the lookout for the action that should arise: Did you get a phone call telling you about suspicious activity inside your network? Are events flowing into your security events aggregators? Are you getting emails from your IR teams? Is the endpoint protection software you installed on machines in the network reporting on anything? Are your compliance scanners detecting anything wrong?
+
+## Other useful tips
+
+Here are a few tips which can help you push the Infection Monkey even further:
+
+- Make sure the Monkey is configured to scan its local network but in addition, configure it with specific targets. To add these targets, add their IP addresses (or the IP ranges in which they reside) to the Scan IP/subnet list using the `+` button. Here’s an example of how this is achieved:
+
+![How to configure Scan IP/subnet list](/images/usage/scenarios/scan-list-config.png "How to configure Scan IP/subnet list")
+
+- Every network has its old “skeleton keys” that should have long been discarded. Configure the Monkey with old and stale passwords, but make sure that they were really discarded using the Monkey. To add the old passwords, in the island’s configuration, go to the “Exploit password list” under “Basic - Credentials” and use the “+” button to add the old passwords to the configuration. For example, here we added a few extra passwords (and a username as well) to the configuration:
+
+![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
+
+- To see the Monkey executing in real-time on your servers, add the **post-breach action** command: `wall “Infection Monkey was here”`. This post breach command will broadcast a message across all open terminals on the servers the Monkey breached, to achieve the following: Let you know the Monkey ran successfully on the server. let you follow the breach “live” alongside the infection map, and check which terminals are logged and monitored inside your network. See below:
+
+![How to configure post breach commands](/images/usage/scenarios/pba-example.png "How to configure post breach commands.")
diff --git a/docs/layouts/partials/favicon.html b/docs/layouts/partials/favicon.html
new file mode 100644
index 00000000000..06fdec3722a
--- /dev/null
+++ b/docs/layouts/partials/favicon.html
@@ -0,0 +1 @@
+
diff --git a/docs/layouts/partials/logo.html b/docs/layouts/partials/logo.html
new file mode 100644
index 00000000000..5810c9b8e6d
--- /dev/null
+++ b/docs/layouts/partials/logo.html
@@ -0,0 +1,8 @@
+