Rhino Security Labs

All

20 repositories

cloudgoat
Public
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
Python
•
BSD 3-Clause "New" or "Revised" License
•698•3.3k•15•10•Updated Aug 6, 2025Aug 6, 2025
pacu
Public
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
python aws security penetration-testing aws-security
Python
•
BSD 3-Clause "New" or "Revised" License
•751•4.8k•23•8•Updated Jul 24, 2025Jul 24, 2025
IAMActionHunter
Public
An AWS IAM policy statement parser and query tool.
Python
•
Apache License 2.0
•16•193•0•0•Updated Jun 26, 2025Jun 26, 2025
CVEs
Public
Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs
Python
•
BSD 3-Clause "New" or "Revised" License
•250•870•0•1•Updated Jun 4, 2025Jun 4, 2025
dsnap
Public
Utility for downloading and mounting EBS snapshots using the EBS Direct API's
Python
•
BSD 3-Clause "New" or "Revised" License
•9•86•6•2•Updated Mar 17, 2025Mar 17, 2025
IPRotate_Burp_Extension
Public
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
hacking aws-apigateway webapp penetration-testing burpsuite
Python
•151•871•2•0•Updated Mar 5, 2025Mar 5, 2025
GCP-IAM-Privilege-Escalation
Public
A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
Python
•
BSD 3-Clause "New" or "Revised" License
•74•396•5•2•Updated Apr 18, 2024Apr 18, 2024
GCPBucketBrute
Public
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
Python
•
BSD 3-Clause "New" or "Revised" License
•89•530•5•3•Updated May 26, 2023May 26, 2023
Swagger-EZ
Public
A tool geared towards pentesting APIs using OpenAPI definitions.
JavaScript
•
BSD 3-Clause "New" or "Revised" License
•42•179•1•0•Updated Oct 27, 2022Oct 27, 2022
CloudScraper
Public
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Python
•
MIT License
•109•32•0•1•Updated Mar 7, 2022Mar 7, 2022
little-stitch
Public
Send and receive bypassing Little Snitch alerting.
Go
•2•12•0•0•Updated Jan 27, 2022Jan 27, 2022
amazon-ssm-agent
Public
Fork of amazon-ssm-agent that can run as any user in parallel with the official service.
Go
•
Apache License 2.0
•338•4•0•0•Updated Dec 3, 2021Dec 3, 2021
Security-Research
Public
Exploits written by the Rhino Security Labs team
Python
•
BSD 3-Clause "New" or "Revised" License
•295•1.1k•8•3•Updated Jan 23, 2021Jan 23, 2021
Cloud-Security-Research
Public
Cloud-related research releases from the Rhino Security Labs team.
Python
•
BSD 3-Clause "New" or "Revised" License
•68•391•0•0•Updated Apr 23, 2020Apr 23, 2020
ccat
Public
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
docker kubernetes aws google amazon gcp rhino cybersecurity gke k8s
Python
•
BSD 3-Clause "New" or "Revised" License
•107•638•2•0•Updated Nov 21, 2019Nov 21, 2019
SleuthQL
Public
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
Python
•
BSD 3-Clause Clear License
•82•470•5•1•Updated Nov 14, 2019Nov 14, 2019
AWS-IAM-Privilege-Escalation
Public
A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
BSD 3-Clause "New" or "Revised" License
•122•920•1•0•Updated Jul 25, 2019Jul 25, 2019
Presentations
Public
A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.
BSD 3-Clause "New" or "Revised" License
•6•38•0•0•Updated Aug 13, 2018Aug 13, 2018
Aggressor-Scripts
Public
Aggregation of Cobalt Strike's aggressor scripts.
PowerShell
•42•143•1•0•Updated Mar 31, 2018Mar 31, 2018
external_c2_framework
Public
Python api for usage with cobalt strike's External C2 specification
Python
•98•70•0•0•Updated Feb 15, 2018Feb 15, 2018