Skip to content
Change the repository type filter

All

    Repositories list

    • cloudgoat

      Public
      CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
      Python
      BSD 3-Clause "New" or "Revised" License
      6333k87Updated Dec 20, 2024Dec 20, 2024
    • pacu

      Public
      The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
      Python
      BSD 3-Clause "New" or "Revised" License
      7054.4k233Updated Nov 14, 2024Nov 14, 2024
    • CVEs

      Public
      A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
      Python
      BSD 3-Clause "New" or "Revised" License
      23981000Updated Nov 8, 2024Nov 8, 2024
    • Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
      Python
      14782230Updated May 14, 2024May 14, 2024
    • A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
      Python
      BSD 3-Clause "New" or "Revised" License
      7435253Updated Apr 18, 2024Apr 18, 2024
    • An AWS IAM policy statement parser and query tool.
      Python
      Apache License 2.0
      1316210Updated Feb 13, 2024Feb 13, 2024
    • A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
      Python
      BSD 3-Clause "New" or "Revised" License
      8549352Updated May 26, 2023May 26, 2023
    • dsnap

      Public
      Utility for downloading and mounting EBS snapshots using the EBS Direct API's
      Python
      BSD 3-Clause "New" or "Revised" License
      97862Updated Feb 8, 2023Feb 8, 2023
    • A tool geared towards pentesting APIs using OpenAPI definitions.
      JavaScript
      BSD 3-Clause "New" or "Revised" License
      4017110Updated Oct 27, 2022Oct 27, 2022
    • CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
      Python
      MIT License
      1092901Updated Mar 7, 2022Mar 7, 2022
    • Send and receive bypassing Little Snitch alerting.
      Go
      21000Updated Jan 27, 2022Jan 27, 2022
    • Fork of amazon-ssm-agent that can run as any user in parallel with the official service.
      Go
      Apache License 2.0
      326400Updated Dec 3, 2021Dec 3, 2021
    • Exploits written by the Rhino Security Labs team
      Python
      BSD 3-Clause "New" or "Revised" License
      2981.1k83Updated Jan 23, 2021Jan 23, 2021
    • Cloud-related research releases from the Rhino Security Labs team.
      Python
      BSD 3-Clause "New" or "Revised" License
      6835900Updated Apr 23, 2020Apr 23, 2020
    • ccat

      Public
      Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
      Python
      BSD 3-Clause "New" or "Revised" License
      10159820Updated Nov 21, 2019Nov 21, 2019
    • SleuthQL

      Public
      Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
      Python
      BSD 3-Clause Clear License
      8446651Updated Nov 14, 2019Nov 14, 2019
    • A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
      BSD 3-Clause "New" or "Revised" License
      11890210Updated Jul 25, 2019Jul 25, 2019
    • A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.
      BSD 3-Clause "New" or "Revised" License
      63700Updated Aug 13, 2018Aug 13, 2018
    • Aggregation of Cobalt Strike's aggressor scripts.
      PowerShell
      4214410Updated Mar 31, 2018Mar 31, 2018
    • Python api for usage with cobalt strike's External C2 specification
      Python
      956700Updated Feb 15, 2018Feb 15, 2018