Skip to content
@RhinoSecurityLabs

Rhino Security Labs

A boutique penetration testing and security assessment firm in Seattle, WA.

Pinned Loading

  1. pacu Public

    The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

    Python 4.6k 722

  2. cloudgoat Public

    CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

    Python 3.1k 646

  3. CVEs Public

    A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.

    Python 829 240

  4. IAMActionHunter Public

    An AWS IAM policy statement parser and query tool.

    Python 173 13

  5. IPRotate_Burp_Extension Public

    Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

    Python 832 148

  6. ccat Public

    Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

    Python 615 104

Repositories

Showing 10 of 20 repositories
  • cloudgoat Public

    CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

    Python 3,088 BSD-3-Clause 646 8 (1 issue needs help) 8 Updated Jan 29, 2025
  • CVEs Public

    A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.

    Python 829 BSD-3-Clause 240 0 0 Updated Jan 29, 2025
  • pacu Public

    The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

    Python 4,557 BSD-3-Clause 722 22 6 Updated Jan 29, 2025
  • IPRotate_Burp_Extension Public

    Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

    Python 832 148 3 0 Updated May 14, 2024
  • GCP-IAM-Privilege-Escalation Public

    A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.

    Python 370 BSD-3-Clause 73 5 2 Updated Apr 18, 2024
  • IAMActionHunter Public

    An AWS IAM policy statement parser and query tool.

    Python 173 Apache-2.0 13 1 0 Updated Feb 13, 2024
  • GCPBucketBrute Public

    A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

    Python 503 BSD-3-Clause 86 5 2 Updated May 26, 2023
  • dsnap Public

    Utility for downloading and mounting EBS snapshots using the EBS Direct API's

    Python 81 BSD-3-Clause 9 6 2 Updated Feb 8, 2023
  • Swagger-EZ Public

    A tool geared towards pentesting APIs using OpenAPI definitions.

    JavaScript 174 BSD-3-Clause 40 1 0 Updated Oct 27, 2022
  • CloudScraper Public Forked from jordanpotti/CloudScraper

    CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

    Python 30 MIT 112 0 1 Updated Mar 7, 2022

People

This organization has no public members. You must be a member to see who’s a part of this organization.