Repositories list

• cloudgoat

  Public
  CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •751751 forks•3.5k3.5k stars•1717 issues•44 pull requests•Updated Apr 21, 2026Apr 21, 2026

• pacu

  Public
  The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

  pythonawssecurity+ 2

  pythonawssecuritypenetration-testingaws-security

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •782782 forks•5.1k5.1k stars•2121 issues•1111 pull requests•Updated Mar 30, 2026Mar 30, 2026

• IPRotate_Burp_Extension

  Public
  Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

  hackingaws-apigatewaywebapp+ 2

  hackingaws-apigatewaywebapppenetration-testingburpsuite

  Python

  •150150 forks•891891 stars•22 issues•00 pull requests•Updated Feb 23, 2026Feb 23, 2026

• IAMActionHunter

  Public

  RhinoSecurityLabs/IAMActionHunter’s past year of commit activity
  An AWS IAM policy statement parser and query tool.

  Python

  •

  Apache License 2.0

  •1717 forks•199199 stars•11 issue•00 pull requests•Updated Feb 10, 2026Feb 10, 2026

• GCP-IAM-Privilege-Escalation

  Public
  A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •7878 forks•420420 stars•55 issues•33 pull requests•Updated Oct 6, 2025Oct 6, 2025

• CVEs

  Public
  Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •249249 forks•894894 stars•00 issues•11 pull request•Updated Jun 4, 2025Jun 4, 2025

• dsnap

  Public
  Utility for downloading and mounting EBS snapshots using the EBS Direct API's

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •99 forks•9393 stars•66 issues•22 pull requests•Updated Mar 17, 2025Mar 17, 2025

• GCPBucketBrute

  Public
  A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •9090 forks•560560 stars•44 issues•33 pull requests•Updated May 26, 2023May 26, 2023

• Swagger-EZ

  Public
  A tool geared towards pentesting APIs using OpenAPI definitions.

  JavaScript

  •

  BSD 3-Clause "New" or "Revised" License

  •4545 forks•188188 stars•11 issue•00 pull requests•Updated Oct 27, 2022Oct 27, 2022

• CloudScraper

  Public
  CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

  Python

  •

  MIT License

  •114114 forks•3434 stars•00 issues•11 pull request•Updated Mar 7, 2022Mar 7, 2022

• little-stitch

  Public
  Send and receive bypassing Little Snitch alerting.

  Go

  •22 forks•1313 stars•00 issues•00 pull requests•Updated Jan 27, 2022Jan 27, 2022

• amazon-ssm-agent

  Public
  Fork of amazon-ssm-agent that can run as any user in parallel with the official service.

  Go

  •

  Apache License 2.0

  •350350 forks•44 stars•00 issues•00 pull requests•Updated Dec 3, 2021Dec 3, 2021

• Security-Research

  Public
  Exploits written by the Rhino Security Labs team

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •296296 forks•1.1k1.1k stars•99 issues•33 pull requests•Updated Jan 23, 2021Jan 23, 2021

• Cloud-Security-Research

  Public
  Cloud-related research releases from the Rhino Security Labs team.

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •6868 forks•392392 stars•00 issues•00 pull requests•Updated Apr 23, 2020Apr 23, 2020

• ccat

  Public
  Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

  dockerkubernetesaws+ 15

  dockerkubernetesawsgooglecloudamazongcprhinocybersecuritygke+ 8

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •110110 forks•649649 stars•22 issues•00 pull requests•Updated Nov 21, 2019Nov 21, 2019

• SleuthQL

  Public
  Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.

  Python

  •

  BSD 3-Clause Clear License

  •8383 forks•471471 stars•55 issues•11 pull request•Updated Nov 14, 2019Nov 14, 2019

• AWS-IAM-Privilege-Escalation

  Public
  A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.

  BSD 3-Clause "New" or "Revised" License

  •123123 forks•927927 stars•11 issue•00 pull requests•Updated Jul 25, 2019Jul 25, 2019

• Presentations

  Public
  A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.

  BSD 3-Clause "New" or "Revised" License

  •66 forks•3737 stars•00 issues•00 pull requests•Updated Aug 13, 2018Aug 13, 2018

• Aggressor-Scripts

  Public
  Aggregation of Cobalt Strike's aggressor scripts.

  PowerShell

  •4141 forks•141141 stars•11 issue•00 pull requests•Updated Mar 31, 2018Mar 31, 2018

• external_c2_framework

  Public
  Python api for usage with cobalt strike's External C2 specification

  Python

  •9898 forks•7272 stars•00 issues•00 pull requests•Updated Feb 15, 2018Feb 15, 2018