Skip to content

@RhinoSecurityLabs Rhino Security Labs

Change the repository type filter

All

    Repositories list

    15 repositories

    • cloudgoat

      Public
      CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
      Python
      BSD 3-Clause "New" or "Revised" License
      7473.6k174Updated Apr 28, 2026Apr 28, 2026

    • pacu

      Public
      The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
      pythonawssecurity
      pythonawssecuritypenetration-testingaws-security
      Python
      BSD 3-Clause "New" or "Revised" License
      7865.2k2112Updated Apr 27, 2026Apr 27, 2026

    • IPRotate_Burp_Extension

      Public
      Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
      hackingaws-apigatewaywebapp
      hackingaws-apigatewaywebapppenetration-testingburpsuite
      Python
      14989120Updated Feb 23, 2026Feb 23, 2026

    • IAMActionHunter

      Public
      An AWS IAM policy statement parser and query tool.
      Python
      Apache License 2.0
      1819910Updated Feb 10, 2026Feb 10, 2026

    • GCP-IAM-Privilege-Escalation

      Public
      A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
      Python
      BSD 3-Clause "New" or "Revised" License
      7941853Updated Oct 6, 2025Oct 6, 2025

    • CVEs

      Public
      Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs
      cvesecurity-research
      cvesecurity-research
      Python
      BSD 3-Clause "New" or "Revised" License
      25189401Updated Jun 4, 2025Jun 4, 2025

    • dsnap

      Public
      Utility for downloading and mounting EBS snapshots using the EBS Direct API's
      svc-aws
      svc-aws
      Python
      BSD 3-Clause "New" or "Revised" License
      99362Updated Mar 17, 2025Mar 17, 2025

    • GCPBucketBrute

      Public
      A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
      Python
      BSD 3-Clause "New" or "Revised" License
      9056243Updated May 26, 2023May 26, 2023

    • Swagger-EZ

      Public
      A tool geared towards pentesting APIs using OpenAPI definitions.
      svc-api
      svc-api
      JavaScript
      BSD 3-Clause "New" or "Revised" License
      4618810Updated Oct 27, 2022Oct 27, 2022

    • little-stitch

      Public
      Send and receive bypassing Little Snitch alerting.
      Go
      21300Updated Jan 27, 2022Jan 27, 2022

    • Security-Research

      Public
      Exploits written by the Rhino Security Labs team
      Python
      BSD 3-Clause "New" or "Revised" License
      2961.1k93Updated Jan 23, 2021Jan 23, 2021

    • Cloud-Security-Research

      Public
      Cloud-related research releases from the Rhino Security Labs team.
      Python
      BSD 3-Clause "New" or "Revised" License
      6839200Updated Apr 23, 2020Apr 23, 2020

    • ccat

      Public
      Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
      dockerkubernetesaws
      dockerkubernetesawsgooglecloudamazongcprhinocybersecuritygke
      Python
      BSD 3-Clause "New" or "Revised" License
      11065120Updated Nov 21, 2019Nov 21, 2019

    • AWS-IAM-Privilege-Escalation

      Public
      A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
      BSD 3-Clause "New" or "Revised" License
      12392710Updated Jul 25, 2019Jul 25, 2019

    • Presentations

      Public
      A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.
      BSD 3-Clause "New" or "Revised" License
      63700Updated Aug 13, 2018Aug 13, 2018
    ProTip! When viewing an organization's repositories, you can use the props. filter to filter by custom property.