Explore @RhinoSecurityLabs Open Source projects

Rhino Security Labs (@RhinoSecurityLabs)

RhinoSecurityLabs

Stars
12,660
Global Org. Rank 1,830 (Top 0.6 %)
Registered over 9 years ago
Most used languages

Python
80.0 %

JavaScript
6.7 %

Go
6.7 %

PowerShell
6.7 %
Location 🇺🇸 United States
Country Total Rank 835
Country Ranking

Python
115

PowerShell
184

JavaScript
6,134

Go
6,859

pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

cloudgoat

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Security-Research

Exploits written by the Rhino Security Labs team

AWS-IAM-Privilege-Escalation

A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.

IPRotate_Burp_Extension

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

CVEs

A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.

ccat

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

SleuthQL

Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.

GCPBucketBrute

A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

Cloud-Security-Research

Cloud-related research releases from the Rhino Security Labs team.

GCP-IAM-Privilege-Escalation

A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.

Swagger-EZ

A tool geared towards pentesting APIs using OpenAPI definitions.

Aggressor-Scripts

Aggregation of Cobalt Strike's aggressor scripts.

IAMActionHunter

An AWS IAM policy statement parser and query tool.

dsnap

Utility for downloading and mounting EBS snapshots using the EBS Direct API's

Presentations

A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.

little-stitch

Send and receive bypassing Little Snitch alerting.