Explore @RhinoSecurityLabs Open Source projects

Rhino Security Labs (@RhinoSecurityLabs)

RhinoSecurityLabs

Stars
13,718
Global Org. Rank 1,706 (Top 0.6 %)
Registered over 9 years ago
Most used languages

Python
80.0 %

Go
6.7 %

JavaScript
6.7 %

PowerShell
6.7 %
Location 🇺🇸 United States
Country Total Rank 835
Country Ranking

Python
102

PowerShell
188

JavaScript
6,006

Go
6,838

pacu

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

cloudgoat

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Security-Research

Exploits written by the Rhino Security Labs team

AWS-IAM-Privilege-Escalation

A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.

IPRotate_Burp_Extension

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

CVEs

A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.

ccat

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

GCPBucketBrute

A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

SleuthQL

Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.

Cloud-Security-Research

Cloud-related research releases from the Rhino Security Labs team.

GCP-IAM-Privilege-Escalation

A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.

Swagger-EZ

A tool geared towards pentesting APIs using OpenAPI definitions.

IAMActionHunter

An AWS IAM policy statement parser and query tool.

Aggressor-Scripts

Aggregation of Cobalt Strike's aggressor scripts.

dsnap

Utility for downloading and mounting EBS snapshots using the EBS Direct API's

Presentations

A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.

little-stitch

Send and receive bypassing Little Snitch alerting.