Rhino Security Labs

A boutique penetration testing and security assessment firm in Seattle, WA.

Verified
We've verified that the organizationRhinoSecurityLabs controls the domain:
- rhinosecuritylabs.com
Learn more about verified organizations

PinnedLoading

pacupacuPublic
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Python 4.6k 724
cloudgoatcloudgoatPublic
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
Python 3.1k 656
CVEsCVEsPublic
A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
Python 832 241
IAMActionHunterIAMActionHunterPublic
An AWS IAM policy statement parser and query tool.
Python 174 13
IPRotate_Burp_ExtensionIPRotate_Burp_ExtensionPublic
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
Python 838 146
ccatccatPublic
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Python 619 104

Repositories

Showing 10 of 20 repositories

cloudgoat Public
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
RhinoSecurityLabs/cloudgoat’s past year of commit activity
Python 3,129BSD-3-Clause 656 7 (1 issue needs help) 3 UpdatedMar 21, 2025
pacu Public
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
RhinoSecurityLabs/pacu’s past year of commit activity
Python 4,597BSD-3-Clause 724 21 5 UpdatedMar 20, 2025
dsnap Public
Utility for downloading and mounting EBS snapshots using the EBS Direct API's
RhinoSecurityLabs/dsnap’s past year of commit activity
Python 82BSD-3-Clause 9 6 2 UpdatedMar 17, 2025
IPRotate_Burp_Extension Public
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
RhinoSecurityLabs/IPRotate_Burp_Extension’s past year of commit activity
Python 838 146 2 0 UpdatedMar 5, 2025
CVEs Public
A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
RhinoSecurityLabs/CVEs’s past year of commit activity
Python 832BSD-3-Clause 241 0 0 UpdatedJan 29, 2025
GCP-IAM-Privilege-Escalation Public
A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
RhinoSecurityLabs/GCP-IAM-Privilege-Escalation’s past year of commit activity
Python 376BSD-3-Clause 74 5 2 UpdatedApr 18, 2024
IAMActionHunter Public
An AWS IAM policy statement parser and query tool.
RhinoSecurityLabs/IAMActionHunter’s past year of commit activity
Python 174Apache-2.0 13 1 0 UpdatedFeb 13, 2024
GCPBucketBrute Public
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
RhinoSecurityLabs/GCPBucketBrute’s past year of commit activity
Python 509BSD-3-Clause 86 5 2 UpdatedMay 26, 2023
Swagger-EZ Public
A tool geared towards pentesting APIs using OpenAPI definitions.
RhinoSecurityLabs/Swagger-EZ’s past year of commit activity
JavaScript 174BSD-3-Clause 41 1 0 UpdatedOct 27, 2022
CloudScraper Public Forked fromjordanpotti/CloudScraper
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
RhinoSecurityLabs/CloudScraper’s past year of commit activity
Python 31MIT 111 0 1 UpdatedMar 7, 2022