Rhino Security Labs
A boutique penetration testing and security assessment firm in Seattle, WA.
Seattle, WA
Pinned Repositories
AWS-IAM-Privilege-Escalation
A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
ccat
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
cloudgoat
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
CVEs
A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
GCPBucketBrute
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
IAMActionHunter
An AWS IAM policy statement parser and query tool.
IPRotate_Burp_Extension
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Security-Research
Exploits written by the Rhino Security Labs team
SleuthQL
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
Rhino Security Labs's Repositories
RhinoSecurityLabs/pacu
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
RhinoSecurityLabs/cloudgoat
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
RhinoSecurityLabs/Security-Research
Exploits written by the Rhino Security Labs team
RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
RhinoSecurityLabs/IPRotate_Burp_Extension
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
RhinoSecurityLabs/CVEs
A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
RhinoSecurityLabs/ccat
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
RhinoSecurityLabs/GCPBucketBrute
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.
RhinoSecurityLabs/SleuthQL
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
RhinoSecurityLabs/Cloud-Security-Research
Cloud-related research releases from the Rhino Security Labs team.
RhinoSecurityLabs/GCP-IAM-Privilege-Escalation
A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.
RhinoSecurityLabs/Swagger-EZ
A tool geared towards pentesting APIs using OpenAPI definitions.
RhinoSecurityLabs/IAMActionHunter
An AWS IAM policy statement parser and query tool.
RhinoSecurityLabs/Aggressor-Scripts
Aggregation of Cobalt Strike's aggressor scripts.
RhinoSecurityLabs/dsnap
Utility for downloading and mounting EBS snapshots using the EBS Direct API's
RhinoSecurityLabs/external_c2_framework
Python api for usage with cobalt strike's External C2 specification
RhinoSecurityLabs/Presentations
A collection of slides, videos, and proof-of-concept scripts from various Rhino presentations.
RhinoSecurityLabs/CloudScraper
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
RhinoSecurityLabs/little-stitch
Send and receive bypassing Little Snitch alerting.
RhinoSecurityLabs/amazon-ssm-agent
Fork of amazon-ssm-agent that can run as any user in parallel with the official service.