Skip to content
@RhinoSecurityLabs

Rhino Security Labs

A boutique penetration testing and security assessment firm in Seattle, WA.

Pinned Loading

  1. pacu pacu Public

    The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

    Python 5k 768

  2. cloudgoat cloudgoat Public

    CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

    Python 3.5k 729

  3. CVEs CVEs Public

    Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs

    Python 888 248

  4. IAMActionHunter IAMActionHunter Public

    An AWS IAM policy statement parser and query tool.

    Python 196 18

  5. IPRotate_Burp_Extension IPRotate_Burp_Extension Public

    Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

    Python 881 152

  6. ccat ccat Public

    Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

    Python 646 110

Repositories

Showing 10 of 20 repositories
  • cloudgoat Public

    CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

    RhinoSecurityLabs/cloudgoat’s past year of commit activity
    Python 3,451 BSD-3-Clause 729 18 (1 issue needs help) 22 Updated Jan 24, 2026
  • pacu Public

    The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

    RhinoSecurityLabs/pacu’s past year of commit activity
    Python 5,042 BSD-3-Clause 768 26 9 Updated Nov 8, 2025
  • GCP-IAM-Privilege-Escalation Public

    A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.

    RhinoSecurityLabs/GCP-IAM-Privilege-Escalation’s past year of commit activity
    Python 411 BSD-3-Clause 77 5 3 Updated Oct 6, 2025
  • IAMActionHunter Public

    An AWS IAM policy statement parser and query tool.

    RhinoSecurityLabs/IAMActionHunter’s past year of commit activity
    Python 196 Apache-2.0 18 0 0 Updated Jun 26, 2025
  • CVEs Public

    Proof-of-Concept exploits for CVEs found by the team at Rhino Security Labs

    RhinoSecurityLabs/CVEs’s past year of commit activity
    Python 888 BSD-3-Clause 248 0 1 Updated Jun 4, 2025
  • dsnap Public

    Utility for downloading and mounting EBS snapshots using the EBS Direct API's

    RhinoSecurityLabs/dsnap’s past year of commit activity
    Python 91 BSD-3-Clause 9 6 2 Updated Mar 17, 2025
  • IPRotate_Burp_Extension Public

    Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

    RhinoSecurityLabs/IPRotate_Burp_Extension’s past year of commit activity
    Python 881 152 2 0 Updated Mar 5, 2025
  • GCPBucketBrute Public

    A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

    RhinoSecurityLabs/GCPBucketBrute’s past year of commit activity
    Python 553 BSD-3-Clause 90 4 3 Updated May 27, 2023
  • Swagger-EZ Public

    A tool geared towards pentesting APIs using OpenAPI definitions.

    RhinoSecurityLabs/Swagger-EZ’s past year of commit activity
    JavaScript 185 BSD-3-Clause 42 1 0 Updated Oct 27, 2022
  • CloudScraper Public Forked from jordanpotti/CloudScraper

    CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

    RhinoSecurityLabs/CloudScraper’s past year of commit activity
    Python 34 MIT 114 0 1 Updated Mar 7, 2022
View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Most used topics

Loading…