Rclone
Featured⚖️ Dual Use · Go
Rclone is a command-line program to manage files on cloud storage. It supports over 70 cloud storage providers including S3, Google Drive, Dropbox, OneDrive, Azure Blob, and more. While it's a legitimate and extremely useful sysadmin tool, it's frequently observed in ransomware operations and data theft incidents for large-scale exfiltration to attacker-controlled cloud storage. DFIR teams track rclone usage as a key indicator of compromise.
Installation
$ brew install rcloneUse Cases
- Cloud storage management and synchronization
- Backup automation to multiple cloud providers
- Data migration between cloud services
- Known exfiltration tool in ransomware operations
- Mounting cloud storage as local filesystem
Tags
Details
- Category
- ⚖️ Dual Use
- Language
- Go
- Repository
- rclone/rclone
Platforms
More in Dual Use
ProxyChains-ng
CForce any TCP connection through SOCKS4/5 or HTTP proxies. Chain multiple proxies for anonymity.
Socat
CMultipurpose relay tool. Bidirectional data transfer between two data channels — sockets, files, pipes, devices.
ngrok
GoExpose local servers to the internet via secure tunnels. Instant public URLs for localhost services.
GTFOBins
ShellCurated list of Unix binaries that can be used to bypass security restrictions. Living off the land, documented.
LOLBAS
ShellLiving Off The Land Binaries, Scripts and Libraries for Windows. Documenting every Windows binary with offensive potential.
Sysinternals Suite
C/C++Microsoft's advanced system utilities. PsExec, Process Monitor, Autoruns, TCPView — essential for both ops and offense.