STORM v2.6.0.2 is a free and flexible C# tool designed for website security testing. This release builds on the project’s reputation as one of the most user‑configurable cracking programs available. It is intended for educational and defensive purposes; always ensure that you have permission when testing a website. The developers are not responsible for any unlawful use.
Requirements
STORM v2.6.0.2 requires Microsoft .NET Framework 4.7.2 and runs on Windows 7 or later.
Key features
- User‑configurable HTTP and FTP checks with unlimited stages, a debug mode and support for very large combo lists.
- Proxy support including HTTP/S and SOCKS 4/5 with automatic proxy updates and the ability to bypass CloudFlare’s “Under Attack” mode.
- A built‑in JavaScript executor, Brotli decompressor and the option to combine FTP and HTTP requests.
- Powerful capture engine with customizable keyword matches, redirect handling and numerous encoding functions (URL encoding/decoding, Base64, HTML encode/decode and more).
- Extensive string and mathematics functions along with regular expression helpers to build flexible workflows.
- Cryptography functions such as hashing (MD5, SHA), keyed hashing (HMAC) and encryption/decryption (AES, RSA) to handle secure data flows.
- Many other extensibility features for advanced users.
Credits
Thanks to the STORM development team and testers for continuing to improve this versatile security testing toolkit.
This post is a summary of the STORM v2.6.0.2 release. Please refer to the official project site for download links and full document
