BeSTORM is an intelligent black box fuzzer that ensures the security of products before they are released or deployed. It is built to meet the priorities of efficiency, flexibility, and breadth common to testing teams across the corporate landscape. BeSTORM uses a proprietary prioritization algorithm to automatically start attacking the highest probability vulnerabilities first, before methodically expanding into billions of attacks across the chosen protocols. These protocols can be known, augmented, proprietary, or unknown.

BeSTORM achieves this testing through almost no user interaction. It can be set up outside of the system being tested and can be scaled to use multiple processors or multiple machines to substantially reduce testing duration. It will automatically log anomalies and vulnerabilities and continues testing, eventually producing actionable reports that can be disseminated across teams and acted upon.

A Dynamic Testing Solution

Language Agnostic – BeSTORM runs billions of attacks by testing the binary application and as such is completely indifferent of the programming language or system libraries used.

Scalable – BeSTORM tests the entire communication range. This allows it to scale effortlessly with products with large complicated code bases.

Flexible – The lack of source code interaction also allows for exportation and use of BeSTORM tests to teams that do not have access to the source code.

Fighting tomorrow’s war not yesterday’s battle. Static code tools run perhaps thousands or at best tens of thousands of tests based on a certain set of case studies or scenarios of known vulnerabilities. This is equivalent to bolstering the product against known past attacks. BeSTORM however, performs millions and potentially billions of attack combinations across the entire communication range. This tests the product against not only known past attacks but unknown future ones that may be launched against it.

Comprehensive and Flexible Testing

BeSTORM is capable of testing both already known protocols and quickly learning and testing augmented, proprietary, or new protocols.


BeSTORM performs across all communication standards (even complex standards, such as SIP), and levels, including network, protocol, file, hardware, DLL and API. BeSTORM delivers an exhaustive search of all possible input combinations to test input implementation for weaknesses. During these tests it operates with a powerful monitor that detects and informs future attacks when even the slightest buffer overflow, format string or memory exception occurs even if these anomalies do not crash the system.


BeSTORM supports the analysis of proprietary or augmented protocols. If BeSTORM encounters a proprietary or augmented protocol, BeSTORM’s Auto-Learn will log this and begin building and expanding tests into this protocol. These input types may be network traffic that BeSTORM captured, a file sample that contains the network traffic captured using other means or a syntax describing an API. BeSTORM uses these data sets to determine how the protocol or file is built. If the complete specification is available, users can also create or extend
BeSTORM modules using an XML editor.

BeSTORM is also able to convert protocol standard text into an automated set of tests by converting the BNF description used in technical RFC documents into attack language. This allows BeSTORM to be immediately updated and run on any new communication standards that are released by simply uploading a RFC document or the equivalent.

Actionable Reports

BeSTORM is created with the end goal of remediation in mind. As such, BeSTORM provides clean actionable reports which intricately detail encountered vulnerabilities that ended in a successful attack. Since BeSTORM is behaviorally attacking the test product instead of testing against case studies, virtually all false positives are eliminated leaving the user with comprehensive and clean reports.
Found vulnerabilities can then be exported in a detailed vulnerability report that can be used to debug the application.

Developers can load these vulnerability reports within their chosen development environment with zero knowledge of how to use BeSTORM and immediately begin the debug process.

System Requirements


Quad-core processor (i5+ or equivalent)

8GB of RAM (Windows 10)

1GB available HDD space BeSTORM was designed to run on low power systems as well with the following

Bare minimum requirements

x86-64 CPU

1GB of RAM (Linux, Docker, Embedded application)

250MB of HDD space


New Modules: WebAP • AutoLearn • Mesh Networks • OpenAPAutoLearn

Basic IPv4: ARPv4 • ICMPv4 • IPv4 • TCPv4 • UDPv4

Basic IPv6: ICMPv6 • IPv6 • TCPv6 • UDPv6

Basic Network Clients: DHCP • DNS • FTP • HTTP • HTTPS • HTTPS v1 1 (SSL/TLS Web Client) • NTP-PMP • NTP • SMTP • SSH

Basic Network Servers: DHCP Server (Simple) • DNS Server (Simple) FTP Server • HTTP Server (Simple Web Server) • HTTPS Server (Simple Web Server) • SMTP Server (Simple) • SSLServer (Simple)

Bluetooth: A2DP • AMP (Alternative MAC/PHY) • ATT • FTP • GAP • GATT • HFP • HOBT • HOGP • iBeacon Profile • L2CAP • MCAP • OBEX • RFCOMM • RSC • SDP

CANbus/Automotive: SAE J1939 • OBDII- • CAN-bus EDSA: EDSA 401 Ethernet • EDSA 402 ARPv4 • EDSA 403 IPv4 • EDSA 404 ICMPv4 • EDSA 405 UDPv4 • EDSA 406 TCPv4 • EDSA v2-401

Ethernet: • EDSA v2-402 ARPv4 • EDSA v2-403 IPv4 • EDSA v2-404 ICMPv4 • EDSA v2-405 UDPv4 • EDSA v2-406 TCPv4

Files: ANI • AVI H264 AC3 • AVI Xv d Codec • BMP • DOC • GIF • HTML • ICO • JASC PAL • JPEG • MKV • MP3 • MP4 • PAL • PDF •

Hardware: Fastboot • HDCP v1.1 • HDCP v2.0 • HDM v1.3 • URB • USB Mass Storage • USB Request Block • ZigBee

Metro Ethernet: BFD • Ethernet Protocol • LLDP • LLDP (Simple)

Network: AMQP • BGP • BVLC • CDP • CGMP • DHCP • Diameter • DNS • Ethernet Protocol • FTP • HSRP • HSRP v2 • HTTP v1.0/1.1
• HTTPS v1.0/1.1 (SSL/TLS Web Client) • CAP • CMPv6 ND • MAP • K ES • LDAP • LDP • L SP • LLMNR • NAT-PMP • NFS Client
• NNTP • NTP • NTP-PMP • POP3 • Radius • RANAP • RMI Client • RSH • SDP • SMB Client • SOAP over HTTP • SSH • Syslog • TAPA •
Telnet • TFTP • UDPLite • Web Application Protocol

Mobile: GTP v1 (GTP-U) • M3UA

SCADA: CIP Ethernet/IP • DNP3 Master • DNP3 Master Serial • DNP3 Master Serial (Simple) • DNP3 Slave • DNP3 Slave Serial
• DNP3 Slave Serial (Simple) • EtherCAT • EtherCAT over UDP • Ethernet/ P • IEC 61850 GOOSE • IEC 60870-5-101 Master •
IEC 60870-5-101 Slave • IEC 60870-5-104 Master • IEC 60870- 5-104 Slave • IEC 61850 MMS Master • IEC 61850 MMS Slave
• Modbus Master Simple Protocol • Modbus Master Serial (Simple) Protocol • Modbus Master Serial Protocol • Modbus Master Protocol • Modbus Slave Ser al Protocol • Modbus Slave Protocol • Modbus ASCII Master Serial • Modbus RTU Serial • PROFINET PTCP • PROFINET RT

Simple Network Clients: HTTP (Simple Web Cl ent) • SNMP v1 Simple • SNMP v2 Simple • SNMP v3 Simple • SNMP v3
Simple with MD5 • SNMP v3 Simple w th MD5 and DES • SNMP v3 Simple with SHA • IPP (Simple)

Routing: DVMRP • IGMP v1/v0 • IGMP v2 • IGMP v3 • OpenFlow • OpenFlow • OSPF v1 • PIM v2 •RIPng • VRRP

TLS: TLS v1 2 Client

Tunneling: LLC • PPPoE • RGMP • SCTP • Teredo Protocol • TPKT (RFC 1006)

VOIP: ISUP (SIP- , SIP-T) • MGCP (Megaco, H 248) • MEGACO (over M3UA) • RTP • SLP svrloc • SIP • SIP Register • STUN


WIFI: IEEE 802 11 AP Simple • IEEE 802 11 AP • IEEE 802 11 Subscriber • IEEE 802 11u • IEEE 802 1Q

Contact Us

Find out how beSTORM can help uncover vulnerabilities prior to deployment.