# ultrasecurity/storm-breaker

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/ultrasecurity-storm-breaker).**

4,808 stars · 1,737 forks · HTML

## Links

- GitHub: https://github.com/ultrasecurity/Storm-Breaker
- Homepage: https://ultraamooz.com
- awesome-repositories: https://awesome-repositories.com/repository/ultrasecurity-storm-breaker.md

## Topics

`hack` `hacking-tool` `social-engeneering-toolkit` `social-engineering` `social-engineering-attacks`

## Description

Storm-Breaker is a browser-based surveillance toolkit designed to silently capture sensor data from visitors without their knowledge or consent. It combines device fingerprinting, network-based geolocation tracking, and WebRTC exploitation to access a remote device’s camera, microphone, and system information without triggering native permission prompts.

The toolkit achieves this by leveraging legacy browser APIs and network-based geolocation (IP, Wi-Fi) that do not require explicit user permission. It abuses WebRTC and media stream APIs to activate camera and microphone streams, while also collecting hardware and software details through stealth fingerprinting. All captured data is exfiltrated to a remote server via HTTP or WebSocket connections, orchestrated from a single-page web interface.

Storm-Breaker provides capabilities for webcam feed capture, microphone audio recording, device location tracking, and hardware/software reconnaissance, all operating outside standard consent workflows. The project is presented as a self-contained tool for exploring these browser API exploitations.

## Tags

### Development Tools & Productivity

- [Surveillance Toolkits](https://awesome-repositories.com/f/development-tools-productivity/browser-based-toolkits/surveillance-toolkits.md) — A browser-based surveillance toolkit that captures webcam, microphone, and device information without consent.

### Part of an Awesome List

- [Client-Side Exfiltration Channels](https://awesome-repositories.com/f/awesome-lists/security/data-exfiltration/client-side-exfiltration-channels.md) — Transmits captured sensor data to a remote server via HTTP or WebSocket connections.

### Data & Databases

- [Permissionless](https://awesome-repositories.com/f/data-databases/geolocation-databases/ip-geolocation/permissionless.md) — Determines a device's approximate geographical location using IP and Wi-Fi signals for surveillance.
- [Permissionless Geolocation Trackers](https://awesome-repositories.com/f/data-databases/geolocation-databases/ip-geolocation/permissionless-geolocation-trackers.md) — Estimates a device's location using IP addresses and network signals without explicit permission.
- [Permissionless Network Geolocation](https://awesome-repositories.com/f/data-databases/geolocation-databases/ip-geolocation/permissionless-network-geolocation.md) — Uses network-based geolocation (IP, Wi-Fi) to determine approximate location without permission.

### Graphics & Multimedia

- [Permissionless Microphone Access](https://awesome-repositories.com/f/graphics-multimedia/streaming-distribution/streaming-broadcasting/live-audio-recording-and-broadcasting/camera-and-microphone-recorders/permissionless-microphone-access.md) — Records audio from a remote device's microphone using browser APIs without permission prompts.
- [Permissionless Microphone Recording](https://awesome-repositories.com/f/graphics-multimedia/streaming-distribution/streaming-broadcasting/live-audio-recording-and-broadcasting/camera-and-microphone-recorders/permissionless-microphone-recording.md) — Records audio from a device's microphone without alerting the user or requesting permission. ([source](https://cdn.jsdelivr.net/gh/ultrasecurity/storm-breaker@main/README.md))
- [Permissionless Webcam Streaming](https://awesome-repositories.com/f/graphics-multimedia/webcam-input-sharing/permissionless-webcam-streaming.md) — Activates and streams a remote device's camera through a browser without the user's knowledge.

### Mobile Development

- [Permissionless Webcam Capture](https://awesome-repositories.com/f/mobile-development/mobile-capabilities/camera-integration/camera-feed-capture/permissionless-webcam-capture.md) — Activates the camera on a remote device and captures live video for streaming or recording. ([source](https://cdn.jsdelivr.net/gh/ultrasecurity/storm-breaker@main/README.md))

### Networking & Communication

- [Network-Based Location Tracking](https://awesome-repositories.com/f/networking-communication/location-services/target-location-tracking/network-based-location-tracking.md) — Tracks a device's geographic location using network-based methods without user notification. ([source](https://cdn.jsdelivr.net/gh/ultrasecurity/storm-breaker@main/README.md))
- [WebRTC Media Hijacking](https://awesome-repositories.com/f/networking-communication/webrtc-media-orchestration/webrtc-media-hijacking.md) — Abuses WebRTC and media stream APIs to activate camera and microphone without permission dialogs.

### Programming Languages & Runtimes

- [Sensor Hijacking Scripts](https://awesome-repositories.com/f/programming-languages-runtimes/programming-language-varieties/programming-languages/web-frontend-languages/javascript/sensor-hijacking-scripts.md) — Uses unsecured JavaScript APIs to capture camera, microphone, and location data from visitors.

### Security & Cryptography

- [Device Fingerprinting](https://awesome-repositories.com/f/security-cryptography/device-fingerprinting.md) — Gathers detailed device information like OS, browser version, and hardware specs without user consent.
- [Stealth Fingerprinting Techniques](https://awesome-repositories.com/f/security-cryptography/device-fingerprinting/stealth-fingerprinting-techniques.md) — Captures hardware and software details through browser fingerprinting without alerting the user.

### Web Development

- [Permissionless API Exploits](https://awesome-repositories.com/f/web-development/api-bridges/browser-api-wrappers/permissionless-api-exploits.md) — Leverages browser APIs that do not require user permission to harvest data silently.
- [WebRTC Exploitation Tools](https://awesome-repositories.com/f/web-development/file-transfer-clients/webrtc-transfer-tools/webrtc-exploitation-tools.md) — Abuses WebRTC and getUserMedia to access camera and microphone streams silently.
- [Permission Bypass Exploits](https://awesome-repositories.com/f/web-development/web-automation-scraping/browser-environment-configurations/browser-permission-management/permission-bypass-exploits.md) — Exploits browser API quirks to access sensors without triggering native permission prompts.
- [Device Information Harvesting](https://awesome-repositories.com/f/web-development/web-automation-scraping/browser-environment-configurations/browser-permission-management/permission-harvesting/device-information-harvesting.md) — Harvests device-specific details such as operating system, browser version, and hardware specs. ([source](https://cdn.jsdelivr.net/gh/ultrasecurity/storm-breaker@main/README.md))
- [Surveillance Dashboards](https://awesome-repositories.com/f/web-development/single-page-applications/surveillance-dashboards.md) — Provides a self-contained web application that orchestrates multi-sensor data capture and exfiltration.