Skip to content

silence-codes/FireBaseC2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
agent.py
agent.py
 
 
console.py
console.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

FireC2

FireC2 is a proof-of-concept (PoC) project that demonstrates Command and Control (C2) communication using Firebase Realtime Database as a backend.

The goal of this project is to study how legitimate cloud services can be abused as communication channels when monitoring and security controls are insufficient.

Disclaimer

This project is intended strictly for educational, research, and defensive security purposes.

It is designed to support:

  • threat research
  • detection engineering
  • blue team and red team training

Any misuse of this software is the sole responsibility of the user.

Overview

Traditional C2 infrastructures usually rely on custom servers, domains, and network protocols, which are increasingly easy to detect and block.

FireC2 explores an alternative approach by using a widely trusted cloud service as the communication layer.

Firebase Realtime Database is used as:

  • a simple message exchange mechanism
  • a task queue
  • a storage layer for command output

No dedicated C2 server is required.

Features

  • Remote command tasking and result collection
  • File transfer via structured database entries
  • Simple operator console
  • Near real-time bidirectional communication

Setup

This project is intended to be used in a controlled lab environment.

Firebase Configuration

  1. Create a Firebase project.
  2. Enable Firebase Realtime Database.
  3. Configure database access rules for the PoC.

Example database rules (lab use only):

{
  "rules": {
    ".read": true,
    ".write": true
  }
}

⚠️ These rules are intentionally insecure and must only be used in an isolated testing environment.

  1. Note the database name (for example: firec2-lab).

Run console

python3 console.py firec2-lab (your database name from *.firebaseio.com URL)

Run agent

You need to configure the following values in both console.py and agent.py:

  • FIREBASE — base64-encoded Realtime Database URL

  • SECRET — shared secret used for HMAC signing

python3 agent.py

This version does not include additional security layers such as redirectors or advanced cryptography and should only be used in lab or adversary emulation environments.

Limitations and Scope

This project was intentionally kept minimal.

The current version does not implement:

  • persistence mechanisms
  • redirectors or traffic forwarding infrastructure
  • operational security (OPSEC) features

These aspects were intentionally out of scope, as the project was developed purely as a PoC for research and educational purposes.

Purpose

This project was written as a learning exercise to better understand:

  • cloud-based C2 techniques
  • abuse of legitimate services
  • detection challenges related to trusted infrastructure

It is not intended for operational use.

References

About

This is a proof of concept only — no OPSEC, persistence mechanisms, or redirectors were implemented. It is intended strictly for laboratory use and adversary emulation.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages