Skip to content
/ FireBaseScanner Public
forked from shivsahni/FireBaseScanner

Script to help security analysts identify misconfigured Firebase instances.

1 star 38 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TheMonada/FireBaseScanner

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
Dependencies
Dependencies
 
 
FirebaseMisconfig.py
FirebaseMisconfig.py
 
 
README.md
README.md
 
 

Repository files navigation

Disclaimer

This is a fork of the original repository by Shiv Sahni. The original repository can be found here. We have made some changes to the original repository to make it work with Python 3.6 and to make it work with the latest version of the Firebase API. We have also added some additional features to the script.

Since the original repository is no longer maintained, we have decided to make our fork public. We have the intention of maintaining this repository for the foreseeable future to help people who are still using the original repository.

Sincerely, TheMonada Team.

FireBase Scanner

Firebase is one of the widely used data stores for mobile applications. In 2018, Appthority Mobile Threat Team (MTT) discovered a misconfiguration in Firebase instance also called HospitalGown vulnerability. The following are some of the key highlights taken from the research paper published by Appthority Mobile Threat Team (MTT):

  • The research was performed on total of 2,705,987 apps and 27,227 Android apps and 1,275 iOS apps were found to be connected to a Firebase database. Of those connected apps, it was observed that:
  • 1 In 11 Android apps (9%) and almost half of iOS apps (47%) that connect to a Firebase database were vulnerable
  • More than 3,000 apps were leaking data from 2,300 unsecured servers. Of these, 975 apps were in active customer environments.
  • 1 in 10 Firebase databases (10.34%) are vulnerable
  • Vulnerable Android apps alone were downloaded over 620 million times
  • Over 100 million records (113 gigabytes) of data was exposed

Getting Started

Prerequisites

  • Support for Python 3.6 and above versions (2023-11-28)

Installing

Say what the step will be

git clone https://github.com/TheMonada/FireBaseScanner.git

Once the script is downloaded, run the script with the required arguments. We can either provide the APK file as an input as shown below:

python3 FirebaseMisconfig.py --path /home/shiv/TestAPK/test.apk

or

python3 FirebaseMisconfig.py -p /home/shiv/TestAPK/test.apk

Or we can provide the comma sperated firebase project names as shown below:

python3 FirebaseMisconfig.py --firebase project1,project2,project3

or

python3 FirebaseMisconfig.py -f project1,project2,project3

Authors

Original Author

Fork Maintainer

About

Script to help security analysts identify misconfigured Firebase instances.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%