Skip to content
A collection of tools for firebase realtime db vulnerability discovery
Python
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
README.md
db-discovery.py
endpoint-discovery.py
endpoints.txt
requirements.txt
scanner.py

README.md

Firebase-scanner

This project contains various tools used for automated scanning and vulnerability discovery in firebase apps.

It requires python 3.

Requirements: (pip install requirements.txt)

  • pyshark
  • requests

Components

  • db-discovery.py - This tool will aggregate various services (DNSDumpster) to attempt to discover random firebase DBs.
  • endpoint-discovery.py - Run this tool on a wireshark .pcap or binary file to extract potential firebase DB endpoints.
  • scanner.py - This tool will see what data and endpoints in the realtime DB are accessible (read/write info) and dump that information. It can also optionally dump everything that it can read. You can optionally give it an auth token and a list of endpoints (from endpt discovery script) to help it find more data.

Sample usage - mass project scan

  1. Acquire a list of firebase DB project codes: [code].firebaseio.com. A good way to do this is to use Sublist3r on the domain firebaseio.com. Running db-discovery.py should also work, but it is not as advanced as Sublist3r.
  2. Run scanner.py [codes file] to scan r/w info about this project and dump any available data

Sample usage - single target

  1. Create a file containing the name of the target firebase project (code.txt)
  2. Acquire a file in which accesses to this firebase DB are made. Examples are: pcap of traffic from app interacting with this firebase db, code which accesses this firebase db (executable, JS file, APK, etc.). Run endpoint-discovery.py [file] --out endpoints.txt script on this file to gather a list of potential endpoint candidates.
  3. Run scanner.py code.txt --endpoints endpoints.txt to scan r/w info about this project and dump any available data

If you have an auth token for the firebase project you are scanning, you can use it with scanner.py code.txt --endpoints endpoints.txt --token [token]

You can’t perform that action at this time.