
Firebase is a popular mobile and web application development platform that provides developers with a range of features such as real-time database, authentication, and hosting services. FirebaseExploiter takes advantage of the misconfigured Firebase databases and attempts to extract sensitive information or modify the data stored within it.
About
FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing.
Mostly bug hunter uses several techniques to extract data from Firebase databases. Firstly, it attempts to read data from the database without any authentication. Secondly, it looks for publicly accessible files that may contain sensitive information. Finally, it attempts to write data to the database and modify existing records to test if the database has proper write permission.
With this tool you can automatically scan vulnerable firebase and also exploit it.
Features
- Mass vulnerability scanning from list of hosts
- Custom JSON data in
exploit.json
to upload during exploit - Custom
URI path
for exploit
FirebaseExploiter Installation
FirebaseExploiter was built using go1.19. Make sure you use latest version of Go to install successfully. Run the following command to install the latest version:
Running FirebaseExploiter
To scan a specific domain to check for Insecure Firebase DB.
To exploit a Firebase DB to write your own JSON document in it.
Mass scanning for Insecure Firebase Databases from list of target hosts.
Exploiting vulnerable Firebase DBs from the list of target hosts.