Firebase exploiting tool is exploiting misconfigured firebase databases.
Disclaimer: The provided software is meant for educational purposes only. Use this at your own discretion, the creator cannot be held responsible for any damages caused. Please, use responsibly!
Non-standard python modules:
Also Read The Android Application Developer Guide: Converting an iOS App to Android
If the following commands run successfully, you are ready to use the script:
git clone https://github.com/Turr0n/firebase.git
cd firebase
pip install -r requirements.txt
python3 firebase.py [-h] [--dnsdumpster] [-d /path/to/file.htm] [-o results.json] [-l /path/to/file] [-c 100] [-p 4]
Arguments:
-h Show the help message
-d Absolute path to the downloaded HTML file.
-o Output file name. Default: results.json
-c Crawl for domains in the top-1m by Alexa. Set how many domains to crawl, for example: 100. Up to 1000000
-p How many processes to execute. Default: 1
-l Path to a file containing the DBs to crawl. One DB name per line. This option can't be used with -d or -c
--dnsdumpster Use the DNSDumpster API to gather DBs
--just-v Ignore "non-vulnerable" DBs
--amass Path of the output file of an amass scan ([-o] argument)
Example: python3 firebase.py -p 4 -f results_1.json -c 150 --dnsdumpster This will lookup the first 150 domains in the Alexa file aswell as the DBs provided by DNSDumpster. The results will be saved to results_1.json and the whole script will execute using 4 parallel processes
The script will create a json file containing the gathered vulnerable databases and their dumped contents. Each database has a status:
For a better results head to pentest-tools.com and in its subdomain scanner introduce the following domain: firebaseio.com. Once the scan has finished, save the page HTML(CRL+S) and use the -d [path] argument, this will allow the script to analyze the subdomains discovered by that service. Further subdomain crawlers might get supported.
Now we support the amass scanner by @caffix! By running any desired scann with that tool against firebaseio.com using the -o argument, the script will be able to digest the output file and crawl for the discovered DBs.
Firebase DBs work using this structure: https://[DB name].firebaseio.com/. If you are using the -l [path] argument, the supplied file needs to contain a [DB name] per line, for example:
airbnb
twitter
microsoft
Using that file will check for these DBs: https://airbnb.firebaseio.com/.json, https://twitter.firebaseio.com/.json, https://microsoft.firebaseio.com/.json
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…