Firebase exploiting tool is exploiting misconfigured firebase databases.
Disclaimer: The provided software is meant for educational purposes only. Use this at your own discretion, the creator cannot be held responsible for any damages caused. Please, use responsibly!
Non-standard python modules:
Also Read The Android Application Developer Guide: Converting an iOS App to Android
If the following commands run successfully, you are ready to use the script:
git clone https://github.com/Turr0n/firebase.git
cd firebase
pip install -r requirements.txt
python3 firebase.py [-h] [--dnsdumpster] [-d /path/to/file.htm] [-o results.json] [-l /path/to/file] [-c 100] [-p 4]
Arguments:
-h Show the help message
-d Absolute path to the downloaded HTML file.
-o Output file name. Default: results.json
-c Crawl for domains in the top-1m by Alexa. Set how many domains to crawl, for example: 100. Up to 1000000
-p How many processes to execute. Default: 1
-l Path to a file containing the DBs to crawl. One DB name per line. This option can't be used with -d or -c
--dnsdumpster Use the DNSDumpster API to gather DBs
--just-v Ignore "non-vulnerable" DBs
--amass Path of the output file of an amass scan ([-o] argument)
Example: python3 firebase.py -p 4 -f results_1.json -c 150 --dnsdumpster
This will lookup the first 150 domains in the Alexa file aswell as the DBs provided by DNSDumpster. The results will be saved to results_1.json
and the whole script will execute using 4 parallel processes
The script will create a json file containing the gathered vulnerable databases and their dumped contents. Each database has a status:
For a better results head to pentest-tools.com and in its subdomain scanner introduce the following domain: firebaseio.com
. Once the scan has finished, save the page HTML(CRL+S) and use the -d [path]
argument, this will allow the script to analyze the subdomains discovered by that service. Further subdomain crawlers might get supported.
Now we support the amass scanner by @caffix! By running any desired scann with that tool against firebaseio.com
using the -o
argument, the script will be able to digest the output file and crawl for the discovered DBs.
Firebase DBs work using this structure: https://[DB name].firebaseio.com/
. If you are using the -l [path]
argument, the supplied file needs to contain a [DB name] per line, for example:
airbnb
twitter
microsoft
Using that file will check for these DBs: https://airbnb.firebaseio.com/.json, https://twitter.firebaseio.com/.json, https://microsoft.firebaseio.com/.json
GitButler is a git client that lets you work on multiple branches at the same…
Self-spreading to other Minecraft servers using an extendable, module-based lateral movement system. Crafty Controller Auth'd…
ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…
HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…
SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…