Categories: Kali Linux

Firebase – Tool To Exploiting Misconfigured Firebase Databases

Firebase exploiting tool is exploiting misconfigured firebase databases.

Disclaimer: The provided software is meant for educational purposes only. Use this at your own discretion, the creator cannot be held responsible for any damages caused. Please, use responsibly!

Prerequisites

Non-standard python modules:

  • dnsdumpster
  • bs4
  • requests

Also Read The Android Application Developer Guide: Converting an iOS App to Android

Firebase Installation

If the following commands run successfully, you are ready to use the script:

git clone https://github.com/Turr0n/firebase.git
cd firebase
pip install -r requirements.txt

Usage

python3 firebase.py [-h] [--dnsdumpster] [-d /path/to/file.htm] [-o results.json] [-l /path/to/file] [-c 100] [-p 4]

Arguments:

    -h      Show the help message
    -d      Absolute path to the downloaded HTML file.
    -o      Output file name. Default: results.json
    -c      Crawl for domains in the top-1m by Alexa. Set how many domains to crawl, for example: 100. Up to 1000000
    -p      How many processes to execute. Default: 1
    -l      Path to a file containing the DBs to crawl. One DB name per line. This option can't be used with -d or -c
    --dnsdumpster       Use the DNSDumpster API to gather DBs
    --just-v    Ignore "non-vulnerable" DBs
    --amass Path of the output file of an amass scan ([-o] argument)

Example: python3 firebase.py -p 4 -f results_1.json -c 150 --dnsdumpster This will lookup the first 150 domains in the Alexa file aswell as the DBs provided by DNSDumpster. The results will be saved to results_1.json and the whole script will execute using 4 parallel processes

The script will create a json file containing the gathered vulnerable databases and their dumped contents. Each database has a status:

  • -2: DB doesn’t exists
  • -1: means it’s not vulnerable
  • 0: further explotation may be possible
  • 1: vulnerable

For a better results head to pentest-tools.com and in its subdomain scanner introduce the following domain: firebaseio.com. Once the scan has finished, save the page HTML(CRL+S) and use the -d [path] argument, this will allow the script to analyze the subdomains discovered by that service. Further subdomain crawlers might get supported.

Now we support the amass scanner by @caffix! By running any desired scann with that tool against firebaseio.com using the -o argument, the script will be able to digest the output file and crawl for the discovered DBs.

Firebase DBs work using this structure: https://[DB name].firebaseio.com/. If you are using the -l [path] argument, the supplied file needs to contain a [DB name] per line, for example:

airbnb
twitter
microsoft

Using that file will check for these DBs: https://airbnb.firebaseio.com/.json, https://twitter.firebaseio.com/.json, https://microsoft.firebaseio.com/.json

R K

Recent Posts

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

6 days ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

6 days ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

6 days ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

6 days ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

6 days ago

How to Create Directories in Linux with the mkdir Command

Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…

6 days ago