FirebaseExploiter – Vulnerability Discovery Tool That Discovers Firebase Database Which Are Open And Can Be Exploitable

9a6d23b1b8322752c865399b654d25a3e5d256b0b5bb17a22f85ae58df38d60d


FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing.

Features

7c94b864b1a737cf60392ffb4252fbfa7a825a162e0cfced5bb83cf37bdadad1

  • Mass vulnerability scanning from list of hosts
  • Custom JSON data in exploit.json to upload during exploit
  • Custom URI path for exploit

Usage

e6f05d9e81cfe8a1c9c30184cc7187353daff1b3f5e0be5f843898e1429ebd30

This will display help for the CLI tool. Here are all the required arguments it supports.

Installation

FirebaseExploiter was built using go1.19. Make sure you use latest version of Go to install successfully. Run the following command to install the latest version:

go install -v github.com/securebinary/firebaseExploiter@latest

eed372ec4e5cb62a7b89a64f3806855c80536d2ccfa87fa0c77648d2a771f687

Running FirebaseExploiter

To scan a specific domain to check for Insecure Firebase DB.

9044b7ffc41de2eb655df957f25fbb04f7a4c2d22764c783370cb3ba4d9fee72

8fed56e3c278d1fc3dc6474933a3bfb460cee14bbbb4d867efbd0bb55e6d9a8a

To exploit a Firebase DB to write your own JSON document in it.

402ab1d1760f7b0b2d2fd4aa0a2a4290f815ffc38fa6f3fc3e01fb8f6f31c973

Create your own exploit.json file in proper JSON format to exploit vulnerable Firebase DBs.

Checking the exploited URL to verify the vulnerability.

94174b7d164b61ac915f06640e9f88c6d1f7fb891eca5778400e0298e230c51b

Adding custom path for exploiting Firebase DBs.

8bca338a1942f22e14fb44fea9f1f71713f2de581ca686b21cadb5a17ee5ffe5

Mass scanning for Insecure Firebase Databases from list of target hosts.

44795fc17340a1e1e77ce366ff58200b6761635ea6ea46a3c2b0582189017d11

Exploiting vulnerable Firebase DBs from the list of target hosts.

6d77edc1f96a68268b5266943dca38e1c3dc9909c15f3dc7e696c3e9d798bbbb

License

FirebaseExploiter is made with love by the SecureBinary team. Any tweaks / community contribution are welcome.



Original Source


 


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn