Skip to content

The scripts helps security analsts to identify misconfigured firebase instances.

Notifications You must be signed in to change notification settings

shivsahni/FireBaseScanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

FireBase Scanner

Firebase is one of the widely used data stores for mobile applications. In 2018, Appthority Mobile Threat Team (MTT) discovered a misconfiguration in Firebase instance also called HospitalGown vulnerability. The following are some of the key highlights taken from the research paper published by Appthority Mobile Threat Team (MTT):

  • The research was performed on total of 2,705,987 apps and 27,227 Android apps and 1,275 iOS apps were found to be connected to a Firebase database. Of those connected apps, it was observed that:
  • 1 In 11 Android apps (9%) and almost half of iOS apps (47%) that connect to a Firebase database were vulnerable
  • More than 3,000 apps were leaking data from 2,300 unsecured servers. Of these, 975 apps were in active customer environments.
  • 1 in 10 Firebase databases (10.34%) are vulnerable
  • Vulnerable Android apps alone were downloaded over 620 million times
  • Over 100 million records (113 gigabytes) of data was exposed

Getting Started

Prerequisites

  • Support for Python 2.7

Installing

Say what the step will be

git clone https://github.com/shivsahni/FireBaseScanner.git

Once the script is downloaded, run the script with the required arguments. We can either provide the APK file as an input as shown below:

python FirebaseMisconfig.py --path /home/shiv/TestAPK/test.apk
or
python FirebaseMisconfig.py -p /home/shiv/TestAPK/test.apk

Or we can provide the comma sperated firebase project names as shown below:

python FirebaseMisconfig.py --firebase project1,project2,project3
or
python FirebaseMisconfig.py -f project1,project2,project3

Authors

About

The scripts helps security analsts to identify misconfigured firebase instances.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages