gd-discov3r/andro_firebase

The script checks for misconfigured/open firebase database used in development of Android apk's.

andro_firebase

The script checks for misconfigured/open firebase database used in development of Android apk's.

Installation:

Prerequisites:

           - apktool (apt install apktool | brew install apktool)

           - jq (apt install jq | brew install jq)

• git clone https://github.com/udit-thakkur/andro_firebase.git

• cd andro_firebase

• chmod +x firebase.sh

Usage:

• ./firebase.sh /path/to/apkfile
• e.g. ./firebase.sh /root/tmp/hackcura.apk

Donation (Buy Me a Coffee):

You can encourage me to contribute more to the open source with donation. NEVER ASKED BUT ALWAYS APPRECIATED.

• PayPal - https://paypal.me/uditbhadauria
• Credit/Debit Card - https://www.buymeacoffee.com/uditthakkur

Team:

Udit Thakkur - https://www.twitter.com/udit_thakkur

Harshit Sengar - https://www.twitter.com/sengarharshit1

Exploitaion:

Khizer Javed had done a really good research on it for exploting it further. You can have a look in his blog post here: https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/

Legal Disclaimer:

The script is made for educational and ethical purposes only. Usage of the script for attacking targets without prior mutual consent is illegal. Team Hackcura is not responsible for any misuse or damage caused by this script.