Firebase Exploiting Tool – Exploiting Misconfigured Firebase Databases

Exploiting vulnerable/misconfigured Firebase databasesPrerequisitesNon-standard python modules:dnsdumpsterbs4requestsInstallationIf the following commands run successfully, you are ready to use the script:git clone firebasepip install -r requirements.txtUsagepython3 [-h] [–dnsdumpster] [-d /path/to/file.htm] [-o results.json] [-l /path/to/file] [-c 100] [-p 4]Arguments: -h Show the help message -d Absolute path to the downloaded HTML file. -o Output file name. Default: results.json -c Crawl for domains in the top-1m by Alexa. Set how many domains to crawl, for example: 100. Up to 1000000 -p How many processes to execute. Default: 1 -l Path to a file containing the DBs to crawl. One DB name per line. This option can’t be used with -d or -c –dnsdumpster Use the DNSDumpster API to gather DBs –just-v Ignore “non-vulnerable" DBs –amass Path of the output file of an amass scan ([-o] argument)Example: python3 -p 4 -f results_1.json -c 150 –dnsdumpster This will lookup the first 150 domains in the Alexa file aswell as the DBs provided by DNSDumpster. The results will be saved to results_1.json and the whole script will execute using 4 parallel processesThe script will create a json file containing the gathered vulnerable databases and their dumped contents. Each database has a status:-2: DB doesn’t exists-1: means it’s not vulnerable0: further explotation may be possible1: vulnerableFor a better results head to and in its subdomain scanner introduce the following domain: Once the scan has finished, save the page HTML(CRL+S) and use the -d [path] argument, this will allow the script to analyze the subdomains discovered by that service. Further subdomain crawlers might get supported.Now we support the amass scanner by @caffix! By running any desired scann with that tool against using the -o argument, the script will be able to digest the output file and crawl for the discovered DBs.Firebase DBs work using this structure: https://[DB name] If you are using the -l [path] argument, the supplied file needs to contain a [DB name] per line, for example:airbnbtwittermicrosoftUsing that file will check for these DBs:,, Firebase