Get Firebase Databases from Hosts

Firebase databases can store a wide variety of data, including sensitive information such as user passwords, personal information, and financial data. If a Firebase database is exposed or misconfigured, it could be accessed by unauthorized parties, who could then view or steal this sensitive information.

This workflow will find all of the firebase databases from the list of hosts supplied, it will do a character replacement and permutations, and finally, create a firebase standardized URLs to be checked.

Complexity: advanced

Category: Vulnerability Scan & Management

Tools

Setup

You can set up this workflow by changing get-hostnames script’s input value:

TARGETS - provide a file containing subdomains/hostnames list, as a target

In the example below, we’re providing a sample hostnames.txt from our Inventory repository as a target.

Execution and results

After setup workflow is ready to be executed. Once workflow’s last node, get-firebase-instances script, is finished result can be viewed and downloaded.

get-firebase-instances script node will contain all of the found firebase hosts.

Try it out!

This workflow is available in the Library, you can copy it and execute it immediately!

Improve this workflow

Use #batch-output for the httpx
Verify firebase misconfigurations

Getting started

Knowledge hub

Tutorials

Concepts