Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/shivsahni/FireBaseScanner
The scripts helps security analsts to identify misconfigured firebase instances.
https://github.com/shivsahni/FireBaseScanner
Last synced: 6 days ago
JSON representation
The scripts helps security analsts to identify misconfigured firebase instances.
- Host: GitHub
- URL: https://github.com/shivsahni/FireBaseScanner
- Owner: shivsahni
- Created: 2019-02-27T15:38:12.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2022-08-09T07:29:25.000Z (almost 2 years ago)
- Last Synced: 2024-03-01T03:45:10.453Z (4 months ago)
- Language: Python
- Size: 10 MB
- Stars: 175
- Watchers: 2
- Forks: 39
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
Lists
- awesome-stars - shivsahni/FireBaseScanner - The scripts helps security analsts to identify misconfigured firebase instances. (Python)
README
# FireBase Scanner
Firebase is one of the widely used data stores for mobile applications. In 2018, Appthority Mobile Threat Team (MTT) discovered a misconfiguration in Firebase instance also called HospitalGown vulnerability. The following are some of the key highlights taken from the [ research paper](https://cdn2.hubspot.net/hubfs/436053/Appthority%20Q2-2018%20MTR%20Unsecured%20Firebase%20Databases.pdf) published by Appthority Mobile Threat Team (MTT):
* The research was performed on total of 2,705,987 apps and 27,227 Android apps and 1,275 iOS apps were found to be connected to a Firebase database. Of those connected apps, it was observed that:
* 1 In 11 Android apps (9%) and almost half of iOS apps (47%) that connect to a Firebase database were vulnerable
* More than 3,000 apps were leaking data from 2,300 unsecured servers. Of these, 975 apps were in active customer environments.
* 1 in 10 Firebase databases (10.34%) are vulnerable
* Vulnerable Android apps alone were downloaded over 620 million times
* Over 100 million records (113 gigabytes) of data was exposed
## Getting Started
### Prerequisites
* Support for Python 2.7
### Installing
Say what the step will be
```
git clone https://github.com/shivsahni/FireBaseScanner.git
```
Once the script is downloaded, run the script with the required arguments. We can either provide the APK file as an input as shown below:
```
python FirebaseMisconfig.py --path /home/shiv/TestAPK/test.apk
or
python FirebaseMisconfig.py -p /home/shiv/TestAPK/test.apk
```
Or we can provide the comma sperated firebase project names as shown below:
```
python FirebaseMisconfig.py --firebase project1,project2,project3
or
python FirebaseMisconfig.py -f project1,project2,project3
```
## Authors
* **Shiv Sahni** - [LinkedIn](https://www.linkedin.com/in/shivsahni/)