The script checks for misconfigured/open firebase database used in development of Android apk's.
Prerequisites:
- apktool (apt install apktool | brew install apktool)
- jq (apt install jq | brew install jq)
-
git clone https://github.com/udit-thakkur/andro_firebase.git
-
cd andro_firebase
-
chmod +x firebase.sh
- ./firebase.sh /path/to/apkfile
- e.g. ./firebase.sh /root/tmp/hackcura.apk
You can encourage me to contribute more to the open source with donation. NEVER ASKED BUT ALWAYS APPRECIATED.
- PayPal - https://paypal.me/uditbhadauria
- Credit/Debit Card - https://www.buymeacoffee.com/uditthakkur
Udit Thakkur - https://www.twitter.com/udit_thakkur
Harshit Sengar - https://www.twitter.com/sengarharshit1
Khizer Javed had done a really good research on it for exploting it further. You can have a look in his blog post here: https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/
The script is made for educational and ethical purposes only. Usage of the script for attacking targets without prior mutual consent is illegal. Team Hackcura is not responsible for any misuse or damage caused by this script.