Firebase Subdomain Enumeration & PoC Testing
This repository provides a workflow to find subdomains of firebaseio.com, test them for public accessibility, and exploit a .json endpoint to check for write vulnerabilities. Additionally, mitigation steps are provided to fix the issue.
⌛ Requirements
Curl
🔍 Workflow
✅ Subdomain Enumeration
Use subfinder to enumerate subdomains for firebaseio.com:
✅ Test Subdomains
Once subdomains are collected, use httpx to check .json endpoints for accessible responses (HTTP status code 200):
✅ Firebase Checking vulnerability (Automatic Scanning & Exploit)
✅ PoC Testing
Use curl to send a POST request to the .json endpoint to test if data can be written without authentication:
If successful, the server is vulnerable to unauthenticated write access.
🔨 How to Fix it :
To secure the Firebase database:
Set Firebase Database Rules:
Open the Firebase Console.
Go to Database > Rules.
Update the rules to restrict access only to authenticated users. Example:
Audit Subdomains:
Ensure there are no unused or publicly misconfigured Firebase databases.
Monitor Activity Logs:
Use Firebase to monitor access logs for suspicious activities.
📝 Alternative Methods to Identify SharePoint Sites
Using Search Engines
FOFA: Query:
"domain="firebaseio.com""Shodan: Query:
http.title:"Firebase""ZoomEye: Query:
site:"firebaseio.com""
⭐ References
Here are real-world examples of Firebaseio vulnerabilities reported on HackerOne :
⚠️ Disclaimer
This script is intended for educational purposes and for security testing of systems you own or have explicit permission to test. Do not use this for unauthorized activities.
💰 Support Me
If you find this work helpful, you can support me:
Thanks for your support! ❤️
Last updated
