search
Go To ReconDock

Firebase Subdomain Enumeration & PoC Testing

This repository provides a workflow to find subdomains of firebaseio.com, test them for public accessibility, and exploit a .json endpoint to check for write vulnerabilities. Additionally, mitigation steps are provided to fix the issue.

hashtag
βŒ› Requirements

hashtag
πŸ” Workflow

hashtag
βœ… Subdomain Enumeration

Use subfinder to enumerate subdomains for firebaseio.com:

subfinder -d firebaseio.com -o subdomains.txt

hashtag
βœ… Test Subdomains

Once subdomains are collected, use httpx to check .json endpoints for accessible responses (HTTP status code 200):

httpx -l subdomains.txt -path "/.json" -mc 200 -o valid_subdomains.txt

hashtag
βœ… Firebase Checking vulnerability (Automatic Scanning & Exploit)

hashtag
βœ… PoC Testing

Use curl to send a POST request to the .json endpoint to test if data can be written without authentication:

If successful, the server is vulnerable to unauthenticated write access.

hashtag
πŸ”¨ How to Fix it :

To secure the Firebase database:

  1. Set Firebase Database Rules:

    • Open the Firebase Console.

    • Go to Database > Rules.

    • Update the rules to restrict access only to authenticated users. Example:

  2. Audit Subdomains:

    • Ensure there are no unused or publicly misconfigured Firebase databases.

  3. Monitor Activity Logs:

    • Use Firebase to monitor access logs for suspicious activities.

hashtag
πŸ“ Alternative Methods to Identify SharePoint Sites

hashtag
Using Search Engines

  • FOFA: Query: "domain="firebaseio.com""

  • Shodan: Query: http.title:"Firebase""

  • ZoomEye: Query: site:"firebaseio.com""

hashtag
⭐ References

Here are real-world examples of Firebaseio vulnerabilities reported on HackerOne :

hashtag
⚠️ Disclaimer

This script is intended for educational purposes and for security testing of systems you own or have explicit permission to test. Do not use this for unauthorized activities.

hashtag
πŸ’° Support Me

If you find this work helpful, you can support me:

Thanks for your support! ❀️

PreviousBooksNextSQLI

Last updated