███████╗██╗██████╗ ███████╗███████╗ ██████╗ █████╗ ███╗ ██╗ ██╔════╝██║██╔══██╗██╔════╝██╔════╝██╔════╝██╔══██╗████╗ ██║ █████╗ ██║██████╔╝█████╗ ███████╗██║ ███████║██╔██╗ ██║ ██╔══╝ ██║██╔══██╗██╔══╝ ╚════██║██║ ██╔══██║██║╚██╗██║ ██║ ██║██║ ██║███████╗███████║╚██████╗██║ ██║██║ ╚████║ ╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝
Automated security testing for Firebase applications
Interactive security auditing tool for Firebase. Automatically enumerates and tests Realtime Database, Firestore, Cloud Storage, Cloud Functions, and Authentication.
Features:
- Interactive console with command history
- Concurrent scanning (1-1000 workers)
- Automatic JWT refresh
- Built-in wordlists with case variations
- Three safety modes: probe (read-only), test (safe writes), audit (deep testing)
- JSON output
Install:
# Using Go
go install github.com/JacobDavidAlcock/firescan/cmd/firescan@latest
# Or download binary
https://github.com/JacobDavidAlcock/firescan/releases/latestUsage:
firescan
> set projectID your-firebase-app
> set apiKey AIzaSy...
> auth --create-account
> scan --allAuthentication:
auth --create-account # Create test account
auth -e [email protected] -P pass # Login with credentials
auth --enum-providers # Enumerate auth providers
auth logout # Clear sessionScanning:
scan --all # Scan all services
scan --rtdb --firestore # Specific services
scan --unauth # Test without authentication
scan --all -c 100 --rate-limit 50 # 100 workers, 50 req/s
scan --all --json # JSON outputData Extraction:
extract --firestore --path users
extract --rtdb --path /admin/config
extract --firestore --path users --output data.jsonWordlists:
wordlist show # List available wordlists
wordlist show users # View wordlist contents
wordlist add custom admin,secret # Create custom wordlistBuilt-in wordlists: users, config, passwords, functions, database, storage, security, all
| Service | Capabilities |
|---|---|
| Realtime Database | Node enumeration, read access testing, root exposure detection |
| Firestore | Collection discovery, document enumeration, permission testing |
| Cloud Storage | Bucket listing, file enumeration, ACL testing |
| Cloud Functions | Function discovery across 7 regions, auth validation |
| Authentication | Automated provider enumeration, JWT testing, token validation |
| Hosting | Sensitive file detection (.git, .env, config files) |
🟢 PROBE (default) → Read-only operations
🟡 TEST → Safe write tests with cleanup
🔴 AUDIT → Deep testing (requires confirmation)
Linux:
curl -sL https://github.com/JacobDavidAlcock/firescan/releases/latest/download/firescan-linux-amd64.tar.gz | tar xz
sudo mv firescan /usr/local/bin/macOS:
curl -sL https://github.com/JacobDavidAlcock/firescan/releases/latest/download/firescan-darwin-amd64.tar.gz | tar xz
sudo mv firescan /usr/local/bin/Windows: Download from releases, extract, and add to PATH.
From Source:
git clone https://github.com/JacobDavidAlcock/firescan.git
cd firescan
go build -o firescan cmd/firescan/main.goPenetration Testing:
> set projectID target-app
> auth --create-account
> scan --all --json > findings.jsonPre-deployment Check:
> scan --unauth
> scan --rulesBug Bounty:
> scan --all -c 100 --rate-limit 50
> extract --firestore --path users --output evidence.json| Feature | FireScan | Manual Testing | Firebase Emulator |
|---|---|---|---|
| Speed | ~2 minutes | 20+ minutes | N/A |
| Automation | Full | Manual | Partial |
| Service Coverage | All services | All services | Limited |
| Production Testing | ✅ Safe | ❌ Dev only |
Current (v2.1.0)
- Full service scanning (RTDB, Firestore, Storage, Functions, Auth, Hosting)
- Enhanced Hosting scanner (sensitive file detection)
- Automated Auth provider enumeration
- CI/CD integration (non-interactive CLI mode)
- Three safety modes
- Session management and auto-refresh
- Custom wordlists and JSON output
Next (v2.2.0)
- Cleanup implementation
- HTML/PDF report generation
- Enhanced error reporting
Planned (v3.0.0)
- Firebase rules analyzer
- Multi-project scanning
- Continuous monitoring mode
MIT License - see LICENSE
Made by Jacob Alcock