MCPxelMCPxel
Auto-Pilot
Updated a month ago

firebase-apk-scanner

Ttrailofbits
1.8k
trailofbits/skills/plugins/firebase-apk-scanner
72
Agent Score

💡 Summary

English summary.

🎯 Target Audience

Persona 1Persona 2Persona 3

🤖 AI Roast:Powerful, but the setup might scare off the impatient.

Security AnalysisMedium Risk

Risk: Medium. Review: shell/CLI command execution; API keys/tokens handling and storage. Run with least privilege and audit before enabling in production.

Firebase APK Security Scanner

Scan Android APKs for Firebase security misconfigurations including open databases, exposed storage buckets, and authentication bypasses.

When to Use

Use this skill when you need to:

  • Audit Android applications for Firebase misconfigurations
  • Test Firebase endpoints extracted from APKs (Realtime Database, Firestore, Storage)
  • Check authentication security (open signup, anonymous auth, email enumeration)
  • Enumerate Cloud Functions and test for unauthenticated access
  • Perform mobile app security assessments involving Firebase backends

When NOT to Use

  • Scanning apps you do not have explicit authorization to test
  • Testing production Firebase projects without written permission
  • When you only need to extract Firebase config without testing (use manual grep/strings instead)
  • For non-Android targets (iOS, web apps) - this skill is APK-specific
  • When the target app does not use Firebase

What It Does

This skill automates Firebase security testing for Android applications. When invoked, Claude will:

  • Decompile the APK using apktool
  • Extract Firebase configuration from all sources (google-services.json, XML resources, assets, smali code, DEX strings)
  • Test authentication endpoints for misconfigurations
  • Probe Realtime Database and Firestore for open read/write access
  • Check Storage buckets for public listing and upload vulnerabilities
  • Enumerate Cloud Functions and test accessibility
  • Generate detailed reports with findings and remediation guidance

Key Features

  • Supports native Android, React Native, Flutter, and Cordova apps
  • Extracts config from 7+ sources including raw DEX binary strings
  • Tests 14 distinct vulnerability categories
  • Automatic cleanup of test data created during scans
  • Detailed vulnerability reference documentation included

Installation

/plugin install trailofbits/skills/plugins/firebase-apk-scanner

Prerequisites

Install required dependencies before use:

macOS:

brew install apktool curl jq binutils

Ubuntu/Debian:

sudo apt install apktool curl jq unzip binutils

Usage

/firebase-scan ./app.apk
/firebase-scan ./apks/

Or run the standalone script directly:

./scanner.sh app.apk
./scanner.sh ./apks/ --no-cleanup

Vulnerability Categories

| Category | Tests | Severity | |----------|-------|----------| | Authentication | Open signup, anonymous auth, email enumeration | Critical/High/Medium | | Realtime Database | Unauthenticated read/write, auth token bypass | Critical/High | | Firestore | Document access, collection enumeration | Critical/High | | Storage | Bucket listing, unauthenticated upload | Critical/High | | Cloud Functions | Unauthenticated access, function enumeration | Medium/Low | | Remote Config | Public parameter exposure | Medium |

5-Dim Analysis
Clarity8/10
Novelty6/10
Utility8/10
Completeness7/10
Maintainability7/10
Pros & Cons

Pros

  • p1
  • p2

Cons

  • c1
  • c2

Related Skills

claude-domain-skills

B
toolAuto-Pilot
72/ 100

“Powerful, but the setup might scare off the impatient.”

View Analysis

my-skills

B
toolAuto-Pilot
72/ 100

“Powerful, but the setup might scare off the impatient.”

View Analysis

terraform-ibm-modules-skills

B
toolAuto-Pilot
72/ 100

“Powerful, but the setup might scare off the impatient.”

View Analysis

Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.

Copyright belongs to the original author trailofbits.