Firebase Apk Scanner
Plugin Verifiziert AktivScan Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. For authorized security research only.
To automate the security assessment of Android applications utilizing Firebase, identifying critical misconfigurations that could lead to data breaches or unauthorized access.
Funktionen
- Decompiles Android APKs
- Extracts Firebase configuration from multiple sources
- Tests Firebase authentication, databases, storage, and cloud functions
- Reports findings with remediation guidance
- Supports various Android app frameworks (native, React Native, Flutter, Cordova)
Anwendungsfälle
- Audit Android applications for Firebase misconfigurations
- Test Firebase endpoints extracted from APKs
- Assess mobile app security involving Firebase backends
- Perform authorized penetration testing of Firebase-backed applications
Nicht-Ziele
- Scanning apps without explicit authorization
- Testing production Firebase projects without written permission
- Extracting Firebase config without testing
- Analyzing non-Android targets (iOS, web apps)
Scope
- info:Dry-run previewThe README mentions a `--no-cleanup` option, which provides some control over modifications, but a full `--dry-run` mode for previewing intended actions is not explicitly documented.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install firebase-apk-scanner@trailofbitsQualitätspunktzahl
VerifiziertVertrauenssignale
Ähnliche Erweiterungen
Aso Skills
9917 ASO and app marketing skills for indie developers, app marketers, and growth teams. Covers keyword research, metadata optimization, competitor analysis, market intelligence, chart tracking, screenshot design, review management, localization, user acquisition, monetization, and more.
Msapps Kotlin Lsp
98Kotlin Language Server Protocol integration — code intelligence, completions, diagnostics, and refactoring for Kotlin projects