Firebase Apk Scanner
Plugin Verified ActiveScan Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. For authorized security research only.
To automate the security assessment of Android applications utilizing Firebase, identifying critical misconfigurations that could lead to data breaches or unauthorized access.
Features
- Decompiles Android APKs
- Extracts Firebase configuration from multiple sources
- Tests Firebase authentication, databases, storage, and cloud functions
- Reports findings with remediation guidance
- Supports various Android app frameworks (native, React Native, Flutter, Cordova)
Use Cases
- Audit Android applications for Firebase misconfigurations
- Test Firebase endpoints extracted from APKs
- Assess mobile app security involving Firebase backends
- Perform authorized penetration testing of Firebase-backed applications
Non-Goals
- Scanning apps without explicit authorization
- Testing production Firebase projects without written permission
- Extracting Firebase config without testing
- Analyzing non-Android targets (iOS, web apps)
Scope
- info:Dry-run previewThe README mentions a `--no-cleanup` option, which provides some control over modifications, but a full `--dry-run` mode for previewing intended actions is not explicitly documented.
Installation
First, add the marketplace
/plugin marketplace add trailofbits/skills/plugin install firebase-apk-scanner@trailofbitsQuality Score
VerifiedTrust Signals
Similar Extensions
Aso Skills
9917 ASO and app marketing skills for indie developers, app marketers, and growth teams. Covers keyword research, metadata optimization, competitor analysis, market intelligence, chart tracking, screenshot design, review management, localization, user acquisition, monetization, and more.
Msapps Kotlin Lsp
98Kotlin Language Server Protocol integration — code intelligence, completions, diagnostics, and refactoring for Kotlin projects