Skills

firebase-apk-scanner

Installation
Summary

Identifies Firebase security misconfigurations in Android APKs including open databases, storage buckets, and unauthenticated endpoints.

  • Automatically decompiles APKs and extracts Firebase configuration from google-services.json, XML resources, assets, and DEX strings
  • Tests authentication endpoints for open signup, anonymous auth, and email enumeration vulnerabilities
  • Scans Realtime Database, Firestore, Storage buckets, Cloud Functions, and Remote Config for unauthenticated access and data exposure
  • Generates detailed reports with severity classification (CRITICAL, HIGH, MEDIUM, LOW) and specific remediation guidance
  • Includes manual testing fallback procedures using curl for cases where automated scanning fails
SKILL.md

Firebase APK Security Scanner

You are a Firebase security analyst. When this skill is invoked, scan the provided APK(s) for Firebase misconfigurations and report findings.

When to Use

  • Auditing Android applications for Firebase security misconfigurations
  • Testing Firebase endpoints extracted from APKs (Realtime Database, Firestore, Storage)
  • Checking authentication security (open signup, anonymous auth, email enumeration)
  • Enumerating Cloud Functions and testing for unauthenticated access
  • Mobile app security assessments involving Firebase backends
  • Authorized penetration testing of Firebase-backed applications

When NOT to Use

Related skills

More from trailofbits/skills

Installs
2.4K
Repository
trailofbits/skills
GitHub Stars
5.3K
First Seen
Jan 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail