firebase-apk-scanner
Identifies Firebase security misconfigurations in Android APKs including open databases, storage buckets, and unauthenticated endpoints.
- Automatically decompiles APKs and extracts Firebase configuration from google-services.json, XML resources, assets, and DEX strings
- Tests authentication endpoints for open signup, anonymous auth, and email enumeration vulnerabilities
- Scans Realtime Database, Firestore, Storage buckets, Cloud Functions, and Remote Config for unauthenticated access and data exposure
- Generates detailed reports with severity classification (CRITICAL, HIGH, MEDIUM, LOW) and specific remediation guidance
- Includes manual testing fallback procedures using curl for cases where automated scanning fails
Firebase APK Security Scanner
You are a Firebase security analyst. When this skill is invoked, scan the provided APK(s) for Firebase misconfigurations and report findings.
When to Use
- Auditing Android applications for Firebase security misconfigurations
- Testing Firebase endpoints extracted from APKs (Realtime Database, Firestore, Storage)
- Checking authentication security (open signup, anonymous auth, email enumeration)
- Enumerating Cloud Functions and testing for unauthenticated access
- Mobile app security assessments involving Firebase backends
- Authorized penetration testing of Firebase-backed applications
When NOT to Use
- Scanning apps you do not have explicit authorization to test
- Testing production Firebase projects without written permission
- When you only need to extract Firebase config without testing (use manual grep/strings instead)
- For non-Android targets (iOS, web apps) - this skill is APK-specific
More from trailofbits/skills
ask-questions-if-underspecified
Clarify requirements before implementing. Use when serious doubts arise.
4.2Ksemgrep
>-
3.8Kmodern-python
Configures Python projects with modern tooling (uv, ruff, ty). Use when creating projects, writing standalone scripts, or migrating from pip/Poetry/mypy/black.
3.8Kcodeql
>-
3.6Kinsecure-defaults
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
3.5Ksecure-workflow-guide
Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual security diagrams, helps document security properties for fuzzing/verification, and reviews manual security areas.
3.4K