Firebase APK Scanner
Scan Android APKs for Firebase misconfigurations — open databases, public storage buckets, weak authentication, and exposed cloud functions. For authorized mobile app security audits and research.
Mobile apps routinely ship with Firebase backends left wide open. This skill extracts Firebase config from an APK and probes for open Realtime Database and Firestore instances, public Storage buckets, insecure auth, and exposed Cloud Functions, reporting each finding with evidence. For authorized security research only.
When to use
Use when analyzing Android APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security with proper authorization.
Examples
Scan an APK
Find open Firebase endpoints in an Android app
Scan this APK for Firebase misconfigurations like open databases and public storage buckets
Mobile audit
Assess Firebase backend security
Audit the Firebase backend exposed by this Android app and report any insecure endpoints