Skip to content

BitTheByte/FireFetch

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
assets
assets
 
 
src/firefetch
src/firefetch
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

FireFetch

A Firebase audit tool, mostly aimed at mobile apps.

Point it at an APK, an Android package name, or a set of Firebase values you already have. It checks Remote Config, Realtime Database, Firestore, Cloud Storage, Auth, and Hosting and tells you what's exposed.

Install

pipx install firefetch

Use it

# you already have the apk
firefetch apk app-release.apk

# you only know the package name
firefetch apk com.example.app

# no apk; just creds you already have
firefetch manual --project-id foo --api-key AIzaSy... --app-id 1:1234:android:abc

Handy flags: --json out.json for a structured dump, --no-write to skip write probes (on by default; they write a tiny payload at a unique path and delete it). firefetch apk --help for the rest.

What you get

Dev

git clone https://github.com/bitthebyte/firefetch
cd firefetch
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
pytest

About

A Firebase audit tool, mostly aimed at mobile apps.

Topics

firebase cybersecurity bugbounty misconfiguration-detection

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages