FireScan

Security testing tool for Firebase applications.

bash

go install github.com/JacobDavidAlcock/firescan/cmd/firescan@latest

firescan
firescan > set projectID my-app
firescan > set apiKey AIza...
firescan > auth --create-account
firescan > scan --all

Features

Enumerates Realtime Database, Firestore, Cloud Storage, and Cloud Functions
Tests security rules and permissions
Read-only by default (safe for production)
Automatic JWT token management
Built-in wordlists (200+ common paths)
JSON output for automation

Getting started

Introduction - What FireScan does
Installation - Install FireScan
Quick Start - Run your first scan

Documentation

Safety Modes - Probe/test/audit modes
Scan Types - Available scan types
API Reference - Command documentation
Examples - Common workflows

Authorization required

Only use FireScan on applications you own or have explicit permission to test.

View on GitHub

FireScan ​

Features ​

Getting started ​

Documentation ​

Authorization required ​

FireScan

Features

Getting started

Documentation

Authorization required