Quick Start

Run your first FireScan security test.

1. Find Firebase config

Open your target app in a browser. View page source and search for firebaseConfig:

javascript

const firebaseConfig = {
  apiKey: "AIzaSyD...",        // You need this
  projectId: "my-app-12345",   // And this
  // ...
};

Copy the projectId and apiKey values.

2. Launch FireScan

bash

firescan

3. Configure target

bash

firescan > set projectID my-app-12345
firescan > set apiKey AIzaSyD...

4. Authenticate

Create a test account:

bash

firescan > auth --create-account

FireScan creates an account with [email protected] or logs in if it exists.

5. Scan

bash

firescan > scan --all

This scans all Firebase services using built-in wordlists.

6. Review findings

[RTDB] Vulnerability Found!
  ├── Severity:  High
  ├── Type:      RTDB
  └── Path:      users

7. Extract data

bash

firescan > extract --rtdb --path users

Common scans

bash

# Test without authentication
firescan > scan --unauth

# Scan specific service
firescan > scan --rtdb -l users
firescan > scan --firestore -l config

# Test write permissions (requires --test flag)
firescan > scan --write --test

# JSON output
firescan > scan --all --json > results.json

Next steps

Safety Modes - Understand probe/test/audit modes
Scan Types - Learn about different scan types
API Reference - Full command documentation

Quick Start ​

1. Find Firebase config ​

2. Launch FireScan ​

3. Configure target ​

4. Authenticate ​

5. Scan ​

6. Review findings ​

7. Extract data ​

Common scans ​

Next steps ​

Quick Start

1. Find Firebase config

2. Launch FireScan

3. Configure target

4. Authenticate

5. Scan

6. Review findings

7. Extract data

Common scans

Next steps