FireScan

Appearance

scan

Run security scans against Firebase services.

Usage

bash
scan [scan-types] [options]

Traditional scans

bash
scan --rtdb                  # Realtime Database
scan --firestore             # Firestore
scan --storage               # Cloud Storage
scan --functions             # Cloud Functions
scan --hosting               # Hosting config
scan --all                   # All traditional scans

Advanced scans

bash
scan --unauth                # Unauthenticated testing
scan --write --test          # Write permission testing
scan --rules --test          # Security rules validation
scan --authattack --audit    # Authentication attacks
scan --storage-sec --test    # Storage security
scan --services              # Services enumeration
scan --mgmt-api --test       # Management API

Options

-l <wordlist>

Specify wordlist for enumeration.

bash
scan --rtdb -l users         # Use 'users' wordlist
scan --rtdb -l all           # Use all wordlists
scan --rtdb -l /path/to/list # Custom file

Built-in wordlists:

  • users - 45+ user-related terms
  • config - 60+ configuration terms
  • passwords - 50+ auth-related terms
  • functions - 80+ function names
  • database - 70+ database paths
  • storage - 40+ storage paths
  • security - 40+ admin/security terms
  • all - All wordlists combined (200+ terms)

Default: all

-c <number>

Set concurrency (number of workers).

bash
scan --all -c 100            # Fast
scan --all -c 10             # Stealthy

Range: 1-1000 Default: 50

--rate-limit <number>

Limit requests per second.

bash
scan --all --rate-limit 10   # 10 req/sec
scan --all --rate-limit 0    # Unlimited

Default: 0 (unlimited)

--json

Output results in JSON format.

bash
scan --all --json
scan --all --json > results.json

--test

Enable test mode (safe writes).

bash
scan --write --test
scan --rules --rtdb --firestore --test

--audit

Enable audit mode (deep testing).

bash
scan --authattack --audit

Requires typing confirmation: I UNDERSTAND THE RISKS

Examples

Quick scan

bash
scan --all

Targeted enumeration

bash
scan --rtdb --firestore -l users

Unauthenticated testing

bash
scan --unauth

Write permission testing

bash
scan --write --test

Stealthy scan

bash
scan --all -c 10 --rate-limit 5

JSON output

bash
scan --all --json > results.json

Output

Finding format 

[RTDB] Vulnerability Found!
  ├── Timestamp: 2025-01-15T10:23:45Z
  ├── Severity:  High
  ├── Type:      RTDB
  └── Path:      users

Severity levels

  • Critical: Unauthenticated access
  • High: Authenticated over-privilege
  • Medium: Information disclosure
  • Low: Informational

Progress indicator 

[|] Scanning... [Checked: 45/200 | Found: 3]

See also