firebase-supabase-attack

Community

Probe and exploit misconfigured BaaS backend data.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill solves the problem of identifying and exploiting publicly accessible Firebase and Supabase backend services that lack proper access controls, which are a leading source of large-scale data breaches in modern web applications using Backend-as-a-Service platforms.

Core Features & Use Cases

  • Extracts Firebase and Supabase configuration credentials from JavaScript bundles and source code leaks to identify target backend instances.
  • Tests for public access to Firestore databases, Cloud Storage buckets, and Authentication endpoints for Firebase, and enumerates Supabase REST API tables, tests CRUD operations, and checks for open signup flows when Row Level Security is misconfigured.
  • Use Case: For a target delivery platform using Firebase, this Skill can confirm if 200,000+ customer conversation records, store data, and audio files are publicly readable without authentication, as validated in real-world pentest engagements.

Quick Start

Use the firebase-supabase-attack skill to probe a target domain for exposed Firebase or Supabase backend data after extracting the platform configuration from the site's JavaScript bundles.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: firebase-supabase-attack
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#firebase-supabase-attack

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.