firebase-supabase-attack
CommunityProbe and exploit misconfigured BaaS backend data.
Software Engineering#penetration testing#reconnaissance#supabase#data breach#cloud security#firebase#backend exploitation
Authoruphiago
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill solves the problem of identifying and exploiting publicly accessible Firebase and Supabase backend services that lack proper access controls, which are a leading source of large-scale data breaches in modern web applications using Backend-as-a-Service platforms.
Core Features & Use Cases
- Extracts Firebase and Supabase configuration credentials from JavaScript bundles and source code leaks to identify target backend instances.
- Tests for public access to Firestore databases, Cloud Storage buckets, and Authentication endpoints for Firebase, and enumerates Supabase REST API tables, tests CRUD operations, and checks for open signup flows when Row Level Security is misconfigured.
- Use Case: For a target delivery platform using Firebase, this Skill can confirm if 200,000+ customer conversation records, store data, and audio files are publicly readable without authentication, as validated in real-world pentest engagements.
Quick Start
Use the firebase-supabase-attack skill to probe a target domain for exposed Firebase or Supabase backend data after extracting the platform configuration from the site's JavaScript bundles.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: firebase-supabase-attack Download link: https://github.com/uphiago/recon-skills/archive/main.zip#firebase-supabase-attack Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.