Agneyastra是一款功能强大的错误配置检测工具,该工具主要针对的是Firebase平台,可以帮助广大研究人员更好地保障Firebase平台的安全。
Firebase 是 Google 推出的多功能平台,它通过一系列广泛的服务(包括实时数据库、身份验证、云存储和托管)为无数网络和移动应用程序提供支持。它的普及性和易用性使其成为开发人员的热门选择,但也是配置错误的主要目标,可能导致严重的安全漏洞。
Agneyastra 是一款尖端工具,旨在帮助漏洞赏金猎人和安全专业人员以无与伦比的精度检测 Firebase 错误配置。凭借其涵盖所有 Firebase 服务的全面检查、关联引擎和机密提取以及自动报告生成功能,Agneyastra 可确保不会忽视任何漏洞,从而扭转局势,让您占据优势。
1、支持快速检查所有 Firebase 服务中的配置错误。
2、支持关联引擎和敏感数据提取。
3、支持POC 和报告创建。
Go环境
由于该工具基于Go语言开发,因此我们首先需要在本地设备上安装并配置好最新版本的Go环境。
源码获取
广大研究人员可以直接使用下列命令将该项目源码克隆至本地:
https://github.com/JA3G3R/agneyastra.gitGo安装
go install github.com/JA3G3R/agneyastra/cmd/agneyastra@latest
./agneyastra --key AIzaSyBv_y636JW_LYBcUQ7rN0b9Wukzop_gVEI --all2024/11/22 23:17:40 Checking all services for misconfigurations2024/11/22 23:17:42 Sign-in link sent to email: bhavarth1905kr.com2024/11/22 23:17:44 Checking public read access. Dump directory:2024/11/22 23:17:50 Running all firebase firestore misconfiguration checks2024/11/22 23:18:00 Running all firebase rtdb misconfiguration checksFinal Report:{"api_keys": [{"api_key": "AIzaSyBv_y636JW_LYBcUQ7rN0b9Wukzop_gVEI","correlation_score": 0,"auth": {"anon-auth": {"Vulnerable": "vulnerable:true","Error": "","AuthType": "","VulnConfig": "","Remedy": "Disable Anonymous Authentication","Details": {"expiresIn": "3600","idToken": "redacted","localId": "3S1VMdFs2PVoISOrNxr8zL4akhs2","refreshToken": "redacted"}},"custom-token-login": {"Vulnerable": "error","Error": "failed to log in with custom token, status code: 400","AuthType": "","VulnConfig": "","Remedy": "","Details": null},"send-signin-link": {"Vulnerable": "vulnerable:true","Error": "","AuthType": "","VulnConfig": "Send Sign in Link enabled in Firebase project.","Remedy": "Disable Send Sign in Link from Firebase Console","Details": {"email": "[email protected]"}},"signup": {"Vulnerable": "error","Error": "failed to sign up with email/password, status code: 400","AuthType": "","VulnConfig": "","Remedy": "","Details": null}},"services": {"bucket": {"delete": {"104159166443": {"Vulnerable": "vulnerable:true","Error": "","AuthType": "","VulnConfig": "allow delete: if true; // Allows public delete access to storage objects.","Remedy": "Disable public delete access: 'allow delete: if false;'.","Details": {"status_code": ""}},"agneyastra-testing2": {"Vulnerable": "vulnerable:true","Error": "","AuthType": "anon","VulnConfig": "allow delete: if request.auth == null; // Permits unauthenticated users to delete storage objects.","Remedy": "Restrict deletes to authenticated users: 'allow delete: if request.auth != null;'.","Details": {"status_code": "404"}}},"read": {"104159166443": {"Vulnerable": "vulnerable:false","Error": "","AuthType": "public","VulnConfig": "","Remedy": "","Details": {"Contents": {"prefixes": null,"items": null}}},"agneyastra-testing2": {"Vulnerable": "vulnerable:true","Error": "","AuthType": "anon","VulnConfig": "allow read: if request.auth == null; // Allows unauthenticated access to storage objects.","Remedy": "Restrict to authenticated users: 'allow read: if request.auth != null;'.","Details": {"Contents": {"prefixes": {"testing/": {"prefixes": {"testing/inner-folder/": {"prefixes": {},"items": [{"name": "testing/inner-folder/burpcert.der","bucket": "agneyastra-testing2.appspot.com"}]}},"items": [{"name": "testing/2","bucket": "agneyastra-testing2.appspot.com"}]}},"items": [{"name": "1","bucket": "agneyastra-testing2.appspot.com"},{"name": "firebase.html","bucket": "agneyastra-testing2.appspot.com"},{"name": "poc.txt","bucket": "agneyastra-testing2.appspot.com"}]}}}},"write": {"104159166443": {"Vulnerable": "vulnerable:unknown","Error": "","AuthType": "","VulnConfig": "","Remedy": "","Details": {"status_code": "404"}},"agneyastra-testing2": {"Vulnerable": "vulnerable:true","Error": "","AuthType": "anon","VulnConfig": "allow write: if request.auth == null; // Allows unauthenticated access to write storage objects.","Remedy": "Restrict to authenticated users: 'allow write: if request.auth != null;'.","Details": {"status_code": "200"}}}},"firestore": {"delete": {"104159166443": {"Vulnerable": "error","Error": "bad request error in 2nd request","AuthType": "","VulnConfig": "","Remedy": "","Details": null},"agneyastra-testing2": {"Vulnerable": "vulnerable:true","Error": "","AuthType": "anon","VulnConfig": "allow delete: if request.auth == null; // Permits unauthenticated users to delete storage objects.","Remedy": "Restrict deletes to authenticated users: 'allow delete: if request.auth != null;'.","Details": null}},"read": {"104159166443": {"Vulnerable": "error","Error": "bad request error in 2nd request","AuthType": "","VulnConfig": "","Remedy": "","Details": null},"agneyastra-testing2": {"Vulnerable": "vulnerable:false","Error": "","AuthType": "","VulnConfig": "","Remedy": "","Details": null}},"write": {"104159166443": {"Vulnerable": "error","Error": "bad request error in 2nd request","AuthType": "","VulnConfig": "","Remedy": "","Details": null},"agneyastra-testing2": {"Vulnerable": "vulnerable:true","Error": "","AuthType": "anon","VulnConfig": "allow write: if request.auth == null; // Allows unauthenticated access to write storage objects.","Remedy": "Restrict to authenticated users: 'allow write: if request.auth != null;'.","Details": null}}},"rtdb": {"delete": {"104159166443": {"Vulnerable": "vulnerable:true","Error": "","AuthType": "anon","VulnConfig": "allow delete: if request.auth == null; // Permits unauthenticated users to delete storage objects.","Remedy": "Restrict deletes to authenticated users: 'allow delete: if request.auth != null;'.","Details": {"rtdb_url": "https://104159166443-default-rtdb.firebaseio.com/agneyastrapocBui7Cl.json","status_code": "404"}},"agneyastra-testing2": {"Vulnerable": "vulnerable:false","Error": "","AuthType": "","VulnConfig": "","Remedy": "","Details": {"rtdb_url": "https://agneyastra-testing2-default-rtdb.firebaseio.com/agneyastrapocBui7Cl.json","status_code": "401"}}},"read": {"agneyastra-testing2": {"Vulnerable": "vulnerable:false","Error": "","AuthType": "","VulnConfig": "","Remedy": "","Details": {"rtdb_url": "https://agneyastra-testing2-default-rtdb.firebaseio.com/.json","status_code": ""}}},"write": {"agneyastra-testing2": {"Vulnerable": "vulnerable:false","Error": "","AuthType": "","VulnConfig": "","Remedy": "","Details": {"rtdb_url": "https://agneyastra-testing2-default-rtdb.firebaseio.com/agneyastrapoc5WGiNY.json","status_code": ""}}}}},"secrets": null}]}
Agneyastra:
https://github.com/JA3G3R/agneyastra
原文始发于微信公众号(FreeBuf):Agneyastra:一款Firebase 错误配置检测工具包
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论