Docs

Automated Firebase recon and security scanner. Extracts from APKs or IPAs and checks for unauthorized read and write access on Firestore, Realtime Database, Storage buckets, Remote Config, Cloud Functions, and detects hardcoded service accounts.

A practical Firebase pentest checklist covering Auth, Realtime database, Firestore, Storage, Remote Config, Functions, and IAM. Includes OpenFirebase commands and clear finding criteria per service

Wordlists for fuzzing Firebase Cloud Functions and Firestore collections, mined from public GitHub source code. Ranked by real-world usage across thousands of repos. Drop-in for OpenFirebase, Fuff etc. Black-box recon for bug bounty and pentesting.

AWS security scanner that finds hardcoded secrets and internet-exposed resources across all regions and 30+ AWS services.

Security audit tool for Active Directory. Automates a lot of checks from a pentester perspective.

Secure npm, pnpm, Yarn, and Bun installs by running install scripts in a sandbox with restricted filesystem access, filtered network egress, and a temporary home directory.