New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Check Firebase Security Rules, authentication settings, and Firestore/RTDB access controls.
Overview
Firebase projects are frequently deployed with development-mode security rules that allow unrestricted read/write access. Our scanner checks Firestore and Realtime Database security rules, Firebase Authentication configuration, Cloud Storage rules, and identifies common Firebase misconfigurations that expose user data.
What this scanner does
Tests Firestore and Realtime Database endpoints for open read/write access, analyzes authentication provider configuration, checks Cloud Storage bucket rules, detects Firebase config exposure in client bundles, and verifies that security rules enforce proper access control.
Why it matters
Firebase projects deployed with test-mode rules (`allow read, write: if true`) are completely open to the public internet. Attackers routinely scan for these misconfigured databases and have stolen millions of user records from production Firebase projects with no authentication required.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Vulnerability Detection
Detect exposed API keys, tokens, and secrets in your frontend code and responses.
Vulnerability Detection
Test your login, signup, and password reset flows for common security weaknesses.
Configuration Audit
Audit your Supabase project for RLS misconfigurations, exposed APIs, and insecure auth settings.
