@echo off REM ============================================================================ REM Canada Post App - Security Testing Suite REM ============================================================================ REM REM IMPORTANT: These tests should only be run: REM 1. With proper authorization from Canada Post REM 2. Connected to VPN for anonymity/safety REM 3. For legitimate security research purposes REM REM Tests: REM 1. Google API Key Abuse (Scenario 2) REM 2. Firebase Database Access (Scenario 4) REM REM ============================================================================ echo ============================================================================ echo CANADA POST APP - FIREBASE SECURITY TEST echo ============================================================================ echo. echo WARNING: Ensure you are connected to VPN before proceeding! echo. echo This test will: echo - Attempt Firebase database enumeration echo - Test Firebase Remote Config access echo - Check for exposed fallback credentials echo. echo Press Ctrl+C to abort, or pause echo. REM Check Python installation python --version >nul 2>&1 if errorlevel 1 ( echo ERROR: Python is not installed or not in PATH echo Please install Python 3.7+ from https://www.python.org/ pause exit /b 1 ) echo [*] Python detected echo. REM Install required packages echo [*] Installing required Python packages... python -m pip install requests --quiet --disable-pip-version-check if errorlevel 1 ( echo WARNING: Failed to install packages, but continuing anyway... ) echo. echo ============================================================================ echo Firebase Database Enumeration Test echo ============================================================================ echo. echo This test will attempt to access Canada Post's Firebase database. echo. echo Database: https://canada-post-2dce9.firebaseio.com echo Firebase API Key: AIzaSyDWtJr2knyZpJEOgBlJH_lBk-xqlnQJ27Q echo. pause echo. python "%~dp0cpc_firebase_database_poc.py" if errorlevel 1 ( echo. echo [!] Test failed or was aborted ) echo. echo. echo ============================================================================ echo TEST COMPLETE echo ============================================================================ echo. echo Review the output above for findings. echo. echo Next Steps: echo 1. Document all vulnerabilities found echo 2. Calculate CVSS scores for each finding echo 3. Prepare proof-of-concept evidence echo 4. Draft security advisory echo 5. Contact Canada Post security team echo 6. Follow 90-day responsible disclosure timeline echo. echo Report templates are available in: echo - CPC_HARDCODED_CREDENTIALS_ANALYSIS.md echo. pause