Service:
Protocol:
TCPPort:
9099Used for:
Port 9099 is commonly used by the Firebase Auth Emulator and custom development tools for serving HTTP-based services during testing.Why It’s Open
Port 9099 is commonly used in development environments, especially for tools and platforms that require HTTP services not bound to default ports like 80 or 443. A well-known use case is the Firebase Authentication Emulator, which listens on port 9099 during local development. Developers use this emulator to safely test authentication flows without interacting with live Firebase services.
In addition, port 9099 is arbitrarily selected by various custom dashboards, web APIs, reverse proxies, and IoT control panels, especially during testing or staging. It’s also seen in some internal microservice architectures or containers where each service binds to its own port for local routing. Because it’s unassigned by IANA, port 9099 is often overlooked and may remain open unintentionally, potentially exposing services to unauthorized access.
Common Risks
- Exposed Firebase Emulators
Firebase Auth Emulators on port 9099 may leak user metadata or accept unauthenticated test logins if exposed externally. - Unauthenticated Internal Tools
Internal services or dashboards using port 9099 may lack authentication, allowing direct access to sensitive functions. - Debug or Test Servers
Developers may leave test servers running in insecure modes with debug info, stack traces, or elevated privileges. - Information Disclosure
HTTP services on this port may leak API routes, internal service names, or configuration files. - No Encryption
Services are typically served over plaintext HTTP, which risks interception or tampering when accessed over untrusted networks.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open
nmap -sT -p 9099Identify running service:
curl -I http://:9099/Fingerprint exposed apps:
Use browser or whatweb/nikto to identify headers, banners, and login pages.
What to Look For
| Checkpoint | What it means |
|---|---|
| Port 9099 open externally | Local development tool or emulator may be publicly reachable |
| Firebase banner or endpoints | Firebase emulator could allow test logins or expose user data |
| Unauthenticated dashboard/login | Admin tools may be exposed without protection |
| Plaintext responses or debug info | Indicates test environment left accessible |
Mitigation
- Restrict Access to Port 9099
Block external access at firewalls unless explicitly required for public-facing services. - Use Localhost or VPN-Only Binding
Bind development tools to 127.0.0.1 or internal IPs instead of 0.0.0.0. - Add Authentication & Access Controls
Even for internal tools, enforce login mechanisms and session controls. - Disable Emulators in Production
Ensure Firebase or similar emulators are only running in dev environments. - Regular Port Audits
Scan environments for forgotten services running on non-standard ports like 9099.
Known CVEs and Exploits
There are no well-known CVEs directly assigned to port 9099, but the services that run on it (e.g., Firebase emulator, Node.js dashboards) may be vulnerable:
- CVE-2019-5413 – Express template injection, often used in dev dashboards.
- Firebase Emulator Risk Note – Official Firebase guidance warns against exposing emulators externally.
- Exploit-DB 47837 – Python http.server RCE risk when exposed (also often bound to ports like 9099).