We have an Android and iOS apps which we implemented the Firebase Authentication using Email/Password, Facebook and Google Account.

How can we know if Firebase prevent hackers from running a script with a random email and password multiple times in order to hack into our system in the end?

We found out this on Firebase Console -

Manage sign-up quota

To protect your project from abuse, we limit the number of new Email/Password and Anonymous sign-ups that your application can have from the same IP address. You can request and schedule temporary changes to this quota here.

Current quota per hour: 100

But could not find anything else over the Web and also this is not so clear for SIGN_IN method and no just SIGN_UP as written above.

Any help is appreciated.

The Firebase Authentication service is monitored for abuse. Information about this monitoring and the actions taken on detected abuse is seldom documented though, since the information changes regularly and would be more helpful to abusers than to most developers.

If you think your use-case is being affected by this monitoring or the actions taken upon it, reach out to Firebase support with clear details (i.e. code)on what you're trying to do, and what behavior you seeing.