Mandiant, a cybersecurity leader owned by Google, has launched AuraInspector. This open-source tool helps businesses spot and fix access control errors in the Salesforce Aura framework. The new command-line tool helps defenders and admins find data exposure risks in Salesforce.
Salesforce Experience Cloud is widely adopted across industries, but it includes complex permission models that can unintentionally allow unauthorized users to gain access to sensitive data, such as credit card numbers, identity documents, and health information. Mandiant’s Offensive Security Services team often finds these misconfigurations in real-world assessments. To address this, they created AuraInspector. This tool automates detection and provides clear steps for fixing the issues.
AuraInspector is free, open-source software. It helps security teams audit Salesforce setups. It shows how unauthorized users might interact with Aura endpoints. The tool finds Aura framework endpoints. It lists Salesforce objects that are available. Then, it checks if guest or low-privilege user profiles have too many permissions. This could allow unwanted access to data.
Also Read: NetDocuments Acquire eDOCS
The utility also leverages GraphQL to bypass standard record retrieval limits typically encountered when querying Salesforce data, offering a comprehensive view of potential exposures. Moreover, AuraInspector identifies record lists that may allow unauthorized viewing or modification of records, discovers exposed administrative panels linked to third-party modules, and detects configurations such as self-registration that can permit unauthorized account creation.
“AuraInspector was developed in response to widespread access control gaps that we regularly observe in Salesforce Experience Cloud environments,” said Mandiant security experts. “This tool enables organizations to automate the detection of these misconfigurations, helping security teams proactively identify risks that might otherwise remain unnoticed until exploited.”
AuraInspector is intentionally designed as a read-only defensive tool to prevent misuse. It doesn’t change target systems. It helps organizations boost their setups before attackers exploit any weaknesses. The tool is on GitHub, making enterprise-grade security audits easier for the cloud and Salesforce community.