Mandiant open sources tool to prevent leaky Salesforce misconfigs
Summary
Mandiant has released AuraInspector, an open-source, read-only tool designed to help Salesforce administrators detect and remediate misconfigurations in Aura components used by Experience Cloud sites. Aura components are not inherently insecure, but their complexity frequently leads to access-control errors that can expose sensitive data. Examples noted by Mandiant include unauthenticated users accessing Account records via the getItems method and abuse of the default GraphQL API available to guest accounts. AuraInspector automates common abuse techniques, highlights risky configurations (such as Record Lists and admin panels exposed via Home URLs), and suggests remediation steps. The tool is available on GitHub and performs only read-only checks, so it will not modify Salesforce instances on its own.
Key Points
- AuraInspector is an open-source, read-only scanner for Salesforce Aura misconfigurations.
- Focuses on access-control issues in Aura components powering Experience Cloud sites.
- Automates known abuse methods (eg. getItems enumeration, GraphQL API misuse) and provides remediation advice.
- Helps find exposures such as unauthenticated access to Account records, Record Lists and admin panels via Home URLs.
- Available now on GitHub: https://github.com/google/aura-inspector
- Particularly useful for organisations still running legacy Aura code alongside Lightning Web Components.
Why should I read this?
Short and blunt: if you run Experience Cloud sites or manage Salesforce security, this is a tool that could stop embarrassing — and costly — data leaks. We dug out the fuss so you don’t have to: AuraInspector automates the boring, repeatable checks attackers use and gives clear fixes. Run it, fix what it flags, sleep easier.
Source
Source: https://go.theregister.com/feed/www.theregister.com/2026/01/13/mandiant_salesforce_tool/