NetSPI

NetSPI / ForceHound

Public

Salesforce identity and permission graph collector for BloodHound CE. Maps users, profiles, permission sets, roles, groups, sharing rules, connected apps, and field-level security into attack-path graphs.

www.netspi.com attack-path aura bloodhound graph identity
13
1
100% credibility
Found Mar 23, 2026 at 13 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

ForceHound gathers Salesforce user permissions, roles, and access data to create visual maps of potential security risks compatible with BloodHound.

How It Works

1
🔍 Discover ForceHound

You hear about a helpful tool that reveals hidden access risks in your Salesforce setup, like who can change important data.

2
📦 Get it ready

Download and prepare the tool on your computer in just a few minutes.

3
Connect your Salesforce
🛡️
Quick view

Use your everyday login for a low-key scan without special powers.

👑
Full details

Use admin access for the complete picture including shared items.

4
🚀 Run the scan

Hit go and watch it quietly gather a map of all permissions and paths in seconds or minutes.

5
📊 See the map

Load the results into a visual explorer to spot risky shortcuts and over-shares.

Fix and secure

Spot the problems, tighten access, and rest easy knowing your Salesforce is safer.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 13 to 13 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ForceHound?

ForceHound is a Python CLI tool that pulls Salesforce identity and access management data—users, profiles, permission sets, roles, groups, sharing rules, connected apps, and field-level security—into BloodHound Community Edition graphs for spotting privilege escalation paths. It solves the blind spot in Salesforce IAM visualization by mapping complex permissions into attack-path graphs via two collectors: a privileged REST API backend and a low-privilege Aura/Lightning mode using browser session tokens. Output is OpenGraph JSON ready for BloodHound, with extras like empirical CRUD probing and direct upload.

Why is it gaining traction?

It stands out with Aura mode for stealthy recon without admin access, proxy support for Burp Suite, and aggressive CRUD testing that actually attempts DML to validate permissions beyond metadata. DevOps teams get audit logs in OCSF format for SIEM ingestion, rate limiting to dodge blocks, and seamless BloodHound CE integration including custom node icons. In a Salesforce github repository landscape full of deployment tools, this nails identity management graphing for security workflows.

Who should use this?

Pentesters targeting Salesforce orgs during red team engagements, especially for low-priv lateral movement recon. Security engineers or Salesforce identity and access management architects auditing over-permissions, sharing rules, or connected apps. BloodHound users extending attack-path analysis to SaaS tenants without full API creds.

Verdict

Grab it if you're mapping Salesforce IAM—solid docs, CLI flags like --crud --aggressive, and BH upload make it instantly usable despite 13 stars and 1.0% credibility score. Still beta (v0.1), so test in non-prod; pair with salesforce github actions for automated scans.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.