Unforce - Salesforce recon and exploitation tool*
- Tool under development
The tool is based in python and is currently limited to unix destributions due to path issues.
Unforce works with Python 3.
$ git clone
$ cd unforce
$ python3 unforce.py -h
Arg | Long Arg | Description |
---|---|---|
-u | --url | URL to be analyzed by the program, the tool expects the URL with http schema |
-r | --record | Single salesforce record ID to be queried |
Every call made by unforce is properly logged inside a snake-case named folder, based on URL used. Output structure looks like this:
results/
target_url/
objects.txt
interesting_objects.txt
csp_sites.txt
requests/
User_object.txt
response/
User_object.txt
To avoid adittional calls Unforce has a cache control system where the fwuid discovered for a salesforce instance is stored. If the user uses the same URL, the cached fwuid will be used.
Cache is stored in a .unforce
file inside every results folder.
python3 unforce.py -u https://example.com
python3 unforce.py -r 0053k00000ApyN1AAJ
🥇 Awesome name by @zeroc00I