aura-privesc: Automating Salesforce Lightning Privilege Escalation Testing
After nearly a year of pentesting Salesforce orgs, I built aura-privesc: an open-source scanner that automates Aura/Lightning privilege escalation discovery. It finds exposed objects, tests CRUD permissions, probes Apex controllers, and generates interactive HTML reports with ready-to-use proof-of-concept commands.