Skip to content

Changelog

All notable changes to SFHound are documented here. Format follows Keep a Changelog.


[Unreleased]

Planned

  • SharingRule metadata extraction via the Metadata API
  • Individual field-level permission scoping flags to reduce edge volume
  • --scope-objects flag to target extraction to a named subset of SObjects
  • Delta/incremental extraction mode (only re-collect changed records)

[1.0.0] — Initial Release

Added

Collector

  • JWT Bearer OAuth authentication via Salesforce Connected App
  • config.yaml and full command-line override support
  • Extraction of Users, Profiles, Permission Sets, Permission Set Groups
  • Extraction of Role Hierarchy (roles and InheritsRole edges)
  • Extraction of Public Groups and Queues with nested membership resolution
  • Extraction of Object Permissions (CRUD, ViewAll, ModifyAll) per Profile/PermissionSet
  • Extraction of Field-Level Security (IsVisible, ReadOnly) per Profile/PermissionSet
  • Extraction of Connected Apps with CanAuthorize edge resolution
  • OWD (InternalSharingModel, ExternalSharingModel) capture on all SObjects
  • Aggregate PermissionSet placeholder hydration for 0PSG… IDs
  • BloodHound OpenGraph v2 output with full schema validation
  • Auto-ingest to BloodHound CE (upload, poll, status reporting)
  • Custom icon registration script (examples/post_custom_icons.py)

Graph model

  • 11 node types with coloured icons
  • 40+ typed edge types
  • Full edge context properties: General, AbuseInfo, RemediationInfo, OPSEC, References
  • MITRE ATT&CK mappings on all named system permission edges

Documentation

  • Collector setup guide (Connected App creation, JWT cert generation, minimum permissions)
  • Schema reference (all nodes, edges, properties)
  • Custom Cypher query library
  • Tier Zero Cypher rules for BloodHound CE
  • Design decisions document

Design decisions

  • System permissions modelled as typed edges to SFOrganization (not node properties)
  • CanOwnObject edges resolved via shared sobject_lookup (no dangling edges to virtual nodes)
  • Aggregate PermSet nodes materialised as minimal placeholder nodes post-extraction

Contributing

See CONTRIBUTING for guidelines on submitting issues and pull requests.