-
Notifications
You must be signed in to change notification settings - Fork 2
CLI Reference
Weylon Solis edited this page Mar 18, 2026
·
1 revision
forcehound [options]
| Flag | Default | Description |
|---|---|---|
--collector {api,aura,both} |
aura |
Collection backend |
| Flag | Env Var | Description |
|---|---|---|
--instance-url |
FORCEHOUND_INSTANCE_URL |
Salesforce instance URL |
--session-id |
FORCEHOUND_SESSION_ID |
Session ID / access token |
--aura-context |
FORCEHOUND_AURA_CONTEXT |
Aura context JSON |
--aura-token |
FORCEHOUND_AURA_TOKEN |
Aura token JWT |
| Flag | Env Var | Description |
|---|---|---|
--api-instance-url |
FORCEHOUND_API_INSTANCE_URL |
API domain (*.my.salesforce.com) — only for both mode |
--api-session-id |
FORCEHOUND_API_SESSION_ID |
API session ID — only for both mode |
--username |
FORCEHOUND_USERNAME |
Salesforce username |
--password |
FORCEHOUND_PASSWORD |
Salesforce password |
--security-token |
FORCEHOUND_SECURITY_TOKEN |
Security token |
| Flag | Default | Description |
|---|---|---|
-o, --output |
forcehound_output.json |
Output file path |
-v, --verbose |
off | Verbose progress output |
--risk-summary |
off | Print per-user risk summary |
| Flag | Env Var | Description |
|---|---|---|
--proxy |
FORCEHOUND_PROXY |
HTTP/HTTPS proxy URL (e.g., http://127.0.0.1:8080 for Burp) |
--rate-limit |
FORCEHOUND_RATE_LIMIT |
Max requests per second (e.g., --rate-limit 5) |
| Flag | Description |
|---|---|
--skip-object-permissions |
Skip ObjectPermissions — removes SF_Object nodes and CRUD edges |
--skip-field-permissions |
Skip FieldPermissions — removes SF_Field nodes and FLS edges |
--skip-entity-definitions |
Skip EntityDefinition enrichment (sharing model, KeyPrefix) |
--skip-shares |
Skip Share objects — removes SF_Record, Owns, ExplicitAccess, InheritsAccess |
--active-only |
(Aura) Only collect active users |
| Flag | Default | Description |
|---|---|---|
--max-workers |
30 | Max concurrent Aura requests |
--page-size |
2000 | GraphQL page size for record enumeration |
--aura-path |
/aura |
Aura endpoint path (use /s/sfsites/aura for communities) |
| Flag | Default | Description |
|---|---|---|
--crud |
off | Enable empirical CRUD permission probing |
--aggressive |
off | Edit every record (save/restore), delete one per object |
--crud-objects |
all | Comma-separated list of objects to probe |
--crud-dry-run |
off | Log plan without executing DML |
--crud-concurrency |
5 | Max concurrent CRUD requests |
--crud-max-records |
no cap | Max records to test per object in aggressive edit mode |
--unsafe |
off | Allow delete-probing of protected identity objects |
| Flag | Description |
|---|---|
--audit-log {1,2,3} |
Enable OCSF-aligned audit logging. 1=activity ledger, 2=+headers/duration, 3=+full bodies |
Output: forcehound_audit_<timestamp>.jsonl
| Flag | Env Var | Description |
|---|---|---|
--bh-url |
FORCEHOUND_BH_URL |
BH CE base URL (default: http://localhost:8080) |
--bh-token-id |
FORCEHOUND_BH_TOKEN_ID |
API token ID (UUID) |
--bh-token-key |
FORCEHOUND_BH_TOKEN_KEY |
API token key (base64) |
--upload |
off | Upload output to BH after collection |
--upload-file-name |
basename of -o
|
Display name in BH File Ingest |
--clear-db |
off | Clear BH database before uploading |
--clear-db-only |
off | Clear database and exit |
--setup |
off | Register custom node types and exit |
--wait |
60 | Seconds to wait after DB clear |