Aura Inspector is a tool designed for testing Salesforce Experience Cloud applications. It's not an officially supported Google product and does not qualify for Google's Open Source Software Vulnerability Rewards Program. The tool helps identify misconfigurations in Salesforce applications and automates parts of the testing process. Key features include discovering accessible records for both guest and authenticated users, using an undocumented GraphQL Aura method to count records, and checking self-registration capabilities. It can also find "Home URLs," which could potentially expose sensitive administrative functionality. Installation requires Python 3 and pip. Users can install Aura Inspector with pipx or by cloning the repository and setting up a virtual environment. The command to install via pipx is straightforward, while the manual setup involves creating a virtual environment and installing dependencies from a requirements file. The tool's help menu provides a comprehensive list of options, like specifying the target Salesforce application URL, using cookies for authentication, and customizing output directories. For a quick assessment, running a command without authentication reveals accessible features from a guest perspective. If the application allows self-registration, users can create accounts for deeper testing. For more extensive results, running the tool with authentication is recommended, either by providing a session cookie or using a request file from an authenticated session. This flexibility allows for thorough testing across multiple custom applications hosted within a single Salesforce instance.