print("\n")
print("Advanced Executor Security Analysis - Current Executor: " .. tostring(identifyexecutor()) .. "\nInspired by UNC Environment Check\n")
print("✅ - Protected, ⛔ - Vulnerable, ⏺️ - Untested")
print("Protected means the executor has successfully blocked/mitigated the vulnerability. Vulnerable means the executor is susceptible to exploitation. Untested means the executor lacks required functionality for testing.\n")
local function blockFunction(str)
getgenv().BLOCKED_FUNCTION = Instance.new("DataStoreIncrementOptions")
BLOCKED_FUNCTION:SetMetadata({ func = str })
end
local protected, vulnerable, untested = 0, 0, 0
print("HttpRbxApiService - Critical service used by CoreScripts for Roblox API requests. When exploited, enables cookie theft, robux theft, and full account compromise.")
task.spawn(function()
local s, e = pcall(function() game:GetService("HttpRbxApiService"):PostAsync() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PostAsync")
else
protected += 1
print(" ✅ PostAsync")
blockFunction('game:GetService("HttpRbxApiService"):PostAsync()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("HttpRbxApiService"):PostAsyncFullUrl() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PostAsyncFullUrl")
else
protected += 1
print(" ✅ PostAsyncFullUrl")
blockFunction('game:GetService("HttpRbxApiService"):PostAsyncFullUrl()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("HttpRbxApiService"):GetAsync() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ GetAsync")
else
protected += 1
print(" ✅ GetAsync")
blockFunction('game:GetService("HttpRbxApiService"):GetAsync()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("HttpRbxApiService"):GetAsyncFullUrl() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ GetAsyncFullUrl")
else
protected += 1
print(" ✅ GetAsyncFullUrl")
blockFunction('game:GetService("HttpRbxApiService"):GetAsyncFullUrl()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("HttpRbxApiService"):RequestAsync() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ RequestAsync")
else
protected += 1
print(" ✅ RequestAsync")
blockFunction('game:GetService("HttpRbxApiService"):RequestAsync()')
end
end)
task.wait()
print("ScriptContext - Service containing CoreScript creation functionality. Can be exploited to bypass executor security through Actor-based CoreScript injection.")
task.spawn(function()
local s, e = pcall(function() game:GetService("ScriptContext"):AddCoreScriptLocal() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ AddCoreScriptLocal")
else
protected += 1
print(" ✅ AddCoreScriptLocal")
end
end)
task.wait()
print("BrowserService - CoreScript service enabling browser control. Can be exploited for malicious downloads and URL loading.")
task.spawn(function()
local s, e = pcall(function() game:GetService("BrowserService"):EmitHybridEvent() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ EmitHybridEvent")
else
protected += 1
print(" ✅ EmitHybridEvent")
blockFunction('game:GetService("BrowserService"):EmitHybridEvent()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("BrowserService"):ExecuteJavaScript() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ ExecuteJavaScript")
else
protected += 1
print(" ✅ ExecuteJavaScript")
blockFunction('game:GetService("BrowserService"):ExecuteJavaScript()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("BrowserService"):OpenBrowserWindow() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ OpenBrowserWindow")
else
protected += 1
print(" ✅ OpenBrowserWindow")
blockFunction('game:GetService("BrowserService"):OpenBrowserWindow()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("BrowserService"):OpenNativeOverlay() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ OpenNativeOverlay")
else
protected += 1
print(" ✅ OpenNativeOverlay")
blockFunction('game:GetService("BrowserService"):OpenNativeOverlay()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("BrowserService"):ReturnToJavaScript() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ ReturnToJavaScript")
else
protected += 1
print(" ✅ ReturnToJavaScript")
blockFunction('game:GetService("BrowserService"):ReturnToJavaScript()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("BrowserService"):SendCommand() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ SendCommand")
else
protected += 1
print(" ✅ SendCommand")
blockFunction('game:GetService("BrowserService"):SendCommand()')
end
end)
task.wait()
print("MarketplaceService - Game purchase service. Vulnerable to robux theft through VirtualInputManager prompt automation and direct drain methods.")
task.spawn(function()
local s, e = pcall(function() game:GetService("MarketplaceService"):GetRobuxBalance() end)
if s then
vulnerable += 1
warn(" ⛔ GetRobuxBalance | Output: " .. tostring(e))
else
protected += 1
print(" ✅ GetRobuxBalance")
blockFunction('game:GetService("MarketplaceService"):GetRobuxBalance()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MarketplaceService"):PerformPurchase() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PerformPurchase")
else
protected += 1
print(" ✅ PerformPurchase")
blockFunction('game:GetService("MarketplaceService"):PerformPurchase()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MarketplaceService"):PerformPurchaseV2() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PerformPurchaseV2")
else
protected += 1
print(" ✅ PerformPurchaseV2")
blockFunction('game:GetService("MarketplaceService"):PerformPurchaseV2()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MarketplaceService"):PromptBundlePurchase() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PromptBundlePurchase")
else
protected += 1
print(" ✅ PromptBundlePurchase")
blockFunction('game:GetService("MarketplaceService"):PromptBundlePurchase()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MarketplaceService"):PromptGamePassPurchase() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PromptGamePassPurchase")
else
protected += 1
print(" ✅ PromptGamePassPurchase")
blockFunction('game:GetService("MarketplaceService"):PromptGamePassPurchase()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MarketplaceService"):PromptProductPurchase() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PromptProductPurchase")
else
protected += 1
print(" ✅ PromptProductPurchase")
blockFunction('game:GetService("MarketplaceService"):PromptProductPurchase()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MarketplaceService"):PromptPurchase() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PromptPurchase")
else
protected += 1
print(" ✅ PromptPurchase")
blockFunction('game:GetService("MarketplaceService"):PromptPurchase()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MarketplaceService"):PromptRobloxPurchase() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PromptRobloxPurchase")
else
protected += 1
print(" ✅ PromptRobloxPurchase")
blockFunction('game:GetService("MarketplaceService"):PromptRobloxPurchase()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MarketplaceService"):PromptThirdPartyPurchase() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PromptThirdPartyPurchase")
else
protected += 1
print(" ✅ PromptThirdPartyPurchase")
blockFunction('game:GetService("MarketplaceService"):PromptThirdPartyPurchase()')
end
end)
task.wait()
print("HttpService - All functions block authenticated Roblox API requests except RequestInternal.")
task.spawn(function()
local s, e = pcall(function() game:GetService("HttpService"):RequestInternal() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ RequestInternal")
else
protected += 1
print(" ✅ RequestInternal")
blockFunction('game:GetService("HttpService"):RequestInternal()')
end
end)
task.wait()
print("GuiService - GUI service containing identical browser control functions as BrowserService.")
task.spawn(function()
local s, e = pcall(function() game:GetService("GuiService"):OpenBrowserWindow() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ OpenBrowserWindow")
else
protected += 1
print(" ✅ OpenBrowserWindow")
blockFunction('game:GetService("GuiService"):OpenBrowserWindow()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("GuiService"):OpenNativeOverlay() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ OpenNativeOverlay")
else
protected += 1
print(" ✅ OpenNativeOverlay")
blockFunction('game:GetService("GuiService"):OpenNativeOverlay()')
end
end)
task.wait()
print("OpenCloudService - Lesser-known service containing authenticated Roblox API request capability.")
task.spawn(function()
local s, e = pcall(function() game:GetService("OpenCloudService"):HttpRequestAsync() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ HttpRequestAsync")
else
protected += 1
print(" ✅ HttpRequestAsync")
blockFunction('game:GetService("OpenCloudService"):HttpRequestAsync()')
end
end)
task.wait()
print("CoreGui - Service with minor storage-related vulnerabilities through screenshot/recording spam.")
task.spawn(function()
local s, e = pcall(function() game:GetService("CoreGui"):TakeScreenshot() end)
if s then
vulnerable += 1
warn(" ⛔ TakeScreenshot")
else
protected += 1
print(" ✅ TakeScreenshot")
blockFunction('game:GetService("CoreGui"):TakeScreenshot()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("CoreGui"):ToggleRecording() end)
if s then
vulnerable += 1
warn(" ⛔ ToggleRecording")
else
protected += 1
print(" ✅ ToggleRecording")
blockFunction('game:GetService("CoreGui"):ToggleRecording()')
end
end)
task.wait()
print("MessageBusService - Internal service targeted for Remote Code Execution exploits.")
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):Call() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ Call")
else
protected += 1
print(" ✅ Call")
blockFunction('game:GetService("MessageBusService"):Call()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):GetLast() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ GetLast")
else
protected += 1
print(" ✅ GetLast")
blockFunction('game:GetService("MessageBusService"):GetLast()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):GetMessageId() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ GetMessageId")
else
protected += 1
print(" ✅ GetMessageId")
blockFunction('game:GetService("MessageBusService"):GetMessageId()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):GetProtocolMethodRequestMessageId() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ GetProtocolMethodRequestMessageId")
else
protected += 1
print(" ✅ GetProtocolMethodRequestMessageId")
blockFunction('game:GetService("MessageBusService"):GetProtocolMethodRequestMessageId()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):GetProtocolMethodResponseMessageId() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ GetProtocolMethodResponseMessageId")
else
protected += 1
print(" ✅ GetProtocolMethodResponseMessageId")
blockFunction('game:GetService("MessageBusService"):GetProtocolMethodResponseMessageId()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):MakeRequest() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ MakeRequest")
else
protected += 1
print(" ✅ MakeRequest")
blockFunction('game:GetService("MessageBusService"):MakeRequest()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):Publish() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ Publish")
else
protected += 1
print(" ✅ Publish")
blockFunction('game:GetService("MessageBusService"):Publish()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):PublishProtocolMethodRequest() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PublishProtocolMethodRequest")
else
protected += 1
print(" ✅ PublishProtocolMethodRequest")
blockFunction('game:GetService("MessageBusService"):PublishProtocolMethodRequest()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):PublishProtocolMethodResponse() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ PublishProtocolMethodResponse")
else
protected += 1
print(" ✅ PublishProtocolMethodResponse")
blockFunction('game:GetService("MessageBusService"):PublishProtocolMethodResponse()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):Subscribe() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ Subscribe")
else
protected += 1
print(" ✅ Subscribe")
blockFunction('game:GetService("MessageBusService"):Subscribe()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):SubscribeToProtocolMethodRequest() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ SubscribeToProtocolMethodRequest")
else
protected += 1
print(" ✅ SubscribeToProtocolMethodRequest")
blockFunction('game:GetService("MessageBusService"):SubscribeToProtocolMethodRequest()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("MessageBusService"):SubscribeToProtocolMethodResponse() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ SubscribeToProtocolMethodResponse")
else
protected += 1
print(" ✅ SubscribeToProtocolMethodResponse")
blockFunction('game:GetService("MessageBusService"):SubscribeToProtocolMethodResponse()')
end
end)
task.wait()
print("DataModel - Root game object with exploitable loading and filesystem access functions.")
task.spawn(function()
local s, e = pcall(function() game:Load() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ Load")
else
protected += 1
print(" ✅ Load")
blockFunction('game:Load()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:OpenScreenshotsFolder() end)
if s then
vulnerable += 1
warn(" ⛔ OpenScreenshotsFolder")
else
protected += 1
print(" ✅ OpenScreenshotsFolder")
blockFunction('game:OpenScreenshotsFolder()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("CoreGui"):OpenVideosFolder() end)
if s then
vulnerable += 1
warn(" ⛔ OpenVideosFolder")
else
protected += 1
print(" ✅ OpenVideosFolder")
blockFunction('game:GetService("CoreGui"):OpenVideosFolder()')
end
end)
task.wait()
print("OmniRecommendationsService - Contains function for authenticated Roblox API requests.")
task.spawn(function()
local s, e = pcall(function() game:GetService("OmniRecommendationsService"):MakeRequest() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ MakeRequest")
else
protected += 1
print(" ✅ MakeRequest")
blockFunction('game:GetService("OmniRecommendationsService"):MakeRequest()')
end
end)
task.wait()
print("Players - Contains functions enabling automated player reporting and ToS-violating chat manipulation.")
task.spawn(function()
local s, e = pcall(function() game:GetService("Players"):ReportAbuse() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ ReportAbuse")
else
protected += 1
print(" ✅ ReportAbuse")
blockFunction('game:GetService("Players"):ReportAbuse()')
end
end)
task.wait()
task.spawn(function()
local s, e = pcall(function() game:GetService("Players"):ReportAbuseV3() end)
if e == "Argument 1 missing or nil" then
vulnerable += 1
warn(" ⛔ ReportAbuseV3")
else
protected += 1
print(" ✅ ReportAbuseV3")
blockFunction('game:GetService("Players"):ReportAbuseV3()')
end
end)
task.wait()
print("Custom HTTP Functions - Testing executor-specific HTTP request functions for authenticated Roblox API access.")
print("Robux balance visibility indicates vulnerability.")
task.spawn(function()
local s, e = pcall(function() getgenv().REQUEST_RESULT = request({ Url = "https://[Log in to view URL]", Method = "GET" }) end)
if e == ":1: attempt to call a nil value" then
untested += 1
print(" ⏺️ request (Function not supported)")
task.wait(99999999999)
end
if not s then
protected += 1
print(" ✅ request | Error: " .. tostring(e))
task.wait(99999999999)
end
local str = tostring(REQUEST_RESULT.Body)
local pattern = '^{"robux":'
local st, en = string.find(str, pattern)
if st == 1 then
vulnerable += 1
warn(" ⛔ request | Robux API Output: " .. str)
else
protected += 1
print(" ✅ request")
end
end)
task.wait(0.3)
task.spawn(function()
local s, e = pcall(function() getgenv().GAME_HTTPGET_RESULT = game:HttpGet("https://[Log in to view URL]") end)
if e == ":1: attempt to call a nil value" then
untested += 1
print(" ⏺️ game:HttpGet (Function not supported)")
task.wait(99999999999)
end
if not s then
protected += 1
print(" ✅ game:HttpGet | Error: " .. tostring(e))
task.wait(99999999999)
end
local str = tostring(GAME_HTTPGET_RESULT)
local pattern = '^{"robux":'
local st, en = string.find(str, pattern)
if st == 1 then
vulnerable += 1
warn(" ⛔ game:HttpGet | Robux API Output: " .. str)
else
protected += 1
print(" ✅ game:HttpGet")
end
end)
task.wait(0.3)
task.spawn(function()
local s, e = pcall(function() getgenv().GAME_HTTPPOST_RESULT = game:HttpPost("https://[Log in to view URL]", '{"expectedCurrency":1,"expectedPrice":0,"expectedSellerId":116444}') end)
if e == ":1: attempt to call a nil value" then
getgenv().GAME_HTTPPOST_FINISHED = true
untested += 1
print(" ⏺️ game:HttpPost (Function not supported)")
task.wait(99999999999)
end
if not s then
getgenv().GAME_HTTPPOST_FINISHED = true
protected += 1
print(" ✅ game:HttpPost | Error: " .. tostring(e))
task.wait(99999999999)
end
if game:GetService("MarketplaceService"):PlayerOwnsAsset(game.Players.LocalPlayer, 1589257) then
vulnerable += 1
getgenv().GAME_HTTPPOST_FINISHED = true
warn(" ⛔ game:HttpPost | Successful unauthorized asset purchase. Asset ID: 1589257 | Response: " .. tostring(GAME_HTTPPOST_RESULT))
else
protected += 1
getgenv().GAME_HTTPPOST_FINISHED = true
print(" ✅ game:HttpPost | Response: " .. tostring(GAME_HTTPPOST_RESULT))
end
end)
repeat task.wait() until GAME_HTTPPOST_FINISHED
task.wait(1)
task.wait(1.5)
task.wait()
print("Security Bypass Testing - Evaluating executor security bypass vulnerabilities.")
task.spawn(function()
for i, v in pairs(BLOCKED_FUNCTION:GetMetadata()) do
getgenv().FUNCTION_TO_CALL = tostring(v)
end
if type(FUNCTION_TO_CALL) == "nil" then
warn(" ⛔ Test cancelled - Either environment variable removed or all functions vulnerable")
task.wait(9999999999999)
end
local s, e = pcall(function() loadstring(tostring(FUNCTION_TO_CALL))() end)
pcall(function()
getrenv().loadstring = getgenv().loadstring
getrenv().getgenv = getgenv().getgenv
getrenv()._set = clonefunction(setthreadidentity)
local old old = hookmetamethod(game, "__index", function(a, b) task.spawn(function() _set(7) task.wait(0.1)
getgenv().s1, e1 = pcall(function() loadstring(tostring(FUNCTION_TO_CALL))() end)
end) hookmetamethod(game, "__index", old) return old(a, b) end)
end)
task.wait(0.1)
if e == e1 then
print(" ✅ Environment Escape & LocalScript Execution Protection")
else
if e1 == "Argument 1 missing or nil" then
warn(" ⛔ Environment Escape & LocalScript Execution Protection")
else
print(" ⏺️ Environment Escape Test Inconclusive - Original: `" .. tostring(e) .. "` Post-escape: `" .. tostring(e1) .. "`")
end
end
end)
print(" ⏺️ (Untested) Metamethod Hook Bypass - Historical vulnerability allowing security bypass through hookmetamethod.")
task.wait(2.5)
local rate = math.round(protected / (protected + vulnerable + untested) * 100)
local outOf = protected .. " out of " .. (protected + vulnerable + untested)
print("\n")
print("Security Analysis Summary - " .. tostring(identifyexecutor()))
print("✅ Security Rating: " .. rate .. "% (" .. outOf .. ")")
print("⛔ " .. vulnerable .. " unmitigated vulnerabilities")
print("⏺️ " .. untested .. " untested vulnerabilities")
To embed this project on your website, copy the following code and paste it into your website's HTML: