Eco Executor - Made for pentesting and debugging

Experience_Member · February 8, 2025, 6:55am

Eco Executor🍃

This is a plugin made for developers to pentest or debug their game in studio. This plugin almost replicates executor API and the UI was inspired by the KRNL executor (which now has been shutdown) Also, the executor uses an API called eAPI (a xAPI but it has been modified to fit perfectly with the level 5 identity since xAPI replicates executor functions and made it work with level 2 identity scripts)

Features📦

You can see it on GitHub repository

Installation📥

Go to the latest release in the GitHub repository/releases and download the rbxmx file in the latest release. Insert the rbxmx file into the game and ‘save it as local plugin’.
There should be a toolbar in the plugins tab (click to config the Eco Executor)
Make sure that in the security settings (game settings at security section) the Enable Studio Access to API Services and Enable Http requests has been enabled, otherwise some functions may not work!

Credits🔷

SQLanguage - xAPI - For executor functions
HeyWhatsHisFace - Converter Module – For saveinstance() support
NiceBuild1 - Syntax Highlighter – For real time syntax highlighting (also it has been modified)

functionally_wicked · February 8, 2025, 7:50am

this seems pretty cool
i think ive seen things like this but this seems to be the best by far
can you not publish the plugin?
i dont mind adding it locally just wondering. (ive seen roblox tweaking plugin stuff recently)

Experience_Member · February 8, 2025, 8:01am

I don’t publish this as a plugin because most my code have getfenv, I don’t want my plugin just keep going down so I think it’s best to just tell people to save it as a plugin but I may try to do it but not now.

LeoBeomkl · February 10, 2025, 1:53am

will there be support for loadstring(game:HttpGetAsync(“LINK_HERE”))()

Experience_Member · February 10, 2025, 3:29am

Never heard that function before, after I did some research, I found it as located in the DataModel as you said before.

I think it just same as game:HttpGet but has second parameter which are HttpRequestType but I don’t have any much info about the second param but I think I will implement it but just does the same as HttpGet as I don’t have much info about the second param yet.

Experience_Member · February 10, 2025, 4:38am

Nvm, in the eAPI module there is already HttpGetAsync

Experience_Member · February 10, 2025, 1:53pm

Version 0.0.2 has been released

New

Added HttpPost() support as well as game:HttpPost()
Added game:HttpPostAsync()
Added getscriptbytecode()
Added loadbytecode()
When editing, the number representing the current line (on the left) will be bold (the text)

Changes

Changed eAPI module script location from main.memory to main.modules
Changed the member of the core module script from core:inject() to core.inject()
Changed how loadstring() works.
Removed instanceservice module script (located in main.modules)
Updated the source code where the services show a instanceservice code (now removed)

Bugfixes

Fixed where gethui() would return the normal coregui instead of wrapped one.
Fixed where HttpGet(), game:HttpGet(), game:HttpGetAsync() would always return nil.
Fixed path metamethod (__newindex) where it will print if the key is one of the member of the path (path.to and path.find())

Download the version 0.0.2 here

Experience_Member · February 15, 2025, 4:09am

Version 0.0.3 has been released

New

Added messagebox and messageboxasync.
Added rconsolecreate and rconsoledestroy (along with the aliases)
Added a modulescript called version.
Now the plugin will check if the current version is outdated or not.
Added unctest function along with the UNC_Checkup modulescript.
Added debug.loadscript (works similarly like debug.loadmodule)
Added getsenv.
Added Drawing library, cleardrawcache, getrenderobj, isrenderobj, getrenderproperty, setrenderproperty.

Changes

Reverted the loadstring() changes and modified a bit.
Improved the File Store.

Screenshot 2025-02-15 1150321919×987 506 KB
Changed the option name for Server Warns to Debug mode.
Improved the Eco Config.
Updated the configs description.
Improved the document.
No longer wrapping any instance with classname “Instance” for custom GetDebugId().
Updated the services module.

Bugfixes

Fixed where the HttpGet(), game:HttpGet(), HttpGetAsync(), game:HttpGetAsync() would return a table instead of string.
Fixed lines number will go white back after changing the cursor position even if the line still highlights error.

Download the version 0.0.3 here

nix102on · February 15, 2025, 9:08am

How does this really help in anti-exploit? Please tell me I’m new to anti-exploits.

Experience_Member · February 15, 2025, 9:40am

So you can test this against your anti exploit, you could improve it even more if my own executor bypasses.

Bjarnos_Alt · February 26, 2025, 12:55pm

Why does messagebox() arg #2 require both type string and boolean? I think you should remove the boolean one.

Edit: I feel like rconsoleinput() isn’t working either? Where do I type?

Experience_Member · February 26, 2025, 1:11pm

Oh, thanks for pointing that out. I completely forgot and idk why I double the if statement on the second arg of the messagebox. Will fix it soon. Also what do you mean rconsoleinput() isn’t working? The function should return a string that was inputted by the user in the eco console, but calling that function will yields till the user input a message in eco console. Or it was something else.

Bjarnos_Alt · February 26, 2025, 1:31pm

That’s correct but I’m not able to input anything anywhere. Could you point out where I’m supposed to input the text?

Experience_Member · February 26, 2025, 1:35pm

To input the text, go to the console:

Once you inputted the text, the function will no longer yield and will return the inputted text (like those texts that have been inputted into the console)

Bjarnos_Alt · February 26, 2025, 1:37pm

Ah, the input field was hidden by my output!

Experience_Member · February 26, 2025, 1:41pm

I remember that the console (including the executor UI) is draggable through the topbar

LeoBeomkl · February 26, 2025, 9:33pm

will there be any updates soon and also will there be support for resizing the ui or making it smaller?

Bjarnos_Alt · February 26, 2025, 9:55pm

You could edit the source and parent the console to a Widget rather than the coregui if you want to resize the GUI.

Experience_Member · February 28, 2025, 11:23pm

Version 0.0.4 has been released

New

User can now configure the execution context:

Screenshot 2025-03-01 0623261919×990 82 KB

Changes

Changed every topbar title (for executor ui, the topbar title says Eco Executor, for the console it says Eco Console)
Changed the source code of core ModuleScript.
Some functions no longer support Script ClassName
Now getrenv returns the real environment instead of the sandboxed one.
Changed the main Script RunContext to Plugin

Bugfixes

Fixed where it would print “isn’t nil” when using spyr.
Fixed messagebox would check if the second arg is a number, then check if it’s a boolean (thanks to @Bjarnos_Alt for pointing that out)
Fixed messagebox and messageboxasync picking the style wrongly (should be styles[style + 1] instead of styles[style - 1])

Note: I mostly don’t remember the changes I made, aaaaa.

Download the version 0.0.4 here

Experience_Member · February 28, 2025, 11:24pm

Sorry, I couldn’t implement a resizing feature because I don’t know how (never made that feature before)