Eco Executor - Made for pentesting and debugging

Experience_Member · February 8, 2025, 6:55am

Eco Executor🍃

This is a plugin made for developers to pentest or debug their game in studio. This plugin almost replicates executor API and the UI was inspired by the KRNL executor (which now has been shutdown) Also, the executor uses an API called eAPI (a xAPI but it has been modified to fit perfectly with the level 5 identity since xAPI replicates executor functions and made it work with level 2 identity scripts)

Features📦

You can see it on GitHub repository

Installation📥

Go to the latest release in the GitHub repository/releases and download the rbxmx file in the latest release. Insert the rbxmx file into the game and ‘save it as local plugin’.
There should be a toolbar in the plugins tab (click to config the Eco Executor)
Make sure that in the security settings (game settings at security section) the Enable Studio Access to API Services and Enable Http requests has been enabled, otherwise some functions may not work!

Warning⚠️

Running in an unpublished game will make some executor functions non-functional/unusable.

Credits🔷

SQLanguage - xAPI - For executor functions
HeyWhatsHisFace - Converter Module – For saveinstance() support
NiceBuild1 - Syntax Highlighter – For real time syntax highlighting (also it has been modified)

functionally_wicked · February 8, 2025, 7:50am

this seems pretty cool
i think ive seen things like this but this seems to be the best by far
can you not publish the plugin?
i dont mind adding it locally just wondering. (ive seen roblox tweaking plugin stuff recently)

Experience_Member · February 8, 2025, 8:01am

I don’t publish this as a plugin because most my code have getfenv, I don’t want my plugin just keep going down so I think it’s best to just tell people to save it as a plugin but I may try to do it but not now.

LeoBeomkl · February 10, 2025, 1:53am

will there be support for loadstring(game:HttpGetAsync(“LINK_HERE”))()

Experience_Member · February 10, 2025, 3:29am

Never heard that function before, after I did some research, I found it as located in the DataModel as you said before.

I think it just same as game:HttpGet but has second parameter which are HttpRequestType but I don’t have any much info about the second param but I think I will implement it but just does the same as HttpGet as I don’t have much info about the second param yet.

Experience_Member · February 10, 2025, 4:38am

Nvm, in the eAPI module there is already HttpGetAsync

Experience_Member · February 10, 2025, 1:53pm

Version 0.0.2 has been released!

New

Added HttpPost() support as well as game:HttpPost()
Added game:HttpPostAsync()
Added getscriptbytecode()
Added loadbytecode()
When editing, the number representing the current line (on the left) will be bold (the text)

Changes

Changed eAPI module script location from main.memory to main.modules
Changed the member of the core module script from core:inject() to core.inject()
Changed how loadstring() works.
Removed instanceservice module script (located in main.modules)
Updated the source code where the services show a instanceservice code (now removed)

Bugfixes

Fixed where gethui() would return the normal coregui instead of wrapped one.
Fixed where HttpGet(), game:HttpGet(), game:HttpGetAsync() would always return nil.
Fixed path metamethod (__newindex) where it will print if the key is one of the member of the path (path.to and path.find())

Download version 0.0.2 here