How would I find a list of dangerous functions?

Right now, I’m looking for potentially harmful functions(IG, getfenv, string.reverse, ETC) commonly used in backdoors and viruses.

However, the only thing I can do right now is look at virus scripts source code, and most of them are obfuscated.

Does anyone have a list, or any idea on how to find these functions?

Well if the script is obfuscated, that’s a good indicator that the script is malicious.

But you can probably just do ctrl + shift + f and search for key words. Here are some I can think of off of the top of my head:

• getfenv (biggest one, there is no reason to be modifying the script’s environment)
• require (inspect the required asset’s source to be safe. Some known, reputable models like HD admin use it to load modules that need to be updated in near-realtime which isn’t malicious.)
• \ (for writing characters with their codepoints or whatever they’re called but also look into these, \ isn’t always an indicator of something malicious (eg. escapes))

Like the getfenv()[string.reverse("000\000\000\000")] things you find in viruses? I thought this is how you would “call” require in a obfuscated way(for malicious purposes, obviously).

Either way, will look into that!

Yeah, if you try printing them they output the characters.

For example if you do string.byte('a'), it will output the character’s code point (97) and that can be used to make text near unreadable to us:

print('\97')

will output “a”

Information on that is here:
http://www.lua.org/pil/2.4.html

Particularly:

We can specify a character in a string also by its numeric value through the escape sequence \ddd , where ddd is a sequence of up to three decimal digits. As a somewhat complex example, the two literals "alo\n123\"" and '\97lo\10\04923"' have the same value, in a system using ASCII: 97 is the ASCII code for a , 10 is the code for newline, and 49 ( \049 in the example) is the code for the digit 1 .

Likewise using \x works to use the the character’s hex code so “\x61” is also equal to “a”