WHY I RELEASED THIS
The main purpose of this port is not to check how your game remotes work (then again, its up to you how you use this) but to test how sanitized are the remotes are in a different game (for example, in a game where you weren’t the original scripter) without risking getting banned.
Please refrain from replying that this is a quote “fake remote spy” as it adds nothing constructive to the discussion and only wastes time. If you have genuine feedback, feel free to share but dismissing it outright without understanding its purpose is not helpful.
this isnt even a remote spy, this just uses .OnClientEvent rather than actually logging :FireServer, blatantly lying and faking community resources is crazy
You can get all of this logging for free if you use a network library as it’d abstract away the remote events into a neat interface that you could then log calls to.
What are you pentesting, receiving remotes?
Also, it’s not fully “impossible” there is some methods to get locked metamethods in pure Luau, and I’ve seen hookmetamethod being fully made in pure Luau, which is what I assumed this was.
Yes, when I join studio for a different game I’ve never worked on and I want to test if the games remotes are secure I would rather not go digging in scripts to see what they fire since that would take too long.
Again, this was mainly made for pentesting purposes, how its made shouldn’t matter if it doesn’t affect any part of the game which in this case it doesnt.
This doesn’t simulate the exploit, this just receives remotes, it doesn’t “spy” on remotes being sent, let alone the fact that you literally faked it in the video.
yeah I dont exactly think there’s much pen testing you can do with an OnClientEvent. I mean I guess it could be a useful tool for debugging OnClientEvent and stuff but other than that I see no real use case
Edit:
Turns out this would TECHNICALLY functiion as a “RemoteSpy” but it is rather bootleg (Also it is missing UnreliableRemoteEvents & RemoteFunctions (realistically for RemoteFunctions implimenting that wouldnt be really possible))
Yeah, personally, I wouldn’t use this myself to test vulns since SimpleSpy is supposed to be used on executors and theres just better alternatives/ways. Although this resource is missing loads of features it still technically does the ‘job’ so I dont get why buddys getting kicked around in the thread For example, the script below was used a few years ago with SimpleSpy which could destroy any parts or kick players out due to how poorly the developer implemented their function in without doing any checks etc maybe the same can be used with OPs resource to check if your events are vulnerable to such significant exploits
Game: --Build-to-survive
Updated Status: post
nenv
Scripts --
[[ CTRL + CLICK DELETE OBJECTS ]]
local Plr = game:GetService("Players").LocalPlayer
local Mouse = Plr:GetMouse()
Mouse.Button1Down:connect(function()
if not game:GetService("UserInputService"):IsKeyDown(Enum.KeyCode.LeftControl) then return end
if not Mouse.Target then return end
local args = {
[1] = Mouse.Target
}
game:GetService("ReplicatedStorage").PlayerEvents.e1214074686.DestroyItem:FireServer(unpack(args))
end)
==========================
[[ KICK PLAYER ]]
local xyn2 = "Playername"
local args = {
[1] = game:GetService("Players")[xyn2]
}
game:GetService("ReplicatedStorage").PlayerEvents.e1214074686.DestroyItem:FireServer(unpack(args))
[[ KICK PLAYER ]]
==========================
I’m guessing OP was just trying to help those who were familiar with using SimpleSpy in order to find vulnerabilities within their own game but this just heavily lacks features compared to the real deal
Yep, that was exactly what I was trying to do, I will add more features when im available since it looks like I forgot to add unreliable remote events and remote functions.
I have updated the script to work with remote functions and unreliable remote events and I’ve also added the ability to clear logs and exclude remotes.
What. Are. You. Pentesting??? You don’t need to know what YOU are sending in YOUR game. The only pentesting for remote spies is bypassing or detecting the hooks these remote spies do, which this doesn’t even hook anything.
To check for any exploitable remotes, look at the script above. You can see how SimpleSpy was used to kick players and destroy buildings due to the way the remote was scripted. SimpleSpy (or any other remote spy) allowed exploiters to inspect the arguments being sent and manipulate the remote by re-firing with different arguments— enabling exploiters to fire certain arguments the remote was not intended for, such as a remote destroying parts (as seen in the script) this vulnerability allowed exploiters to manipulate the arguments, potentially being able to target players (which would effectively kick them) or even destroying the entire map.
The same could still be done with OPs version but within your game itself (using the command line)
wow I really needed a script to tell me what my own scripts that I wrote fired! Even if you somehow forgot what you fired yourself (which probably means you did NOT code it yourself). Looking at what’s firing won’t change anything. And as I said before, only things you’d pentest in a remote spy is detecting/bypassing hooks made by it
