xAPI - A Powerful Pentesting and Debugging Tool

And how do I use the Executer functions

You first require the module, then run any functions

like this

local ReplicatedStorage = game:GetService("ReplicatedStorage")

require(ReplicatedStorage.xAPI)()

print(getmodules())
1 Like

@SQLanguage I have a question: does this work in the server? I am planning to use it in the server

very useful resource, Im going to test my game’s anticheat with this and try to improve it

4 Likes

Good job, I don’t know why people are hating on you for providing this. This could be a major help to some security breaches games have.

6 Likes

ignore all the idiotic ppl in the replies its perfectly fine to be on roblox good job g

7 Likes

Pretty much everything except gethui (requires the LocalPlayer’s PlayerGui)

(Outdated since v3.5.0)

1 Like

Stop talking about thinks you know nothing about?

This will not be deleted or result in your game being removed.

1 Like

Awesome, good job. Not sure what people are talking about with games being deleted. Ultimate Trolling GUI featured many pre-added scripts that could violate the TOS. This is just as bad as Roblox providing a developer console to a developer. It does not violate TOS in itself, but can be used to violate TOS (but so could roblox studio). Keep up the good work brother!

3 Likes

i dont think you know what a executor is :skull:

4 Likes

Do you know what is a script executor kiddo?

This is vastly different from Ultimate Trolling GUI, which one of my cousins always put in his game, as well as the fact that this is a module, and not a gui

1 Like

theres a difference between knowing nothing and having a misunderstanding.

I find it funny how people still reply when the post is a week old now.

Ultimate Trolling GUI is actually against the ToS. Have seen tons of games with UTG getting deleted. Which one of them were recently (about 4 days ago)

True, I got banned for 7 days for having Ultimate Trolling GUI two years ago

1 Like

i was actually making something similar to this, and im impressed on how good yours is! although for my use case im trying to allow admins to use an admin panel to simulate these exploits, every lua vm loadstring module ive used works well on short scripts but somehow manages to crash on longer ones. im wondering if anyone here has a good working lua loadstring module that they could give to me?

1 Like

The issues you are experiencing with vLua come from the fact that Yueliang, the Lua compiler, was strictly made for Lua, not Luau. This means (for example)…

local testString = "Hello, "
testString ..= "World!"

will not run, because ..= is only a feature present in Luau. Yueliang doesn’t know what ..= means and thus raises a compiler error, which then crashes your script.

The only way to get around this is by making your own Luau compiler within Luau, since there are no Luau Compilers written in pure Lua/u (that I know of).
Then, once you have the compiler, you need to hook it up with a Luau Bytecode Interpreter, such as LuauVM or Fiu.

Or you can make a Web-Server which compiles Luau code and then sends it over to the client, where the client then interprets it. Maybe you can write a flask-python program which communicates with a custom-made Luau API?

2 Likes

This is not bannable by roblox unless you require something that is against roblox tos. This will not ban anybody or delete your roblox game if im not wrong. Also this post would be deleted if it was against tos.

2 Likes

You can inject inappropiate stuff that isn’t in the game by just using require() in the roblox developer console

1 Like

This is actually useful as I need to pen-test my games, but don’t want to download any exploits.

3 Likes

The “If you put it inside the game, your game will get deleted.” is incorrect, If you use xAPI carefully and properly, your game won’t be deleted. I don’t know why you are comparing apples and oranges. Ultimate Trolling Gui has some TOS Breaking items, while for xAPI, The only way to break the TOS with it is the modified version of require(), and already require() lets you insert inappropriate items, the owner is not responsible for the misuse of xAPI, the person who did it is responsible