Security Scans

Security scans are defensive Lua scans for FiveM resources.

How Scans Run

  1. Staff queues a scan from the Security tab.
  2. The Windows backup agent claims the job.
  3. The agent scans .lua files under the resources folder.
  4. Findings are uploaded back to FiveOps.

What The Scanner Looks For

The scanner focuses on higher-signal suspicious patterns, including:

  • Remote content fetched near Lua execution
  • Encoded payload loaders
  • Obfuscated load/assert(load()) patterns
  • Suspicious paste/webhook endpoints
  • Unusual host command execution
  • Code assembled from character arrays

What It Does Not Do

The scanner does not delete or modify resources.

Treat findings as review prompts. Confirm the resource owner, inspect evidence, and remove or quarantine code manually only after confirming it is unwanted.

Manual Run

From the Windows agent folder:

run-fiveops-lua-security-scan.cmd

Troubleshooting

If a scan stays queued, check:

  • Windows agent is installed and running.
  • connectorToken is correct.
  • apiBaseUrl points to the hosted FiveOps app.
  • resourcesPath or serverDataPath is correct.
  • Agent logs beside the agent folder.