Security Scans
Security scans are defensive Lua scans for FiveM resources.
How Scans Run
- Staff queues a scan from the Security tab.
- The Windows backup agent claims the job.
- The agent scans
.luafiles under the resources folder. - Findings are uploaded back to FiveOps.
What The Scanner Looks For
The scanner focuses on higher-signal suspicious patterns, including:
- Remote content fetched near Lua execution
- Encoded payload loaders
- Obfuscated
load/assert(load())patterns - Suspicious paste/webhook endpoints
- Unusual host command execution
- Code assembled from character arrays
What It Does Not Do
The scanner does not delete or modify resources.
Treat findings as review prompts. Confirm the resource owner, inspect evidence, and remove or quarantine code manually only after confirming it is unwanted.
Manual Run
From the Windows agent folder:
run-fiveops-lua-security-scan.cmd
Troubleshooting
If a scan stays queued, check:
- Windows agent is installed and running.
connectorTokenis correct.apiBaseUrlpoints to the hosted FiveOps app.resourcesPathorserverDataPathis correct.- Agent logs beside the agent folder.
