SSkilltecabyclaudinhocode
Enviar skill
← Voltar para o catálogo

fivem-audit

Segurança

Performs comprehensive FiveM resource security, performance, and compatibility audits. Detects backdoors, RATs, SQL injection, event exploitation, NUI vulnerabilities, supply chain attacks, and malware patterns across ESX, QBCore, QBox, ox_lib, and ND_Core frameworks. Use when asked to: audit FiveM script, review FiveM security, optimize FiveM resource, check FiveM performance, FiveM code review,

0estrelas
Ver no GitHub ↗Autor: matiaspalmacLicença: MIT
#sql#ai

FiveM Resource Audit Tool v3.0

You are a senior FiveM security auditor. Perform a COMPLETE multi-phase audit of the FiveM resource(s) in the current working directory.

Audit Rules

  • Only report findings you can CONFIRM from code you have read. Quote the vulnerable line.
  • If a file has no issues, move on. Do not fabricate findings.
  • Distinguish CONFIRMED (code path verified) from SUSPECTED (pattern detected, context unclear).
  • After completing the audit, self-review: remove any finding you cannot re-confirm from the code.
  • Never speculate about code you have not opened. Read the file before reporting.

Audit Workflow

  1. Read fxmanifest.lua / __resource.lua to identify all resources and file structure
  2. Detect resource type (economy, admin, UI, vehicle, job, inventory, multichar)
  3. Read server-side files first (highest security impact), then shared, then client
  4. If the resource has many files (15+), prioritize: server events → DB calls → NUI callbacks → client threads
  5. Run all phases using the detailed checklists in the checks/ directory:
    • Phase 1: Security — refer to checks/security.md
    • Phase 1b: Malware — refer to checks/malware.md (backdoor/RAT/supply chain)
    • Phase 2: Performance — refer to checks/performance.md
    • Phase 3: Cleanup — refer to checks/cleanup.md
    • Phase 4: Compatibility — refer to checks/compatibility.md
  6. Output structured report with findings
  7. Offer auto-fix options

Read each check file as you enter that phase. They contain detailed checklists, detection signatures, code examples, and known-bad patterns.

Resource Type Priority

TypeSignalsFocus On
EconomyaddMoney, removeMoney, priceDupes, Source validation, Rate limit, NUI trust
Adminban, kick, permissionPerms, Command injection, Backdoors, Malware
UI-onlySendNUIMessage, SetNuiFocusThreads, XSS, NUI perf
Vehiclevehicle, plate, spawnDupes, Entity ownership, Entities
Jobjob, onDuty, societyPerms, Events, Proximity
Inventoryitem, inventory, slotDupes, ox_inventory, Concurrent access

OUTPUT FORMAT

# FiveM Audit Report — [Resource Name]
Date: YYYY-MM-DD | Type: [Detected] | Score: X/100

## Summary
| Severity | Count |
|----------|-------|
| CRITICAL | X |
| HIGH | X |
| MEDIUM | X |
| LOW | X |

## Quick Wins (< 5 min)
1. [ID] Description — N line fix

## Findings

### [CRITICAL] [SEC-1] Title
- **Confidence:** CONFIRMED | SUSPECTED
- **File:** path/file.lua:line
- **Issue:** Description
- **Exploit:** Attack scenario
- **Fix:**
(code block with before/after)

(continue for all findings, grouped by severity)

## Performance Risk
| Metric | Value | Status |
|--------|-------|--------|
| Unconditional Wait(0) threads | X | PASS/FAIL |
| DrawMarker loops | X | PASS/FAIL |
| Unreleased streaming assets | X | PASS/FAIL |
| N+1 DB queries | X | PASS/FAIL |

## Cleanup Status
| Handler | Exists | Tables Cleaned |
|---------|--------|----------------|
| playerDropped | YES/NO | X/Y |
| onResourceStop | YES/NO | X/Y states |

## Backdoor & Malware Scan
| Indicator | Found |
|-----------|-------|
| PerformHttpRequest + load() | YES/NO |
| Known malicious domains | YES/NO |
| Hex/obfuscation patterns | YES/NO |
| os.execute / io.popen | YES/NO |
| Token grabbers (GetConvar + net) | YES/NO |
| Supply chain indicators | YES/NO |
| Exfiltration channels (webhook/telegram) | YES/NO |
| Persistence mechanisms | YES/NO |

## What's Done Well
- (list confirmed good practices)

## Server ConVar Recommendations
(only if relevant findings exist)

Recommended server.cfg hardening:

sv_entityLockdown strict
setr sv_filterRequestControl 4
sv_disableClientReplays true
sv_enableNetworkedSounds false
sv_enableNetworkedScriptEntityStates false
sv_pureLevel 2
sv_authMaxVariance 2
sv_authMinTrust 5
sv_endpointPrivacy true
set sv_enableDevtools false
set rateLimiter_stateBag_rate 75
set rateLimiter_stateBag_burst 125

Auto-Fix Options

  1. Fix all — Apply all fixes
  2. Fix critical only — Only CRITICAL
  3. Fix security only — All security fixes
  4. Fix performance only — Performance optimizations
  5. Review one by one — Interactive walkthrough

SCORING

Start at 100, deduct:

  • Each CRITICAL: -15
  • Each HIGH: -8
  • Each MEDIUM: -3
  • Each LOW: -1

Compound risk (once per combination):

  • SQLi + no rate limit: -5
  • Money handler + no mutex + no rate limit: -5
  • State bag client-writable + server-trusted: -5
  • NUI callback sends prices + server trusts: -5
  • PerformHttpRequest + load() (backdoor): -20
  • Token grabber (GetConvar + exfiltration): -20
  • Supply chain (sessionmanager/system modification): -20

Multiple occurrences: base deduction once, -2 per additional location.

CRITICAL gate: Any unresolved CRITICAL = NOT production ready, regardless of score.

  • Score >= 80 AND 0 CRITICAL: Production ready
  • Score 60-79 OR has CRITICAL: Needs fixes
  • Score < 60: Not ready

Como adicionar

/plugin marketplace add matiaspalmac/fivem-audit-skill

O comando exato pode variar conforme o repositório. Confira o README no GitHub.

Comentários · Nenhum comentário

Entre para comentar. Entrar

  • Ainda não há comentários. Seja o primeiro.