A modular Roblox game dumper. Extracts remotes, scripts, assets, game data, and performs basic vulnerability analysis — all organized into separate output folders.
enowxdumper/
├── src/
│ ├── main.lua - Entry point, orchestrates all phases
│ ├── config.lua - DUMP_CONFIG, dumpFolder, stats table
│ ├── utils.lua - sanitizeFileName, getFullPath, saveToFile
│ └── modules/
│ ├── structure.lua - Phase 1: dumps full game hierarchy
│ ├── remotes.lua - Phase 2: extracts all RemoteEvent/RemoteFunction
│ ├── scripts.lua - Phase 3: decompiles Script/LocalScript/ModuleScript
│ ├── data.lua - Phase 4: extracts data modules and player info
│ ├── assets.lua - Phase 5: catalogues sounds, textures, animations, etc.
│ ├── analysis.lua - Phase 6: vulnerability analysis on remotes
│ └── reporter.lua - Phase 7: generates summary, exploit guide, remote reference
├── dist/
│ └── universal-game-dumper.lua - Bundled single-file output (executor-ready)
├── build.ts - Bun bundler script
├── package.json
└── README.md
Paste the contents of src/main.lua into your executor, or use a build tool to bundle all modules into a single file first (see Build section below).
Since Roblox executors do not support require() with file paths, the intended workflow is:
- Develop and edit logic in the modular
src/files. - Bundle everything into a single flat
.luafile for execution. - Paste the bundled output into your executor.
After running, a folder named <GameName>_Dump is created in your executor's workspace directory with the following structure:
<GameName>_Dump/
├── README.txt - Summary with stats and high-priority targets
├── Scripts/ - Decompiled server scripts
├── LocalScripts/ - Decompiled client scripts
├── Modules/ - Decompiled ModuleScripts
├── Remotes/
│ ├── _remotes_list.json - All remotes as a flat JSON array
│ ├── _remotes_by_service.json - Remotes grouped by parent service
│ └── <RemoteName>.lua - Usage snippet per remote
├── Structure/
│ └── full_game_structure.txt - Complete game instance hierarchy
├── Data/
│ ├── extracted_modules_data.json - Data/config modules from ReplicatedStorage
│ └── player_info.json - LocalPlayer info
├── Assets/
│ └── all_assets.json - Sounds, textures, meshes, animations
└── Analysis/
├── vulnerability_report.txt - Human-readable vulnerability report
├── vulnerability_report.json - Machine-readable vulnerability data
├── exploit_guide.txt - Common exploit patterns and templates
└── remote_quick_reference.txt - Remote usage reference grouped by service
Edit src/config.lua to adjust behavior:
| Key | Default | Description |
|---|---|---|
maxDepth |
50 |
Max recursion depth for structure dump |
dumpAll |
true |
Dump all instance types |
includeProtectedScripts |
true |
Attempt decompile on protected scripts |
dumpAssets |
true |
Enable asset cataloguing |
analyzeVulnerabilities |
true |
Enable vulnerability analysis |
Each module is a factory function that receives a context table and returns a table with a run() method.
-- Pattern used by all modules
local function ModuleName(ctx)
local function run()
-- ...
end
return { run = run }
end
return ModuleNameconfig.lua
└── utils.lua
├── structure.lua
├── remotes.lua ──────────────────────┐
├── scripts.lua |
├── data.lua v
├── assets.lua analysis.lua
└────────────────────────────────────────> reporter.lua
remotes.lua must run before analysis.lua and reporter.lua since both consume its output (remotesList, remotesByService).
analysis.lua must run before reporter.lua since it consumes vulnerabilities.
These globals must be available in your executor environment:
| Global | Purpose |
|---|---|
makefolder(path) |
Creates a directory |
writefile(path, content) |
Writes a file |
decompile(instance) |
Decompiles a script instance |
task.wait() |
Yields to prevent timeout |
decompile availability varies by executor. If your executor uses a different name (e.g., getscriptbytecode), update the call in src/modules/scripts.lua.
Requires Bun.
bun run buildOutput: dist/universal-game-dumper.lua
The bundler (build.ts) reads all files in src/ in dependency order, wraps each module in a local closure, replaces all require(script.Parent.*) calls with the corresponding closure invocations, and concatenates everything into a single flat file ready to paste into an executor.
The bundling order is fixed in build.ts under MODULE_ORDER. If you add a new module, append it to that array before main.
src/config.lua
src/utils.lua
src/modules/structure.lua
src/modules/remotes.lua
src/modules/scripts.lua
src/modules/data.lua
src/modules/assets.lua
src/modules/analysis.lua
src/modules/reporter.lua
src/main.lua <- entry point, always last