README.md
June 17, 2026 · View on GitHub
_ /\ /\ ___ _ __ ___ _ _ | | ___ ___ / /_/ // _ \| '__|/ __|| | | || | / _ \/ __| / __ /| __/| | | (__ | |_| || || __/\__ \ \/ /_/ \___||_| \___| \__,_||_| \___||___/
Hercules is a powerful Lua obfuscator designed to make your Lua code nearly impossible to reverse-engineer. With multiple layers of advanced obfuscation techniques, Hercules ensures your scripts are secure from prying eyes.
If you decide to use/fork Hercules, please do star it to show support. It helps out a ton!
Contact either zeusssz_ on Discord for queries, or join the Discord, to use the Herucles Bot.
You may also use the Website to obfuscate your code
Caution
Obfuscation is not a foolproof method for protecting your code! Always consider additional security measures depending on your use case.
Note
Hercules is very much still in development and may not be the best yet, but we are committed to making it one of the best. Hercules is currently on version: 2.0.1
Features
-
String Encoding: Transform strings into seemingly indecipherable formats using an advanced Caesar Cipher, making reverse engineering a daunting task.
-
Variable Renaming: Elevates your code's security by replacing original variable names with a unique set of randomly generated identifiers, effectively masking their true intent.
-
Control Flow Obfuscation: Introduces intricate, deceptive control flow structures to mislead static analysis tools, ensuring your logic remains obscured from prying eyes.
-
Garbage Code Insertion: Strategically inject meaningless code snippets that bloat your scripts, complicating the analysis and deterring attackers.
-
Bytecode Encoding: Seamlessly convert critical sections of your script into bytecode, adding an additional layer of complexity that hinders comprehension.
-
Function Inlining: Enhances obfuscation by embedding function bodies directly into their calls, effectively disguising the original flow and logic of the code.
-
Opaque Predicates: Utilizes constructed conditions that always evaluate to true or false, creating confusion about the actual functionality of your code.
-
Dynamic Code Generator: Generates code blocks dynamically from the script itself, complicating static analysis and enhancing security.
-
String to Expressions: Transform string literals into complex mathematical expressions, making it nearly impossible to deduce their original meaning.
-
Virtual Machinery: Employs a virtual machine environment to execute obfuscated code, adding a layer of execution complexity that challenges traditional analysis techniques.
-
Wrap In Function: Encapsulates entire scripts within a function, further obscuring the code's entry points and enhancing overall security.
-
Anti Tamper: Implements runtime integrity checks to detect and block unauthorized overrides or manipulations of core functions and bytecode.
Tip
You can customize your obfuscation settings through the config.lua file.
Installation
Important
It is recommended to use the Lua 5.4 compiler to run Hercules
-
Clone this repository (alternatively, install the ZIP file):
git clone https://github.com/zeusssz/hercules-obfuscator.git cd hercules-obfuscator/src -
Run the obfuscator:
lua hercules.lua path/to/your/script.lua
Note
Ensure you are in the working directory of hercules.lua, i.e., src by default.
Usage
To obfuscate a Lua script using Hercules, simply run:
lua hercules.lua path/to/your/script.lua
This will generate an obfuscated version of the script in the same directory, with the filename *_obfuscated.lua.
Example
lua hercules.lua my_script.lua
Output:
my_script_obfuscated.lua – the obfuscated version of your script.
If you specify the overwrite option with the --overwrite flag, it will write over to the specified script, instead of creating a new file.
You may also specify a preset using --light, --balanced, --heavy, or --maximum.
eg.
lua hercules.lua my_script.lua --maximum
You may also choose modules through the command line by using the flags, such as --compressor/-c.
eg.
lua hercules.lua my_script.lua -c --antitamper
above enables compressor and antitamper
Adding a New Module
To add a module so it runs in the pipeline and gets picked up by the test suite, follow these steps:
1. Create the module file
Create a new Lua file in src/modules/ (e.g. my_module.lua). It must export a .process(code, ...) function that returns the transformed code:
-- modules/my_module.lua
local M = {}
function M.process(code, some_option)
-- transform code here
return code
end
return M
2. Register it in config.lua
Add a default config entry under settings so the module can be toggled:
settings = {
-- ...existing entries...
my_module = { enabled = false }, -- or enabled = true
},
If your module has configurable parameters (e.g. intensity, name lengths), add them here as well.
3. Wire it into pipeline.lua
a) Add a require at the top:
local MyModule = require("modules/my_module")
b) Call it inside Pipeline.process(code) at the correct position (order matters!):
if config.get("settings.my_module.enabled") then
local param = config.get("settings.my_module.some_parameter")
code = MyModule.process(code, param)
end
Important
The pipeline order is critical. See the Pipeline Execution Order section to decide where your module belongs. Later passes transform the output of earlier passes.
4. Register it in test.lua
a) Add the module name to ALL_MODULES:
local ALL_MODULES = {
"VirtualMachine",
-- ...existing modules...
"my_module", -- add here
}
b) Map it to its config path in MODULE_PATHS:
local MODULE_PATHS = {
-- ...existing mappings...
my_module = "settings.my_module.enabled", -- add here
}
Note
The key in MODULE_PATHS must exactly match the string in ALL_MODULES, and the value must be the dot-path to the .enabled key in config.lua.
5. Verify
cd src
lua test.lua --quick --verbose # should show your new module in single-module tests
Customization
You can modify or add new modules to the modules/ directory to create additional layers of obfuscation. The pipeline.lua file controls the order of obfuscation steps.
Important
When adding more modules to the modules/ directory, ensure you maintain proper order in the pipeline file, to prevent any issues relating to the sanity of the code, and remember to add your module to the pipeline.lua file.
If you wish for it to be configurable, add it to the config.lua file, along with the necessary logic.
Testing
A comprehensive end-to-end test suite verifies all − 1 = 16,383 module combinations against a realistic Lua fixture (FNV-1a hashing, JSON builder, escape sequences, closures, method chains, and multi-line table constructors). Each test runs actual obfuscation via Pipeline.process() and verifies the output matches expected results.
Supported Targets
| Target | Modules | Notes |
|---|---|---|
| Lua 5.4 | 14/14 | Full support including VirtualMachine and bytecode_encoding |
| Luau | 12/14 | VirtualMachine and bytecode_encoding disabled (incompatible bytecode) |
Python Parallel Runner (recommended for full sweep)
Fast parallel execution using multiple Lua worker processes:
# Full combination sweep with auto-detected workers (Lua target)
python3 test_py.py
# Explicit worker count
python3 test_py.py --jobs 8
# Luau target (12 modules, validated with luau binary)
python3 test_py.py --target luau
# Run both Lua and Luau tests
python3 test_py.py --target both
Luau Support
The obfuscator supports generating code for Luau (Roblox's Lua dialect):
# Obfuscate for Luau target
lua hercules.lua script.lua --target luau -cf -se -vr -gci -opi -st -wif -fi -dc -at
# Output: script_obfuscated.luau
Luau-specific adaptations:
- VirtualMachine and bytecode_encoding modules are automatically disabled
load()calls in source code are converted toloadstring()- Polyfills for
math.ldexp/math.frexpare prepended to output - Antitamper checks only functions available in Luau (no
loadfile,dofile,debug.*,os.exit)
Lua Test Runner (recommended for quick checks)
Interactive test suite with selective test groups:
# Quick mode: baseline + 14 single modules + 64 core combos (~5s)
lua test.lua --quick
# Full combination sweep (single process)
lua test.lua --test full_combinations --verbose
# Run all tests
lua test.lua --verbose
# Test a specific fixture against all combinations
lua test.lua --test fixture_sweep_main_script --verbose
# Run only single module tests
lua test.lua --group single --verbose
# Baseline only (no modules)
lua test.lua --test baseline_no_modules --verbose
# List all available tests
lua test.lua --list
# Show help
lua test.lua --help
All commands must be run from the src/ directory.
Test Coverage
| Suite | What it tests | Combinations |
|---|---|---|
quick | Baseline + 14 singles + 64 core combos | 79 tests |
full_combinations | All non-empty module subsets | 16,383 combos |
single_<module> | Each module individually | 14 tests |
fixture_sweep_* | All combos against one fixture | 16,383 each |
config_get_set | Config API validation | 16 tests |
Working modules (14/14): VirtualMachine, antitamper, bytecode_encoding, opaque_predicates, function_inlining, dynamic_code, string_encoding, garbage_code, control_flow, compressor, WrapInFunction, watermark, variable_renaming, StringToExpressions