NEWS Introducing NulledVault SecureScan™

🛡️ Introducing NulledVault SecureScan™


We’re excited to officially launch NulledVault SecureScan™ — lightweight malware scanning tool built specifically for Minecraft developers and server owners.


🔍 What is SecureScan?​


SecureScan allows you to analyze:

  • .jar files
  • .class files
  • .cs files

before running them on your server.

It helps detect suspicious code patterns and potentially harmful behavior inside plugin files.


⚠️ Why does this matter?​


Not every shared or leaked resource is safe.

Even one malicious file can:

  • Steal server tokens
  • Inject hidden backdoors
  • Execute remote commands
  • Leak database credentials

SecureScan gives you an extra layer of protection before deploying anything.


🚀 How it works​


  1. Open the tool
  2. Upload your file
  3. Let SecureScan analyze the code
  4. Review the results

No installation required.
No setup required.
Completely browser-based.


🔗 Try SecureScan Now​




We built this tool for the NulledVault community and it’s completely free to use.

Powered by MalwareScan created by danilotallaric

Have feedback or feature requests?
Reply below 👇
 
Last edited:
Click to expand...

🛡️ SecureScan Update — v1.1.0.1​


We’ve released a new SecureScan update focused on clarity, verdict accuracy and overall stability.

Main Feature​

  • Resources are now automatically scanned on upload and on version updates
  • Scan result is shown directly on the resource page
  • Users can download the full TXT scan report for latest version

Improvements​

  • Verdict-based styling (CLEAN / CHECK / REVIEW / DO NOT USE)
  • Dynamic colors on result page and overlay
  • More consistent result layout

Verdict Logic​

  • Better threat label normalization
  • Fixed UNKNOWN handling
  • Consistent verdict display across result page, overlay and TXT reports

TXT Report​

  • Structured header (Threat level, Detected, Findings, Timestamp)
  • Clearer formatting for manual review

System​

  • Improved session report storage
  • Activity now shows: “Scanning for malware”
  • Stability fixes and edge case improvements


SecureScan is still in BETA. False positives are possible, especially with complex plugins.

If you're unsure about a result, ask in MalwareScan Discord server.
 

🛡️ SecureScan™ Update – v1.1.2​


RE-CHECK SYSTEM​

  • Added re-check button on resources for staff.

WEB REPORT​

  • Added MalwareScan API web report on every scan.

RESOURCE SCAN FIXES​

  • Fixed version matching with current resource version
  • Improved attachment fallback detection
  • Fixed false ".jar only" message in valid scenarios
  • Correct status handling for:
    • pending
    • not_jar
    • too_large
    • failed

Overlay now properly displays status descriptions again.

BACKEND IMPROVEMENTS​

  • Repository logic cleanup
  • ResourceScan job stability improvements
  • Separate flood control for:
    • Manual scans
    • Resource re-checks

STRUCTURE UPDATE​

  • Refactored resource report handling
 

🛡️ SecureScan™ Update – v1.1.3​


RE-CHECK SYSTEM​

  • Added CSRF protection for re-check
  • Re-check now uses POST-only execution
  • Separate flood control for re-check (60s)

SECURITY HARDENING​

  • Attachment content_type validation
  • Ensures attachment belongs to correct resource version
  • Improved filename sanitization
  • Prevents duplicate scans via SHA256 hash check

ATTACHMENT DETECTION FIXES​

  • Proper fallback for multiple attachments

API RESILIENCE (AUTO RETRY)​

  • Automatic retry for HTTP 429 / 502 / 503 / 504
  • Progressive delay system (up to 5 attempts)
  • Cron-based retry handler

JOB & QUEUE STABILITY​

  • enqueueUnique to prevent duplicate jobs
 
🛡️ SecureScan™ Update – v1.2.0

We’ve just rolled out a major update to NulledVault SecureScan.

SecureScan now officially supports Rust (Oxide/uMod) plugins in addition to Minecraft plugins.

What’s new:

  • .cs files can now be scanned directly
  • All new uploads and updates of existing resources will be scanned automatically (you can download txt report by clicking SecureScan button)
  • Rust-specific detection engine
  • Improved upload validation & size enforcement

Rust scans analyze source code for suspicious indicators such as:

  • Discord webhook exfiltration
  • OwnerID backdoor checks
  • Hardcoded Steam IDs
  • Network calls (WebClient, HttpClient, UnityWebRequest, webrequest.Enqueue)
  • Process execution
  • DllImport / native interop
  • Registry access
  • Obfuscation markers (Base64 decoding, suspicious identifiers)
  • Config and file enumeration
  • Raw socket usage
  • And other common malicious behaviors

This significantly improves safety in the Rust section and gives you better visibility before installing plugins.

You can test it now here:
https://nulledvault.com/securescan

If you find any edge cases or false positives, let us know.
 
You must log in or register to reply here.
Back
Top