Open-source Minecraft client for authorized server security testing
Free pentest toolkit · Crash & exploit modules · Custom protocol layer · Fabric 1.21.4
Download · Toolkit · Modules · Installation · Responsible use · Development
LiteClient is a free, open-source Fabric client built for security researchers, server owners, and administrators who need to stress-test and audit Minecraft server defenses in controlled, authorized environments.
LiteClient is created by the developers of XynisClient who want to share their knowledge for free!
Join on Xynis Discord now: https://dsc.gg/xynis
It ships with a dedicated module framework, custom packet pipeline, and reconnaissance utilities so you can probe how your stack (Paper, Spigot, proxies, ViaVersion, anti-cheat plugins) behaves under real exploit and crash payloads, without paying for closed-source “crash clients.”
100% free. Fully open source. Every merge to
mainproduces a signed build artifact on GitHub Releases with an auto-generated changelog.
| Closed crash clients | LiteClient | |
|---|---|---|
| Cost | Paid / gated | Free forever |
| Source code | Closed | MIT inspect, fork, extend |
| Purpose | Often abuse-focused | Documented security testing workflow |
| Extensibility | Locked | Module API + custom protocol layer |
| Updates | Manual | CI/CD release on every merge to main |
Use it to answer questions like:
- Will oversized book NBT or container clicks take down my Paper fork?
- Does ViaVersion/ViaBackwards sanitize malicious item data on older protocols?
- Can a bundle exploit crash the main thread on 1.21.2+?
- Which plugins are exposed on my test instance (
!plugins)?
Configurable payloads executed through a unified module system. Open ClickGUI (Right Shift), pick a module, tune parameters, and fire with live toast feedback.
LiteClient bypasses vanilla packet limits where needed and sends crafted play-stage payloads (PacketCodec, container clicks, bundle packets) for reproducible tests.
Default chat prefix: ! (configurable)
| Command | Role in pentest |
|---|---|
!crash |
List / run crash modules |
!exploit |
List / run exploit modules |
!plugins |
Enumerate server plugins |
!playerlist |
Inspect online players |
!hideentity / !hidenick / !fakegm |
Client-side test utilities |
!help |
Command reference |
!prefix |
Change command prefix |
Built for long testing sessions not a reskinned vanilla client.
- ClickGUI - categorized modules (Crashers, Exploits, …) with per-module argument panels
- Alt Manager - offline + Microsoft profiles for multi-account test scenarios
- Multiplayer screen - async ping, player counts, direct connect
- Connection progress - staged join flow (handshake → auth → login → world)
- HUD - server IP, brand/engine fingerprint, last packet timing
- ViaFabricPlus integration - test cross-version protocol paths (optional)
Current built-in payloads (more can be added via the module API):
| Module | Type | Target / notes |
|---|---|---|
| Book | Crasher | Oversized writable book payloads Paper & ViaVersion/ViaBackwards stress |
| Charged Projectiles | Crasher | Projectile-related crash vectors |
| Bundle | Exploit | 1.21.2+ bundle instant-crash (protocol 768/769/770) |
Each module exposes typed arguments (packet count, payload size, timing, …) and documents usage in ClickGUI.
- Download
LiteClient-x.y.z.jarfrom Releases. - Install Fabric Loader for Minecraft 1.21.4.
- Add Fabric API to
.minecraft/mods. - Drop the LiteClient JAR into
.minecraft/mods. - Launch with the Fabric profile.
.minecraft/mods/
├── fabric-api-….jar
└── LiteClient-1.0.0.jar
| Requirement | Version |
|---|---|
| Minecraft | 1.21.4 |
| Fabric Loader | ≥ 0.19.3 |
| Fabric API | 1.21.4 build |
| Java | 21 |
Recommended for cross-version tests: ViaFabricPlus
- Deploy a dedicated test server you own or have written permission to test.
- Join with LiteClient and open ClickGUI (
Right Shift). - Run recon:
!plugins,!playerlistbaseline the target stack. - Select a module (e.g. Book), configure conservative parameters, execute.
- Monitor server logs, TPS, and crash reports document findings.
- Patch, redeploy, re-test.
Config persists under .minecraft/config/freeclient/.
LiteClient is a security research tool, not a weapon.
- Test only servers you own or where you have explicit written authorization.
- Unauthorized denial-of-service or disruption of third-party servers is illegal in most jurisdictions and violates Minecraft’s Terms of Service.
- The authors provide this software as-is for defensive research and hardening. You are responsible for how it is used.
By using LiteClient, you agree to apply it ethically and legally.
git clone https://github.com/madeqq/FreeClient.git
cd FreeClient
./gradlew build
# → build/libs/LiteClient-<version>.jar./gradlew runClientsrc/client/java/me/madeq/client/
├── module/ # Crash & exploit modules + framework
├── protocol/ # Custom Netty packet pipeline
├── command/ # Chat command system
├── gui/ # ClickGUI & test-oriented menus
├── alt/ # Multi-account testing
├── notify/ # Execution feedback toasts
└── hud/ # Server fingerprint overlay
| Workflow | Trigger | Output |
|---|---|---|
| CI | PR & push to main |
Build verification (+ PR artifact) |
| Release | Merge to main |
GitHub Release + JAR + changelog |
Release tags: v<mod_version>-build.<run_number> (e.g. v1.0.0-build.42).
Contributions welcome especially new modules, protocol improvements, and documentation for defensive hardening.
- Fork the repository
- Create a feature branch
- Open a pull request with a clear description of the test scenario your change supports
LiteClient | madeq & 0WhiteDev
Built with Fabric · Fabric Loom · MinecraftAuth
MIT License - free to use, modify, and distribute with attribution.

Open-source server security testing for Minecraft · Use responsibly