exploit.today - How Certifications Work

exploit.today offers an independent certification program for Roblox executor developers. A certification is a signal to users that a given executor has been reviewed by our team, verified to function as advertised, and passed a source code analysis for known malicious patterns. This page explains what the certification process involves, what we look for, what we do not evaluate, and what a certification badge means in practice.

01 What a Certification Means

When exploit.today issues a certification for an executor, it means our review team has completed a structured evaluation of that executor at a specific point in time. It is a snapshot review — not a continuous audit. A certified executor has met the following baseline criteria at the time of review:

The developer provided access to a recent version of the executor's source code for analysis.
The source code was reviewed by our team and found to be free of known malicious components that could harm end users.
The executor was tested against a live Roblox instance and confirmed to successfully inject into the Roblox client and execute Lua scripts.
The executor's advertised features were verified to function as described to a reasonable degree.

ℹ️ A certification is not a guarantee of ongoing safety, permanent cleanliness, or immunity from Roblox detection. Software changes over time. Always exercise independent judgement when downloading and running executor software.

02 Who Can Apply

Any executor developer may apply for a certification from exploit.today, provided they meet the following eligibility conditions:

Active development — The executor must be actively maintained and publicly available, whether free or paid. Abandoned or discontinued executors are not eligible.
Source code availability — The developer must be willing and able to provide source code for review. This does not need to be a full public open-source release — a private disclosure to the exploit.today review team is acceptable — but the code provided must be genuine, recent, and representative of the distributed binary.
Minimum version history — The executor must either be on a reasonably recent release or have at least five prior versions, demonstrating a track record of ongoing development rather than a brand new or one-off release.
Cooperation with review — The developer must be responsive and cooperative throughout the review process, including providing clarification where requested and supplying any additional materials our team needs to complete its evaluation.

Executors that have been previously delisted due to policy violations may reapply after a minimum of 90 days, subject to the full review process.

03 The Open Source Requirement

The most important prerequisite for certification is source code access. The exploit.today team requires the developer to open-source or privately disclose their executor's source code — at minimum a recent version, or any version within the last five major releases — so that we can analyse it on behalf of the users who will be running it.

This requirement exists for one reason: user safety. Executor software runs with elevated privileges on a user's machine. Without access to source code, it is impossible for any third party to meaningfully verify that a given binary does not contain components that exfiltrate credentials, install persistence mechanisms, log keystrokes, or otherwise behave maliciously beyond its stated purpose.

We do not require the source code to be permanently public-facing. A developer may disclose code to us privately and request that it not be shared or published. We will honour reasonable confidentiality requests. What we will not do is certify an executor whose internals we have had no ability to inspect.

⚠️ If a developer provides code that does not match the distributed binary — for example, submitting clean source while distributing a modified build — the certification will be immediately revoked and the executor will be flagged on our platform. We cross-check builds where possible.

04 The Review Process

Once a developer submits an application and provides the required source code, our team begins a structured review. The process is as follows:

Initial Submission

The developer contacts the exploit.today team through our official channels and submits their application, including the executor name, platform, version history, and a method of source code access (public repo, private repo invite, or compressed archive via secure transfer).

Source Code Analysis

Our review team examines the provided source code. We look for network calls to external servers (and verify their stated purpose), credential or data harvesting patterns, persistence or autorun mechanisms, obfuscated code blocks that resist static analysis, any components that interact with the file system beyond the executor's stated scope, and bundled third-party libraries with known vulnerabilities. This stage may involve follow-up questions to the developer for clarification.

Functional Testing

We test the executor against a live Roblox instance in a controlled environment. We verify that the executor successfully injects into the Roblox client process, that it can execute Lua scripts without crashing the client, and that it behaves consistently with its advertised feature set. We test across representative game types where relevant (e.g. executors claiming game-specific features are tested in those games).

Detection Assessment

We note the current detection status of the executor at the time of review. This is recorded as informational metadata and does not affect certification eligibility — a detected executor can still be certified if it passes code analysis and functional testing. Detection status is a separate data point tracked on an ongoing basis by our monitoring systems.

Review Decision

Following analysis and testing, our team reaches a decision: certified, conditional (requiring the developer to address specific findings before certification is issued), or declined. The developer is notified of the outcome with a written summary of our findings. Declined applications may appeal or reapply after resolving the issues identified.

Badge Issuance

Certified executors receive an exploit.today certification badge displayed on our platform. The badge includes the date of certification and the version reviewed. The listing on our tracker is updated to reflect certified status.

05 What We Look For in Code Review

Our code review is focused entirely on user safety — specifically, determining whether the executor poses risks to the machines and accounts of the people who run it. We are not evaluating the quality of the code, its architecture, or how well-written it is. The following are the primary concerns we investigate:

Outbound network connections — We map every external server the executor communicates with and verify the stated purpose of each connection. Update checks, telemetry, key system calls, and similar connections are expected and acceptable, provided they are disclosed. Undisclosed exfiltration of user data, clipboard contents, saved credentials, or system information is grounds for immediate rejection.
File system interactions — We verify that the executor only reads from and writes to locations consistent with its function (e.g. its own installation directory, temporary files, script storage). Any writes to sensitive system locations, startup folders, or locations associated with persistence mechanisms are flagged.
Process interactions — Beyond the expected injection into the Roblox client, we check whether the executor interacts with other running processes in ways that are not necessary for its stated function.
Bundled components — We inspect any bundled libraries, drivers, or third-party components included in the executor's package. Bundled tools with known dual-use or malicious histories are flagged.
Obfuscation — Heavy obfuscation of code sections that serve no performance or anti-cheat-bypass purpose is treated as a signal for further scrutiny. We may request that specific sections be deobfuscated or explained before proceeding.

06 What We Do Not Evaluate

To be transparent about the scope of our certification, the following are explicitly outside what a certification covers:

Roblox Terms of Service compliance — Using executor software violates Roblox's Terms of Service. An exploit.today certification says nothing about and makes no claims regarding the legality or platform-policy status of using the software. Users accept all consequences of platform bans themselves.
Ongoing detection status — Certification is not a statement that an executor is undetected. Detection status changes constantly and is tracked separately by our monitoring systems.
Code quality or reliability — We are not a code review service in the engineering sense. We do not evaluate performance, stability, crash rates, or feature completeness beyond basic functional verification.
Post-certification updates — Once a certification is issued, it applies to the reviewed version. Subsequent updates may change the executor's behaviour. We make periodic re-review attempts for certified executors but cannot guarantee that every update is evaluated.
Legal status in your jurisdiction — The legality of executor software varies by jurisdiction. exploit.today makes no representations about the legal status of any software listed on our platform in any particular region.

07 Revocation

exploit.today reserves the right to revoke a certification at any time. Grounds for revocation include but are not limited to:

Discovery that the source code submitted for review did not accurately represent the distributed binary at the time of certification.
A subsequent update to the executor introducing components that would have caused the executor to fail the original review.
Credible and verified community reports of malicious behaviour attributable to the executor.
The developer engaging in conduct that exploit.today determines to be harmful to users or the broader community.
The executor being abandoned or discontinued, rendering the certification stale.

When a certification is revoked, the developer is notified with a written explanation. The certification badge is removed from the platform and replaced with a revocation notice that includes the date and general reason for revocation. Revoked certifications are not deleted from our records — they remain in our history log as a transparency measure.

08 Applying for Certification

To begin the certification process, reach out to the exploit.today team through our official Discord server. Include the following in your initial message:

The name and platform of your executor.
A link to your executor's public page, website, or download location.
Your current version number and a brief version history.
Your preferred method of source code disclosure (public repository, private repository invite, or secure file transfer).
Any relevant context about your executor's architecture or components that might assist our review team.

Our team will respond with next steps. Review timelines vary depending on executor complexity and current queue depth, but we aim to complete initial assessments within a reasonable timeframe and will keep applicants informed of their position in the queue.

✓ Certification is free of charge. exploit.today does not accept payment in exchange for certification outcomes. All certifications are issued solely on the basis of passing our review criteria.