Is RTOSploit offical?

No, RTOSploit is not associated with WeAreDevs. Be careful about downloading programs from unofficial sources.

Jon (WRD on this forum) has already tried creating an official DIscord server and it never worked out. The Discord Server you were interacting with is not official, therefore WRD does not endorse RTOSploit.

The "developer" on that server (OG DEV) is not affiliated with WRD, especially considering their behavior (rumor spreading, statements without evidence to back them up). They say they're an official developer for JJSploit but that is false.

Edit: OG DEV spread seemingly false allegations that JJSploit is a RAT because it used Xeno, so I looked at the DLL and JJSploit executable with some reverse engineering tools (Procmon and IDA) just to "double check" because a lot of people don't understand how malware analysis works and instead spread rumors and disinformation. Below you will see my findings.

To summarize, I didn't really see anything that looked like it was malicious or a red flag. The DLL isn't even packed, so if it is malware, they wouldn't be hiding it. I'm very positive that it's not malware. People saying that JJSploit is a RAT are not accurate - RATs require a network connection, and that typically means a live TCP socket is kept alive and running so a C2 server can send commands to a bot. People who state that JJSploit is a RAT are providing purely anecdotal evidence, which lacks concrete proof to be completely truthful.

Spoiler: JJsploit is not a RAT.

Take a look at this screenshot I took from Procmon:

https://media.discordapp.net/attachments/1281746773412548701/1322768467845189743/image.png?ex=677213a2&is=6770c222&hm=4deffd56b109989ce973be9653a7fd1d4047392abb12a01101e4f24c05b5cd1c&=&format=webp&quality=lossless

This screenshot shows the network activity on my virtual machine. It only shows short TCP connections to only port 443. Port 443 corresponds to the HTTPS protocol, basically just web requests being made to download the DLLs and check statuses. The IP address corresponds to a Cloudflare service, which can only proxy web requests and cannot proxy raw TCP sockets. C2 servers (RAT admin servers) REQUIRE a live socket to communicate with a client. In the image, you can see that the TCP socket disconnected and was no longer live. That means if that socket was being used for RAT purposes, the C2 server wouldn't send signals.

JJSploit DOES use Xeno's source code. But there's a rumor spreading around that it is a RAT. Xeno's source is NOT a RAT. In fact, Xeno is open source, which means you can view the code yourself to find out that Xeno contains no code that is malicious.

Xeno's source code can be found at GitHub: https://github.com/Riz-ve/Xeno/

I have forked it to preserve integrity which is accessible here: https://github.com/reversed-coffee-forks/Xeno

Here are pictures showing proof that JJsploit's DLL uses Xeno's source code:

https://media.discordapp.net/attachments/1281746773412548701/1322335398969741322/image.png?ex=6771d1ce&is=6770804e&hm=1f81a5d345e0d7bd4840a3c4c96f67586a4644e394248a2fad35028ef0c95f9e&=&format=webp&quality=lossless

https://cdn.discordapp.com/attachments/1281746773412548701/1322770589047324682/image.png?ex=6772159c&is=6770c41c&hm=1859727772beba87baa5c44b2c3cecffdbcdbbc7b8358e50de4e7583a2e09f37&

For more information, please view Jon's post about false positives: https://forum.wearedevs.net/t/572

Many antivirus programs (including VirusTotal and Windows Defender) are not perfect, and they misidentify harmless tools (such as exploits) as dangerous because they lack the sophisticated detection capabilities for more specific types of software manipulation.

If you were to ask me what I thought about RTOSploit, I would personally be very skeptical. To me, it sounds like RTOSploit is a cash grab and attempt to manipulate the community. This is my personal opinion, so take it with a grain of salt. I've drawn this opinion from my experience in this community for more than 4 years. There are patterns to schemes like these. Tread carefully.

People make false claims. Do not trust everyone by their word. Make sure you guys do your own research like I did. The important thing is that if you don't trust software, run it in a sandboxed environment, like a virtual machine. While Roblox tries to make it impossible to play on a virtual machine,  you can run Roblox in a virtual machine if you set it up correctly. Here's a picture of me playing Roblox in a virtual machine just to show I'm not bluffing:

https://cdn.discordapp.com/attachments/1281746773412548701/1322776559890989126/image.png?ex=67721b2b&is=6770c9ab&hm=47bf04ce1a0ebeb69f07fc7d015813269ce49be6cb824a695d20a90afa6df449&

So "OG DEV" wasnt working for WRD?

https://discord.gg/rtosploit

the thing is they are making jjsploit seem like a virus, but it isnt, OG DEV AKA The server owner is making his own executor and calling every other executor a virus. it seems like a problem to me since over 600 people think it is a virus, i am currently trying to bring the server down,any help would be appreciated.

Yea cuz he is saying jjs is virus and so we dont install it bcs theres "XENO" and he want make his own one, lots of people bealive in him so thats why im asking that.

We have no affiliation with them. JJSploit is not a rat.