Is MainDab a virus?
A fair discussion on whether or not MainDab is malware
MainDab is not a virus
It comes as no surprise that there are many so-called "Roblox exploits" which are, in fact, malware! In fact, you can easily find such malware on GitHub. It is worth being concerned as to whether or not MainDab is malware.
In this section, we will discuss whether or not MainDab is malware. If you just want to get started on using MainDab, skip to the next section.
MainDab, as in the application
MainDab acts as a frontend for interfacing with Roblox exploit APIs (libraries). If you were to download a Roblox exploit, the frontend for an exploit is where you are most likely to obtain malware from.
Things proving MainDab is not a virus
In summary, MainDab does not hide what it does from you, the user.
MainDab has a single download source - GitHub releases. As a safety precaution, only download MainDab from the MainDab GitHub Releases page.
MainDab is not obfuscated, meaning a .NET decompiler can be used to inspect MainDab's code.
Applications that support MainDab, such as the WeAreDevs API key system bypass, is not obfuscated. A .NET decompiler can be used to inspect such files.
MainDab's code is publicly available on GitHub and you are free to compile MainDab if you wish.
MainDab pushing malware would severely damage its reputation, especially considering MainDab is an organisation that has long moved on from Roblox exploiting.
Things to be concerned about
MainDab requires elevated permission ("Run as Administrator") to run. This is due to how the WeAreDevs key system bypass works (i.e. admin required to run a web server on
localhost:443). See: Bypassing WRD Key System.MainDab has an auto-update functionality which forces users to update to the newest version of MainDab. If MainDab's GitHub account were to be compromised, a malicious update could be unknowingly pushed to you.
VirusTotal Scans
VirusTotal is a service that scans files for potentially malicious items. VirusTotal scans are not as effective as decompiling MainDab and seeing the true nature of how MainDab operates.
As of MainDab 15.2 REL (21 June 2025), here are the scanned items:
MainDabWRDWrapper.exe: see results for MainDabWRDWrapper.dll
WeAreDevs, as in the API
MainDab acts as a front end for the WRD API and as such cannot control what WRD actually does. WRD API downloads files on its own.
Things proving WRD is not a virus
Since WeAreDevs creation around ~2017 (or perhaps earlier), there has not been a single case of WRD being malware.
MainDab, since its creation on 22 February 2020, has used the WRD API. No malware was reported from the use of WRD.
None of the binaries used by WRD API are obfuscated.
Things to be concerned about
WeAreDevs provides no documentation whatsoever into how it operates — it only provides information on functions exported.
For instance, WRD creates a folder called
jjploitin your Documents directory without any indication of such. WRD also hides the debugging console from the user (which MainDab mitigates). It is unknown why WRD chooses to hide debugging information from the user.WRD also has its own auto-update functionality like how MainDab does.
VirusTotal Scans
As of MainDab 15.2 REL (21 June 2025):
wearedevs_exploit_api.dll: https://www.virustotal.com/gui/file/567c197658cb3fe2b1d5936b20d0da5cca7a5b505a9da10d4003f5af8b8d0705
Last updated