When you work at your cafe game or etc u see these exploiters with 0 name, you’re like, I will get his avatar and you not find him any where with this model u will be able to find anyone.
Q:How to use it?
A:Just take the tool and click someone it should show their name and also a button that allows to directly kick the selected person.
Q:Can I edit the tool if there is something that I don’t like?
A:Sure it’s open source u can do what ever you want.
Q:Can exploiters abuse to tool to get a kick exploit
A:No.
There is also a new script going around lately, that abuse the network to get animations and also use their hats inside their avatar. Whats cool with the Username Lookup u click on the hats or the player it will still get their username even if they make a fake player script just click it and its supposed to give their name.
And if someone ask no there isn’t any backdoor in that model it’s full clean u can check via using a roblox chrome extension (BTRoblox) and u will be able to see it’s full clean
Mentioning this was a bit suspicious, but I can confirm there is indeed no backdoor in here.
I see you’re handling the Remote per client which also odd but then it turned out there is some protection on the RemoteEvent (simple if Player == Player then operation) but I have to ask:
What if the client you’re trying to check just simply removes their humanoid?
Why kick an exploiter when they can just simply rejoin? Seems tedious, DataStoreService should be used.
The Script who checks the player username will be dropped in PlayerGui when u equip the tool soo the script will go to the main Player and get his name and then if someone is firing it and plr.Name ~= as the one we took then it will just kick the player and no I don’t wanna do a ban just a kick because I don’t want to see there is a ban bug with the tool
and the first question Imma update the Module I didn’t thought of that Imma fix it and Imma tell u when I update it
New Version has been released v1.5 1.5 Changelog: -Fixed checks when u clicked the player because exploiters can remove their humanoid soo they don’t get detected that has been fixed
What’s the use of this? If an exploiter makes a change to their character which replicates then detecting it is trivial. Same thing with exploiters removing their names, if they remove their username (presumably a BillboardGui under their character) then you should be able to look for that.
Bypassed it. I made a fake serverside in studio and snagged the tool from Player2’s backpack with serversided Dex Explorer and kicked them. I managed to load normal Dex in studio and it didn’t work as expected.
It doesnt work while the player is holding the tool. Only if its in the backpack. Like if an admin at a backdoored cafe had it sitting in their backpack some guy named XxDeathVxbing2323xX could use Little Johnny SS and load dex to kick everyone. Here is the footage https://streamable.com/bfkcjq
Please make it a GUI instead of a tool or else it will make this quote a lie!
I did this all in studio but it is more than possible with a serverside!
I’m not sure what you were trying to get out of this. If an exploiter has access to the server directly they are able to do anything the server can regularly do with basically no way to prevent execution. And not to mention, if an exploiter had server access they are able to kick players without the use of this tool.
Preventing abuse through server sided access is probably not possible and is at fault for the game developers deciding to use models with backdoors to them.
Finally, making it a GUI doesn’t help, the server can modify any player’s GUI if they so desire.
Sure you bypassed but at the same time what you are doing isn’t hard to stop at all. If you have a script that handles ranks you can simply just add a script that will only allow you to use the tool if you have a certain rank which would be stored on the Server therefore an exploiter can’t do anything with it since it is stored on the server and if you attempted to use that item without the rank, the item would simply just not work, you can destroy it, or whatever you want to do if such happens @mimi235664556655 what I just said is a good security practice,
xZytler here makes a very good point here as well if the user has access to the ServerSide which really won’t happen as most exploiters executors are client sided and only execute LocalScripts they wouldn’t need to even bother stealing the tool from on that does have the tool.
This is not a admin script, since exploiters can somehow hide their names to prevent getting them banned(as op said) the tool allows you to click the player with hidden name and get their name so you can ban them.
By the way, instead of making a tool like this it would be better if you just kicked everyone with a hidden name, i think you have tried this but couldnt know which method they use to hide their name but just saying
