People running these tools are so common that "automated reports" are routinely excluded from public bug bounty programs. The ratio of false findings to true findings is very high.
> The ratio of false findings to true findings is very high.
Had to deal with one of these canned reports a while back to satisfy some enterprise contract. Had a dozen or so JS "vulns" that were only applicable to a Node environment that were being reported for client-side use. We were not a Node shop. I couldn't believe we'd paid money for that garbage report.
People running these tools are so common that "automated reports" are routinely excluded from public bug bounty programs. The ratio of false findings to true findings is very high.