Some third parties security company are using this scanner to provide reports to gov authorities, but they are likely using the flag "--safe-check" which results in a massive false positive detected.
Here the results of the scanner with the flag --safe-check:
python3 scanner.py -u https://SAFE-HOST --safe-check
brought to you by assetnote
[*] Loaded 1 host(s) to scan
[*] Using 10 thread(s)
[*] Timeout: 10s
[*] Using safe side-channel check
[!] SSL verification disabled
[VULNERABLE] https://SAFE-HOST - Status: 500
============================================================
SCAN SUMMARY
============================================================
Total hosts scanned: 1
Vulnerable: 1
Not vulnerable: 0
Errors: 0
============================================================
Instead running it without the --safe-check result in a realistic and accurate result:
python3 scanner.py -u https://SAFE-HOST
brought to you by assetnote
[*] Loaded 1 host(s) to scan
[*] Using 10 thread(s)
[*] Timeout: 10s
[*] Using RCE PoC check
[!] SSL verification disabled
[NOT VULNERABLE] https://SAFE-HOST - Status: 500
============================================================
SCAN SUMMARY
============================================================
Total hosts scanned: 1
Vulnerable: 0
Not vulnerable: 1
Errors: 0
============================================================
Some third parties security company are using this scanner to provide reports to gov authorities, but they are likely using the flag "--safe-check" which results in a massive false positive detected.
Here the results of the scanner with the flag --safe-check:
Instead running it without the --safe-check result in a realistic and accurate result: