Most programs won't pay for scanner output and will require work that demonstrates the impact of the finding, etc. Several programs I've seen actually state that automated scans are out of scope and ask the bounty hunter not to use them. With that said, this may be a good recon tool to hunt for bugs, if its allowed by the target. I am not sure how much better itd be than Qualys or Nessus, etc though.
I like the idea for personal use. I was just looking for something similar the other day and for once I'm happy I don't need to build it.
this seems to be airing a frustration that has moved beyond accuracy in the process, companies offering bug bounties may have done the bare minimum at one point in time but every production push they do changes that, and potentially reintroduces simple scannable vulnerabilities.
That's fair. We get numerous reports from script kiddies reporting "vulnerabilities" that aren't, because they don't understand the tool that they're running, or the output that it produces, or why it isn't relevant. It's possible that they catch a known issue, but the reality is that the majority have no idea what they're doing.
I like the idea for personal use. I was just looking for something similar the other day and for once I'm happy I don't need to build it.