False positive when using --safe-check flag

Some third parties security company are using this scanner to provide reports to gov authorities, but they are likely using the flag "--safe-check" which results in a massive false positive detected.

Here the results of the scanner with the flag --safe-check:

```
python3 scanner.py -u https://SAFE-HOST --safe-check

brought to you by assetnote

[*] Loaded 1 host(s) to scan
[*] Using 10 thread(s)
[*] Timeout: 10s
[*] Using safe side-channel check
[!] SSL verification disabled

[VULNERABLE] https://SAFE-HOST - Status: 500

============================================================
SCAN SUMMARY
============================================================
  Total hosts scanned: 1
  Vulnerable: 1
  Not vulnerable: 0
  Errors: 0
============================================================
```

Instead running it without the --safe-check result in a realistic and accurate result:

```
python3 scanner.py -u https://SAFE-HOST

brought to you by assetnote

[*] Loaded 1 host(s) to scan
[*] Using 10 thread(s)
[*] Timeout: 10s
[*] Using RCE PoC check
[!] SSL verification disabled

[NOT VULNERABLE] https://SAFE-HOST - Status: 500

============================================================
SCAN SUMMARY
============================================================
  Total hosts scanned: 1
  Vulnerable: 0
  Not vulnerable: 1
  Errors: 0
============================================================
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

False positive when using --safe-check flag #34

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

False positive when using --safe-check flag #34

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions