I've run a couple of these "testers" against servers I know are vulnerable by verifying at a shell prompt, and they they all report "safe" (with hedging language, of course).<p>Why is that? I don't mean to come across being entitled to any sort of free tester, but is it responsible to publish tools that definitely report "safe" when the underlying systems are not?