This Tool is Useless Le me Explain Why

[raafeh1]

I am a bug bounty hunter from last 5 yrs, when i tested this tool even bough api key according to the tutorial. i have scanned almost 10-15 websites and the tool has not even given one right vulnerability all vulnerabilities shown in the tool were false positive

[Acorzo1983]

Thank you for trying BugTrace-AI and for sharing your honest feedback.

I want to clarify something important: I’m not new to offensive security—in fact, I’m experienced in the field. But I built BugTrace-AI with a very specific goal in mind: to be an affordable, accessible companion for people just starting their bug bounty journey, especially those with limited resources.

That’s why it’s called BugTrace, not BugExploiter.
It’s not meant to replace a human expert. It’s designed to assist, not automate. Every output should be treated as a hypothesis to investigate manually, not a confirmed vulnerability. Professional judgment is—and always will be—essential.

BugTrace-AI focuses on cost-effectiveness: with just a low-cost AI API key (like google/gemini-flash via OpenRouter), anyone can:

Perform non-intrusive reconnaissance,
Identify tech stacks and potential misconfigurations,
Learn common vulnerability patterns,
Generate initial test ideas or payloads,
And most importantly, learn by doing, safely and ethically.
Right now, I’m developing this alone, as a hobby, in my spare time—this isn’t my day job. I’m currently rebuilding a more robust version from the ground up, but progress is slow because I balance it with life and work.

The project is open source precisely so others can contribute, improve it, fix what’s broken, or even adapt it to their needs. Any feedback—especially from experienced hunters like you—is incredibly valuable. I’m not attached to being “right”; I’m committed to making something genuinely useful for those who need it most.

Thanks again for your time and honesty. It means a lot.

[threetlabs]

All recursive analysis attempts failed. This could be due to API errors or network issues. Not useful at all.

[threetlabs]

API Test Connection Error : Test failed: Provider returned error for free models.

[Acorzo1983]

The recurring failures in recursive analysis are likely due to the high latency and rate-limiting of free models, which often lead to timeouts or incomplete responses.

I suggest implementing Gemini 2.5 Flash as the default provider. It is significantly faster and more cost-efficient than current alternatives. By using this model, a full scan would cost only a few cents while maintaining the reliability needed for deep analysis, effectively solving the "Provider returned error" issues reported.