The software outputs hundres of vulnerable urls but they are actually redirected to home page of the website, which is not vulnerable.

Use the -k switch to perform keyword matching, which will eliminate the false positives.