The real vulnerability is not in the web application you plan to scan. It is in the machine running the cracked scanner.
Using cracked software is: