Okay, I don't have much experience with these auto-exploiters and have really only been vaguely familiar with them up until recently and I'm now starting to look into them a bit more.
So take what I say with a grain of salt:
My take on them is that they do work, but It depends on the quality of the URL lists you feed it.
And the quality of the URL list is dependent upon how precise your dorks are.
Your dorks have to be able to reasonably find outdated websites from a variety of CMSs. This means that the dorks used for SQLi dumper may be entirely different than the ones used for Auto-exploiters.
The keywords you'd be looking for MAY be different and they may contain different parameters.
In manual shelling, you're often looking for very low hanging fruits such as a simple UNION based SQLI or even a login bypass, but these are very old vulnerabilities that are typically only still found on shitty offshore websites
that all get written by the same eastern Asian web-dev firms that still don't know to sanitize user input.
With an auto exploiter, you're more looking for slightly out of date Joomla sites or WordPress as that's what the majority of sites are running nowadays and that's what these auto-exploiters scan for: vulnerabilities in old CMS plugins and misconfigurations that come along with the default install procedures.