Merge 3116c2e678 into 3b8a75e407

Update versionvulnerabilitydb.py
2026-05-25 07:21:23 +02:00 · 2024-09-26 11:32:06 +02:00 · 2024-05-09 16:50:44 +02:00
52 changed files with 1007 additions and 169 deletions
@@ -7,7 +7,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13.0-rc.2"]

    steps:
      - uses: actions/checkout@v4
@@ -17,8 +17,8 @@ jobs:
          python-version: ${{ matrix.python-version }}
      - name: Install dependencies
        run: |
-          python3 -m pip install --upgrade pip
-          python3 -m pip install -U codecov coveralls flake8 mypy pylint pytest tox
+          python -m pip install --upgrade pip
+          pip install -U codecov coveralls flake8 mypy pylint pytest tox
      - name: Run Tox
        run: |
-          python3 -m tox
+          tox
@@ -11,7 +11,7 @@ However, if you can submit patches that pass all of our automated tests, then yo

 [Tox](https://tox.wiki/) is used to automate testing.  Linting is done with [pylint](http://pylint.pycqa.org/en/latest/) & [flake8](https://flake8.pycqa.org/en/latest/), and static type-checking is done with [mypy](https://mypy.readthedocs.io/en/stable/).

-Install the required packages with `python3 -m pip install -U codecov coveralls flake8 mypy pylint pytest tox`, then run the tests with `python3 -m tox`.  Look for any error messages in the (verbose) output.
+For Ubuntu systems, install tox with `apt install tox`, then simply run `tox` in the top-level directory.  Look for any error messages in the (verbose) output.


 ## Docker Tests
@@ -30,8 +30,9 @@
 - analyze SSH client configuration;
 - grab banner, recognize device or software and operating system, detect compression;
 - gather key-exchange, host-key, encryption and message authentication code algorithms;
- output algorithm security information (available since, removed/disabled, unsafe/weak/legacy, etc);
+- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
 - output algorithm recommendations (append or remove based on recognized software version);
+- output security information (related issues, assigned CVE list, etc);
 - analyze SSH version compatibility based on algorithm information;
 - historical information from OpenSSH, Dropbear SSH and libssh;
 - policy scans to ensure adherence to a hardened/standard configuration;
@@ -219,21 +220,18 @@ For convenience, a web front-end on top of the command-line tool is available at

 ## ChangeLog

-### v3.3.0 (2024-10-15)
+### v3.3.0-dev (???)
 - Added Python 3.13 support.
 - Added built-in policies for Ubuntu 24.04 LTS server & client, OpenSSH 9.8, and OpenSSH 9.9.
 - Added IPv6 support for DHEat and connection rate tests.
 - Added TCP port information to JSON policy scan results; credit [Fabian Malte Kopp](https://github.com/dreizehnutters).
 - Added LANcom LCOS server recognition and Ed448 key extraction; credit [Daniel Lenski](https://github.com/dlenskiSB).
-  - Now reports ECDSA and DSS fingerprints when in verbose mode; partial credit [Daniel Lenski](https://github.com/dlenskiSB).
- - Removed CVE information based on server/client version numbers, as this was wildly inaccurate (see [this thread](https://github.com/jtesta/ssh-audit/issues/240) for the full discussion, as well as the results of the community vote on this matter).
 - Fixed crash when running with `-P` and `-T` options simultaneously.
 - Fixed host key tests from only reporting a key type at most once despite multiple hosts supporting it; credit [Daniel Lenski](https://github.com/dlenskiSB).
 - Fixed DHEat connection rate testing on MacOS X and BSD platforms; credit [Drew Noel](https://github.com/drewmnoel) and [Michael Osipov](https://github.com/michael-o).
 - Fixed invalid JSON output when a socket error occurs while performing a client audit.
- - Fixed `--conn-rate-test` feature on Windows.
 - When scanning multiple targets (using `-T`/`--targets`), the `-p`/`--port` option will now be used as the default port (set to 22 if `-p`/`--port` is not given).  Hosts specified in the file can override this default with an explicit port number (i.e.: "host1:1234").  For example, when using `-T targets.txt -p 222`, all hosts in `targets.txt` that do not explicitly include a port number will default to 222; when using `-T targets.txt` (without `-p`), all hosts will use a default of 22.
- - Updated built-in server & client policies for Amazon Linux 2023, Debian 12, Rocky Linux 9, and Ubuntu 22.04 to improve host key efficiency and cipher resistance to quantum attacks.
+ - Now reports ECDSA and DSS fingerprints when in verbose mode; partial credit [Daniel Lenski](https://github.com/dlenskiSB).
 - Added 1 new cipher: `grasshopper-ctr128`.
 - Added 2 new key exchanges: `mlkem768x25519-sha256`, `sntrup761x25519-sha512`.

@@ -172,11 +172,8 @@ class Algorithms:
                        if fc > 0:
                            faults += pow(10, 2 - i) * fc
                    if n not in alg_list:
-                        # Don't recommend certificate or token types; these will only appear in the server's list if they are fully configured & functional on the server.  Also don't recommend 'ext-info-[cs]' nor 'kex-strict-[cs]-v00@openssh.com' key exchanges.
-                        if faults > 0 or \
-                           (alg_type == 'key' and (('-cert-' in n) or (n.startswith('sk-')))) or \
-                           (alg_type == 'kex' and (n.startswith('ext-info-') or n.startswith('kex-strict-'))) or \
-                           empty_version:
+                        # Don't recommend certificate or token types; these will only appear in the server's list if they are fully configured & functional on the server.
+                        if faults > 0 or (alg_type == 'key' and (('-cert-' in n) or (n.startswith('sk-')))) or empty_version:
                            continue
                        rec[sshv][alg_type]['add'][n] = 0
                    else:
@@ -30,20 +30,14 @@ BUILTIN_POLICIES: Dict[str, Dict[str, Union[Optional[str], Optional[List[str]],
    # Amazon Linux 2023
    'Hardened Amazon Linux 2023 (version 1)': {'version': '1', 'changelog': 'Initial version', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},

-    'Hardened Amazon Linux 2023 (version 2)': {'version': '2', 'changelog': 'Re-ordered host keys to prioritize ED25519 due to efficiency.  Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},
-

    # Debian Server 12
    'Hardened Debian 12 (version 1)': {'version': '1', 'changelog': 'Initial version', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},

-    'Hardened Debian 12 (version 2)': {'version': '2', 'changelog': 'Re-ordered host keys to prioritize ED25519 due to efficiency.  Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},
-

    # Rocky Linux 9
    'Hardened Rocky Linux 9 (version 1)': {'version': '1', 'changelog': 'Initial version', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},

-    'Hardened Rocky Linux 9 (version 2)': {'version': '2', 'changelog': 'Re-ordered host keys to prioritize ED25519 due to efficiency.  Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},
-

    # Ubuntu Server policies

@@ -55,8 +49,6 @@ BUILTIN_POLICIES: Dict[str, Dict[str, Union[Optional[str], Optional[List[str]],

    'Hardened Ubuntu Server 22.04 LTS (version 5)': {'version': '5', 'changelog': 'Added kex-strict-s-v00@openssh.com to kex list.', 'banner': None, 'compressions': None, 'host_keys': ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-ed25519'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},

-    'Hardened Ubuntu Server 22.04 LTS (version 6)': {'version': '6', 'changelog': 'Re-ordered host keys to prioritize ED25519 due to efficiency. Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},
-
    'Hardened Ubuntu Server 24.04 LTS (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': ['sk-ssh-ed25519@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'sk-ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com'], 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group16-sha512', 'ext-info-s', 'kex-strict-s-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-512-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': {"rsa-sha2-256": {"hostkey_size": 4096}, "rsa-sha2-256-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "rsa-sha2-512": {"hostkey_size": 4096}, "rsa-sha2-512-cert-v01@openssh.com": {"ca_key_size": 4096, "ca_key_type": "ssh-rsa", "hostkey_size": 4096}, "sk-ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}, "sk-ssh-ed25519@openssh.com": {"hostkey_size": 256}, "ssh-ed25519": {"hostkey_size": 256}, "ssh-ed25519-cert-v01@openssh.com": {"ca_key_size": 256, "ca_key_type": "ssh-ed25519", "hostkey_size": 256}}, 'dh_modulus_sizes': {'diffie-hellman-group-exchange-sha256': 3072}, 'server_policy': True},

    # Generic OpenSSH Server policies
@@ -111,22 +103,16 @@ BUILTIN_POLICIES: Dict[str, Dict[str, Union[Optional[str], Optional[List[str]],

    'Hardened Amazon Linux Client 2023 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False},

-    'Hardened Amazon Linux Client 2023 (version 2)': {'version': '2', 'changelog': 'Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False},
-

    # Debian Client Policies

    'Hardened Debian Client 12 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False},

-    'Hardened Debian Client 12 (version 2)': {'version': '2', 'changelog': 'Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False},
-

    # Rocky Linux Policies

    'Hardened Rocky Linux Client 9 (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False},

-    'Hardened Rocky Linux Client 9 (version 2)': {'version': '2', 'changelog': 'Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False},
-
    # Ubuntu Client policies

    'Hardened Ubuntu Client 16.04 LTS (version 2)': {'version': '2', 'changelog': 'No change log available.', 'banner': None, 'compressions': None, 'host_keys': ['ssh-ed25519', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-256', 'rsa-sha2-512'], 'optional_host_keys': None, 'kex': ['curve25519-sha256@libssh.org', 'diffie-hellman-group-exchange-sha256', 'ext-info-c'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False},
@@ -137,8 +123,6 @@ BUILTIN_POLICIES: Dict[str, Dict[str, Union[Optional[str], Optional[List[str]],

    'Hardened Ubuntu Client 22.04 LTS (version 4)': {'version': '4', 'changelog': 'Added kex-strict-c-v00@openssh.com to kex list.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes128-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False},

-    'Hardened Ubuntu Client 22.04 LTS (version 5)': {'version': '5', 'changelog': 'Re-ordered cipher list to prioritize larger key sizes as a countermeasure to quantum attacks.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False},
-
    'Hardened Ubuntu Client 24.04 LTS (version 1)': {'version': '1', 'changelog': 'Initial version.', 'banner': None, 'compressions': None, 'host_keys': ['sk-ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519-cert-v01@openssh.com', 'rsa-sha2-512-cert-v01@openssh.com', 'rsa-sha2-256-cert-v01@openssh.com', 'sk-ssh-ed25519@openssh.com', 'ssh-ed25519', 'rsa-sha2-512', 'rsa-sha2-256'], 'optional_host_keys': None, 'kex': ['sntrup761x25519-sha512@openssh.com', 'curve25519-sha256', 'curve25519-sha256@libssh.org', 'diffie-hellman-group18-sha512', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group16-sha512', 'ext-info-c', 'kex-strict-c-v00@openssh.com'], 'ciphers': ['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr', 'aes192-ctr', 'aes128-gcm@openssh.com', 'aes128-ctr'], 'macs': ['hmac-sha2-512-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'umac-128-etm@openssh.com'], 'hostkey_sizes': None, 'dh_modulus_sizes': None, 'server_policy': False},

 }
@@ -324,6 +324,12 @@ class DHEat:

            del socket_dict[s]

+        if sys.platform == "win32":
+            DHEat.YELLOWB = "\033[1;93m"
+            DHEat.CLEAR = "\033[0m"
+            print("\n%sUnfortunately, this feature is not currently functional under Windows.%s  This should get fixed in a future release.  See: <https://github.com/jtesta/ssh-audit/issues/261>" % (DHEat.YELLOWB, DHEat.CLEAR))
+            return ""
+
        # Resolve the target into an IP address
        out.d("Resolving target %s..." % aconf.host)
        target_address_family, target_ip_address = DHEat._resolve_hostname(aconf.host, aconf.ip_version_preference)
@@ -437,7 +443,7 @@ class DHEat:
                # out.d("Creating socket (%u of %u already exist)..." % (len(socket_dict), concurrent_sockets), write_now=True)
                ret = s.connect_ex((target_ip_address, aconf.port))
                num_attempted_connections += 1
-                if ret in [0, errno.EINPROGRESS, errno.EWOULDBLOCK]:
+                if ret in [0, errno.EINPROGRESS]:
                    socket_dict[s] = now
                else:
                    out.d("connect_ex() returned: %s (%d)" % (os.strerror(ret), ret), write_now=True)
@@ -22,7 +22,7 @@
   THE SOFTWARE.
 """
 # The version to display.
-VERSION = 'v3.3.0'
+VERSION = 'v3.3.0-dev'

 # SSH software to impersonate
 SSH_HEADER = 'SSH-{0}-OpenSSH_8.2'
@@ -57,7 +57,6 @@ class Policy:
        self._allow_algorithm_subset_and_reordering = False
        self._allow_larger_keys = False
        self._errors: List[Any] = []
-        self._updated_builtin_policy_available = False  # If True, an outdated built-in policy was loaded.

        self._name_and_version: str = ''

@@ -497,11 +496,6 @@ macs = %s
        return self._name_and_version


-    def is_outdated_builtin_policy(self) -> bool:
-        '''Returns True if this is a built-in policy that has a more recent version available than currently selected.'''
-        return self._updated_builtin_policy_available
-
-
    def is_server_policy(self) -> bool:
        '''Returns True if this is a server policy, or False if this is a client policy.'''
        return self._server_policy
@@ -513,46 +507,18 @@ macs = %s
        server_policy_descriptions = []
        client_policy_descriptions = []

-        latest_server_policies: Dict[str, Dict[str, Union[int, str]]] = {}
-        latest_client_policies: Dict[str, Dict[str, Union[int, str]]] = {}
        for policy_name, policy in BUILTIN_POLICIES.items():
-
-            # If not in verbose mode, only store the latest version of each policy.
-            if not verbose:
+            policy_description = ""
+            if verbose:
+                policy_description = "\"{:s}\": {:s}".format(policy_name, policy['changelog'])
+            else:
                policy_description = "\"{:s}\"".format(policy_name)

-                # Truncate the version off the policy name and obtain the version as an integer. (i.e.: "Platform X (version 3)" -> "Platform X", 3
-                policy_name_no_version = ""
-                version = 0
-                version_pos = policy_name.find(" (version ")
-                if version_pos != -1:
-                    policy_name_no_version = policy_name[0:version_pos]
-                    version = int(cast(str, policy['version']))  # Unit tests guarantee this to be parseable as an int.
+            if policy['server_policy']:
+                server_policy_descriptions.append(policy_description)
+            else:
+                client_policy_descriptions.append(policy_description)

-                d = latest_server_policies if policy['server_policy'] else latest_client_policies
-                if policy_name_no_version not in d:
-                    d[policy_name_no_version] = {}
-                    d[policy_name_no_version]['latest_version'] = version
-                    d[policy_name_no_version]['description'] = policy_description
-                elif version > cast(int, d[policy_name_no_version]['latest_version']):  # If an updated version of the policy was found, replace the old one.
-                    d[policy_name_no_version]['latest_version'] = version
-                    d[policy_name_no_version]['description'] = policy_description
-            else:  # In verbose mode, return all policy versions.
-                policy_description = "\"{:s}\": {:s}".format(policy_name, policy['changelog'])
-                if policy['server_policy']:
-                    server_policy_descriptions.append(policy_description)
-                else:
-                    client_policy_descriptions.append(policy_description)
-
-        # Now that we have references to the latest policies only, add their full descriptions to the lists for returning.
-        if not verbose:
-            for _, dd in latest_server_policies.items():
-                server_policy_descriptions.append(cast(str, dd['description']))
-
-            for _, dd in latest_client_policies.items():
-                client_policy_descriptions.append(cast(str, dd['description']))
-
-        # Sort the lists for better readability.
        server_policy_descriptions.sort()
        client_policy_descriptions.sort()
        return server_policy_descriptions, client_policy_descriptions
@@ -583,14 +549,6 @@ macs = %s
            # Ensure this struct has all the necessary fields.
            p._normalize_hostkey_sizes()  # pylint: disable=protected-access

-        # Now check if an updated version of the requested policy exists.  If so, set a warning for the user.
-        if p is not None and p._version is not None:  # pylint: disable=protected-access
-            next_version = str(int(p._version) + 1)  # pylint: disable=protected-access
-            name_version_pos = policy_name.find("(version ")
-            next_version_name = policy_name[0:name_version_pos] + "(version %s)" % next_version
-            if next_version_name in BUILTIN_POLICIES:
-                p._updated_builtin_policy_available = True  # pylint: disable=protected-access
-
        return p


@@ -160,8 +160,8 @@ class SSH2_KexDB:  # pylint: disable=too-few-public-methods
            'ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==': [[], [FAIL_UNPROVEN]],  # sect283k1
            'ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==': [[], [FAIL_UNPROVEN, FAIL_SMALL_ECC_MODULUS]],  # sect233k1
            'ecmqv-sha2': [[], [FAIL_UNPROVEN]],
-            'ext-info-c': [['7.2'], [], [], [INFO_EXTENSION_NEGOTIATION]],  # Extension negotiation (RFC 8308)
-            'ext-info-s': [['9.6'], [], [], [INFO_EXTENSION_NEGOTIATION]],  # Extension negotiation (RFC 8308)
+            'ext-info-c': [[], [], [], [INFO_EXTENSION_NEGOTIATION]],  # Extension negotiation (RFC 8308)
+            'ext-info-s': [[], [], [], [INFO_EXTENSION_NEGOTIATION]],  # Extension negotiation (RFC 8308)
            'kex-strict-c-v00@openssh.com': [[], [], [], [INFO_STRICT_KEX]],  # Strict KEX marker (countermeasure for CVE-2023-48795).
            'kex-strict-s-v00@openssh.com': [[], [], [], [INFO_STRICT_KEX]],  # Strict KEX marker (countermeasure for CVE-2023-48795).

@@ -61,6 +61,7 @@ from ssh_audit.ssh2_kex import SSH2_Kex
 from ssh_audit.ssh2_kexdb import SSH2_KexDB
 from ssh_audit.ssh_socket import SSH_Socket
 from ssh_audit.utils import Utils
+from ssh_audit.versionvulnerabilitydb import VersionVulnerabilityDB


 # no_idna_workaround = False
@@ -68,7 +69,7 @@ from ssh_audit.utils import Utils
 # Only import colorama under Windows.  Other OSes can natively handle terminal colors.
 if sys.platform == 'win32':
    try:
-        from colorama import just_fix_windows_console  # type: ignore
+        from colorama import just_fix_windows_console
        just_fix_windows_console()
    except ImportError:
        pass
@@ -272,18 +273,65 @@ def output_compatibility(out: OutputBuffer, algs: Algorithms, client_audit: bool
        out.good('(gen) compatibility: ' + ', '.join(comp_text))


-def output_security(out: OutputBuffer, banner: Optional[Banner], padlen: int, is_json_output: bool) -> None:
+def output_security_sub(out: OutputBuffer, sub: str, software: Optional[Software], client_audit: bool, padlen: int) -> List[Dict[str, Union[str, float]]]:
+    ret: List[Dict[str, Union[str, float]]] = []
+
+    secdb = VersionVulnerabilityDB.CVE if sub == 'cve' else VersionVulnerabilityDB.TXT
+    if software is None or software.product not in secdb:
+        return ret
+    for line in secdb[software.product]:
+        vfrom: str = ''
+        vtill: str = ''
+        vfrom, vtill = line[0:2]
+        if not software.between_versions(vfrom, vtill):
+            continue
+        target: int = 0
+        name: str = ''
+        target, name = line[2:4]
+        is_server = target & 1 == 1
+        is_client = target & 2 == 2
+        # is_local = target & 4 == 4
+
+        # If this security entry applies only to servers, but we're testing a client, then skip it.  Similarly, skip entries that apply only to clients, but we're testing a server.
+        if (is_server and not is_client and client_audit) or (is_client and not is_server and not client_audit):
+            continue
+        p = '' if out.batch else ' ' * (padlen - len(name))
+        if sub == 'cve':
+            cvss: float = 0.0
+            descr: str = ''
+            cvss, descr = line[4:6]
+
+            # Critical CVSS scores (>= 8.0) are printed as a fail, otherwise they are printed as a warning.
+            out_func = out.warn
+            if cvss >= 8.0:
+                out_func = out.fail
+            out_func('(cve) {}{} -- (CVSSv2: {}) {}'.format(name, p, cvss, descr))
+            ret.append({'name': name, 'cvssv2': cvss, 'description': descr})
+        else:
+            descr = line[4]
+            out.fail('(sec) {}{} -- {}'.format(name, p, descr))
+
+    return ret
+
+
+def output_security(out: OutputBuffer, banner: Optional[Banner], client_audit: bool, padlen: int, is_json_output: bool) -> List[Dict[str, Union[str, float]]]:
+    cves = []

    with out:
-        if (banner is not None) and (banner.protocol[0] == 1):
-            p = '' if out.batch else ' ' * (padlen - 14)
-            out.fail('(sec) SSH v1 enabled{} -- SSH v1 can be exploited to recover plaintext passwords'.format(p))
-
+        if banner is not None:
+            software = Software.parse(banner)
+            cves = output_security_sub(out, 'cve', software, client_audit, padlen)
+            _ = output_security_sub(out, 'txt', software, client_audit, padlen)
+            if banner.protocol[0] == 1:
+                p = '' if out.batch else ' ' * (padlen - 14)
+                out.fail('(sec) SSH v1 enabled{} -- SSH v1 can be exploited to recover plaintext passwords'.format(p))
    if not out.is_section_empty() and not is_json_output:
        out.head('# security')
        out.flush_section()
        out.sep()

+    return cves
+

 def output_fingerprints(out: OutputBuffer, algs: Algorithms, is_json_output: bool) -> None:
    with out:
@@ -336,6 +384,31 @@ def output_fingerprints(out: OutputBuffer, algs: Algorithms, is_json_output: boo
 def output_recommendations(out: OutputBuffer, algs: Algorithms, algorithm_recommendation_suppress_list: List[str], software: Optional[Software], is_json_output: bool, padlen: int = 0) -> bool:

    ret = True
+    # PuTTY's algorithms cannot be modified, so there's no point in issuing recommendations.
+    if (software is not None) and (software.product == Product.PuTTY):
+        max_vuln_version = 0.0
+        max_cvssv2_severity = 0.0
+        # Search the CVE database for the most recent vulnerable version and the max CVSSv2 score.
+        for cve_list in VersionVulnerabilityDB.CVE['PuTTY']:
+            vuln_version = float(cve_list[1])
+            cvssv2_severity = cve_list[4]
+            max_vuln_version = max(vuln_version, max_vuln_version)
+            max_cvssv2_severity = max(cvssv2_severity, max_cvssv2_severity)
+
+        fn = out.warn
+        if max_cvssv2_severity > 8.0:
+            fn = out.fail
+
+        # Assuming that PuTTY versions will always increment by 0.01, we can calculate the first safe version by adding 0.01 to the latest vulnerable version.
+        current_version = float(software.version)
+        upgrade_to_version = max_vuln_version + 0.01
+        if current_version < upgrade_to_version:
+            out.head('# recommendations')
+            fn('(rec) Upgrade to PuTTY v%.2f' % upgrade_to_version)
+            out.sep()
+            ret = False
+        return ret
+
    level_to_output = {
        "informational": out.good,
        "warning": out.warn,
@@ -621,7 +694,7 @@ def output(out: OutputBuffer, aconf: AuditConf, banner: Optional[Banner], header
        out.flush_section()
        out.sep()
    maxlen = algs.maxlen + 1
-    output_security(out, banner, maxlen, aconf.json)
+    cves = output_security(out, banner, client_audit, maxlen, aconf.json)
    # Filled in by output_algorithms() with unidentified algs.
    unknown_algorithms: List[str] = []

@@ -656,7 +729,7 @@ def output(out: OutputBuffer, aconf: AuditConf, banner: Optional[Banner], header
    if aconf.json:
        out.reset()
        # Build & write the JSON struct.
-        out.info(json.dumps(build_struct(aconf.host + ":" + str(aconf.port), banner, kex=kex, client_host=client_host, software=software, algorithms=algs, algorithm_recommendation_suppress_list=algorithm_recommendation_suppress_list, additional_notes=additional_notes), indent=4 if aconf.json_print_indent else None, sort_keys=True))
+        out.info(json.dumps(build_struct(aconf.host + ":" + str(aconf.port), banner, cves, kex=kex, client_host=client_host, software=software, algorithms=algs, algorithm_recommendation_suppress_list=algorithm_recommendation_suppress_list, additional_notes=additional_notes), indent=4 if aconf.json_print_indent else None, sort_keys=True))
    elif len(unknown_algorithms) > 0:  # If we encountered any unknown algorithms, ask the user to report them.
        out.warn("\n\n!!! WARNING: unknown algorithm(s) found!: %s.  If this is the latest version of ssh-audit (see <https://github.com/jtesta/ssh-audit/releases>), please create a new Github issue at <https://github.com/jtesta/ssh-audit/issues> with the full output above.\n" % ','.join(unknown_algorithms))

@@ -670,12 +743,7 @@ def evaluate_policy(out: OutputBuffer, aconf: AuditConf, banner: Optional['Banne

    passed, error_struct, error_str = aconf.policy.evaluate(banner, kex)
    if aconf.json:
-        warnings: List[str] = []
-        if aconf.policy.is_outdated_builtin_policy():
-            warnings.append("A newer version of this built-in policy is available.")
-
-        json_struct = {'host': aconf.host, 'port': aconf.port, 'policy': aconf.policy.get_name_and_version(), 'passed': passed, 'errors': error_struct, 'warnings': warnings}
-
+        json_struct = {'host': aconf.host, 'port': aconf.port, 'policy': aconf.policy.get_name_and_version(), 'passed': passed, 'errors': error_struct}
        out.info(json.dumps(json_struct, indent=4 if aconf.json_print_indent else None, sort_keys=True))
    else:
        spacing = ''
@@ -708,10 +776,6 @@ def evaluate_policy(out: OutputBuffer, aconf: AuditConf, banner: Optional['Banne
            out.fail("%sFailed!" % icon_fail)
            out.warn("\nErrors:\n%s" % error_str)

-        # If the user selected an out-dated built-in policy then issue a warning.
-        if aconf.policy.is_outdated_builtin_policy():
-            out.warn("Note: A newer version of this built-in policy is available.  Use the -L option to view all available versions.")
-
    return passed


@@ -782,9 +846,8 @@ def list_policies(out: OutputBuffer, verbose: bool) -> None:
        out.fail("Error: no built-in policies found!")
    else:
        out.info("\nHint: Use -P and provide the full name of a policy to run a policy scan with.\n")
-        out.info("Hint: Use -L -v to see the change log for each policy, as well as previous versions.\n")
+        out.info("Hint: Use -L -v to also see the change log for each policy.\n")
        out.info("Note: the general OpenSSH policies apply to the official releases only. OS distributions may back-port changes that cause failures (for example, Debian 11 back-ported the strict KEX mode into their package of OpenSSH v8.4, whereas it was only officially added to OpenSSH v9.6 and later).  In these cases, consider creating a custom policy (-M option).\n")
-        out.info("Note: instructions for hardening targets, which correspond to the above policies, can be found at: <https://ssh-audit.com/hardening_guides.html>\n")
    out.write()


@@ -1015,7 +1078,7 @@ def process_commandline(out: OutputBuffer, args: List[str], usage_cb: Callable[.
    return aconf


-def build_struct(target_host: str, banner: Optional['Banner'], kex: Optional['SSH2_Kex'] = None, pkm: Optional['SSH1_PublicKeyMessage'] = None, client_host: Optional[str] = None, software: Optional[Software] = None, algorithms: Optional[Algorithms] = None, algorithm_recommendation_suppress_list: Optional[List[str]] = None, additional_notes: List[str] = []) -> Any:  # pylint: disable=dangerous-default-value
+def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[str, Union[str, float]]], kex: Optional['SSH2_Kex'] = None, pkm: Optional['SSH1_PublicKeyMessage'] = None, client_host: Optional[str] = None, software: Optional[Software] = None, algorithms: Optional[Algorithms] = None, algorithm_recommendation_suppress_list: Optional[List[str]] = None, additional_notes: List[str] = []) -> Any:  # pylint: disable=dangerous-default-value

    def fetch_notes(algorithm: str, alg_type: str) -> Dict[str, List[Optional[str]]]:
        '''Returns a dictionary containing the messages in the "fail", "warn", and "info" levels for this algorithm.'''
@@ -1177,8 +1240,8 @@ def build_struct(target_host: str, banner: Optional['Banner'], kex: Optional['SS
            'fp': pkm_fp,
        }]

-    # Historically, CVE information was returned.  Now we'll just return an empty dictionary so as to not break any legacy clients.
-    res['cves'] = []
+    # Add in the CVE information.
+    res['cves'] = cves

    # Add in the recommendations.
    res['recommendations'] = get_algorithm_recommendations(algorithms, algorithm_recommendation_suppress_list, software, for_server=True)
@@ -0,0 +1,180 @@
+"""
+   The MIT License (MIT)
+
+   Copyright (C) 2017-2020 Joe Testa (jtesta@positronsecurity.com)
+   Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu)
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+"""
+# pylint: disable=unused-import
+from typing import Dict, List, Set, Sequence, Tuple, Iterable  # noqa: F401
+from typing import Callable, Optional, Union, Any  # noqa: F401
+
+
+class VersionVulnerabilityDB:  # pylint: disable=too-few-public-methods
+    # Format: [starting_vuln_version, last_vuln_version, affected, CVE_ID, CVSSv2, description]
+    #   affected: 1 = server, 2 = client, 4 = local
+    #   Example:  if it affects servers, both remote & local, then affected
+    #             = 1.  If it affects servers, but is a local issue only,
+    #             then affected = 1 + 4 = 5.
+    CVE: Dict[str, List[List[Any]]] = {
+        'Dropbear SSH': [
+            ['0.0', '2022.83', 1, 'CVE-2023-48795', 5.9, 'Terrapin attack allows bypassing integrity checks in SSH protocol'],
+            ['0.0', '2020.81', 2, 'CVE-2021-36369', 7.5, 'trivial authentication attack to bypass FIDO tokens and SSH-ASKPASS'],
+            ['0.0', '2018.76', 1, 'CVE-2018-15599', 5.0, 'remote users may enumerate users on the system'],
+            ['0.0', '2017.74', 5, 'CVE-2017-9079', 4.7, 'local users can read certain files as root'],
+            ['0.0', '2017.74', 5, 'CVE-2017-9078', 9.3, 'local users may elevate privileges to root under certain conditions'],
+            ['0.0', '2016.73', 5, 'CVE-2016-7409', 2.1, 'local users can read process memory under limited conditions'],
+            ['0.0', '2016.73', 1, 'CVE-2016-7408', 6.5, 'remote users can execute arbitrary code'],
+            ['0.0', '2016.73', 5, 'CVE-2016-7407', 10.0, 'local users can execute arbitrary code'],
+            ['0.0', '2016.73', 1, 'CVE-2016-7406', 10.0, 'remote users can execute arbitrary code'],
+            ['0.44', '2015.71', 1, 'CVE-2016-3116', 5.5, 'bypass command restrictions via xauth command injection'],
+            ['0.28', '2013.58', 1, 'CVE-2013-4434', 5.0, 'discover valid usernames through different time delays'],
+            ['0.28', '2013.58', 1, 'CVE-2013-4421', 5.0, 'cause DoS via a compressed packet (memory consumption)'],
+            ['0.52', '2011.54', 1, 'CVE-2012-0920', 7.1, 'execute arbitrary code or bypass command restrictions'],
+            ['0.40', '0.48.1',  1, 'CVE-2007-1099', 7.5, 'conduct a MitM attack (no warning for hostkey mismatch)'],
+            ['0.28', '0.47',    1, 'CVE-2006-1206', 7.5, 'cause DoS via large number of connections (slot exhaustion)'],
+            ['0.39', '0.47',    1, 'CVE-2006-0225', 4.6, 'execute arbitrary commands via scp with crafted filenames'],
+            ['0.28', '0.46',    1, 'CVE-2005-4178', 6.5, 'execute arbitrary code via buffer overflow vulnerability'],
+            ['0.28', '0.42',    1, 'CVE-2004-2486', 7.5, 'execute arbitrary code via DSS verification code']],
+        'libssh': [
+            ['0.6.4',   '0.6.4',  1, 'CVE-2018-10933', 6.4, 'authentication bypass'],
+            ['0.7.0',   '0.7.5',  1, 'CVE-2018-10933', 6.4, 'authentication bypass'],
+            ['0.8.0',   '0.8.3',  1, 'CVE-2018-10933', 6.4, 'authentication bypass'],
+            ['0.1',   '0.7.2',  1, 'CVE-2016-0739', 4.3, 'conduct a MitM attack (weakness in DH key generation)'],
+            ['0.5.1', '0.6.4',  1, 'CVE-2015-3146', 5.0, 'cause DoS via kex packets (null pointer dereference)'],
+            ['0.5.1', '0.6.3',  1, 'CVE-2014-8132', 5.0, 'cause DoS via kex init packet (dangling pointer)'],
+            ['0.4.7', '0.6.2',  1, 'CVE-2014-0017', 1.9, 'leak data via PRNG state reuse on forking servers'],
+            ['0.4.7', '0.5.3',  1, 'CVE-2013-0176', 4.3, 'cause DoS via kex packet (null pointer dereference)'],
+            ['0.4.7', '0.5.2',  1, 'CVE-2012-6063', 7.5, 'cause DoS or execute arbitrary code via sftp (double free)'],
+            ['0.4.7', '0.5.2',  1, 'CVE-2012-4562', 7.5, 'cause DoS or execute arbitrary code (overflow check)'],
+            ['0.4.7', '0.5.2',  1, 'CVE-2012-4561', 5.0, 'cause DoS via unspecified vectors (invalid pointer)'],
+            ['0.4.7', '0.5.2',  1, 'CVE-2012-4560', 7.5, 'cause DoS or execute arbitrary code (buffer overflow)'],
+            ['0.4.7', '0.5.2',  1, 'CVE-2012-4559', 6.8, 'cause DoS or execute arbitrary code (double free)']],
+        'OpenSSH': [
+            ['1.0',     '9.6',     1, 'CVE-2023-51767', 7.0, 'Row hammer threat allows authentication bypass in shared DRAM'],
+            ['1.0',     '9.5',     2, 'CVE-2023-51385', 7.0, 'OS command injection through expansion tokens containing shell metacharacters'],
+            ['1.0',     '9.5',     2, 'CVE-2023-51384', 5.5, 'ssh-agent applies destination constraints only to the first PKCS#11 key'],
+            ['1.0',     '9.5',     1, 'CVE-2023-48795', 5.9, 'Terrapin attack allows bypassing integrity checks in SSH protocol'],
+            ['1.0',     '9.2',     1, 'CVE-2023-38408', 9.8, 'PKCS#11 feature has a vulnerable search path in ssh-agent, enabling remote code execution'],
+            ['8.9',     '9.2',     1, 'CVE-2023-28531', 9.8, 'ssh-add improperly adds smartcard keys to ssh-agent, bypassing intended destination restrictions'],
+            ['9.1',     '9.1',     1, 'CVE-2023-25136', 6.5, 'A double-free vulnerability allows unauthenticated remote attackers to potentially execute code by manipulating memory'],
+            ['6.2',     '8.7',     5, 'CVE-2021-41617', 7.0, 'privilege escalation via supplemental groups'],
+            ['1.0',     '8.8',     2, 'CVE-2021-36368', 3.7, 'trivial authentication attack to bypass FIDO tokens and SSH-ASKPASS'],
+            ['8.2',     '8.4',     2, 'CVE-2021-28041', 7.1, 'double free via ssh-agent'],
+            ['1.0',     '8.3',     5, 'CVE-2020-15778', 7.8, 'command injection via anomalous argument transfers'],
+            ['5.7',     '8.3',     2, 'CVE-2020-14145', 5.9, 'information leak via algorithm negotiation'],
+            ['8.2',     '8.2',     2, 'CVE-2020-12062', 7.5, 'arbitrary files overwrite via scp'],
+            ['7.7',     '8.0',     7, 'CVE-2019-16905', 7.8, 'memory corruption and local code execution via pre-authentication integer overflow'],
+            ['1.0',     '7.9',     2, 'CVE-2019-6111',  5.9, 'arbitrary files overwrite via scp'],
+            ['1.0',     '7.9',     2, 'CVE-2019-6110',  6.8, 'output manipulation'],
+            ['1.0',     '7.9',     2, 'CVE-2019-6109',  6.8, 'output manipulation'],
+            ['1.0',     '7.9',     2, 'CVE-2018-20685', 5.3, 'directory permissions modification via scp'],
+            ['5.9',     '7.8',     1, 'CVE-2018-15919', 5.3, 'username enumeration via GS2'],
+            ['1.0',     '7.7',     1, 'CVE-2018-15473', 5.3, 'enumerate usernames due to timing discrepancies'],
+            ['1.2',     '6.292',   1, 'CVE-2017-15906', 5.3, 'readonly bypass via sftp'],
+            ['1.0',     '8.7',     1, 'CVE-2016-20012', 5.3, 'enumerate usernames via challenge response'],
+            ['7.2',     '7.2p2',   1, 'CVE-2016-6515',  7.8, 'cause DoS via long password string (crypt CPU consumption)'],
+            ['1.2.2',   '7.2',     1, 'CVE-2016-3115',  5.5, 'bypass command restrictions via crafted X11 forwarding data'],
+            ['5.4',     '7.1',     1, 'CVE-2016-1907',  5.0, 'cause DoS via crafted network traffic (out of bounds read)'],
+            ['5.4',     '7.1p1',   2, 'CVE-2016-0778',  4.6, 'cause DoS via requesting many forwardings (heap based buffer overflow)'],
+            ['5.0',     '7.1p1',   2, 'CVE-2016-0777',  4.0, 'leak data via allowing transfer of entire buffer'],
+            ['6.0',     '7.2p2',   5, 'CVE-2015-8325',  7.2, 'privilege escalation via triggering crafted environment'],
+            ['6.8',     '6.9',     5, 'CVE-2015-6565',  7.2, 'cause DoS via writing to a device (terminal disruption)'],
+            ['5.0',     '6.9',     5, 'CVE-2015-6564',  6.9, 'privilege escalation via leveraging sshd uid'],
+            ['5.0',     '6.9',     5, 'CVE-2015-6563',  1.9, 'conduct impersonation attack'],
+            ['6.9p1',   '6.9p1',   1, 'CVE-2015-5600',  8.5, 'cause Dos or aid in conduct brute force attack (CPU consumption)'],
+            ['6.0',     '6.6',     1, 'CVE-2015-5352',  4.3, 'bypass access restrictions via a specific connection'],
+            ['6.0',     '6.6',     2, 'CVE-2014-2653',  5.8, 'bypass SSHFP DNS RR check via unacceptable host certificate'],
+            ['5.0',     '6.5',     1, 'CVE-2014-2532',  5.8, 'bypass environment restrictions via specific string before wildcard'],
+            ['1.2',     '6.4',     1, 'CVE-2014-1692',  7.5, 'cause DoS via triggering error condition (memory corruption)'],
+            ['6.2',     '6.3',     1, 'CVE-2013-4548',  6.0, 'bypass command restrictions via crafted packet data'],
+            ['1.2',     '5.6',     1, 'CVE-2012-0814',  3.5, 'leak data via debug messages'],
+            ['1.2',     '5.8',     1, 'CVE-2011-5000',  3.5, 'cause DoS via large value in certain length field (memory consumption)'],
+            ['5.6',     '5.7',     2, 'CVE-2011-0539',  5.0, 'leak data or conduct hash collision attack'],
+            ['1.2',     '6.1',     1, 'CVE-2010-5107',  5.0, 'cause DoS via large number of connections (slot exhaustion)'],
+            ['1.2',     '5.8',     1, 'CVE-2010-4755',  4.0, 'cause DoS via crafted glob expression (CPU and memory consumption)'],
+            ['1.2',     '5.6',     1, 'CVE-2010-4478',  7.5, 'bypass authentication check via crafted values'],
+            ['4.3',     '4.8',     1, 'CVE-2009-2904',  6.9, 'privilege escalation via hard links to setuid programs'],
+            ['4.0',     '5.1',     1, 'CVE-2008-5161',  2.6, 'recover plaintext data from ciphertext'],
+            ['1.2',     '4.6',     1, 'CVE-2008-4109',  5.0, 'cause DoS via multiple login attempts (slot exhaustion)'],
+            ['1.2',     '4.8',     1, 'CVE-2008-1657',  6.5, 'bypass command restrictions via modifying session file'],
+            ['1.2.2',   '4.9',     1, 'CVE-2008-1483',  6.9, 'hijack forwarded X11 connections'],
+            ['4.0',     '4.6',     1, 'CVE-2007-4752',  7.5, 'privilege escalation via causing an X client to be trusted'],
+            ['4.3p2',   '4.3p2',   1, 'CVE-2007-3102',  4.3, 'allow attacker to write random data to audit log'],
+            ['1.2',     '4.6',     1, 'CVE-2007-2243',  5.0, 'discover valid usernames through different responses'],
+            ['4.4',     '4.4',     1, 'CVE-2006-5794',  7.5, 'bypass authentication'],
+            ['4.1',     '4.1p1',   1, 'CVE-2006-5229',  2.6, 'discover valid usernames through different time delays'],
+            ['1.2',     '4.3p2',   1, 'CVE-2006-5052',  5.0, 'discover valid usernames through different responses'],
+            ['1.2',     '4.3p2',   1, 'CVE-2006-5051',  9.3, 'cause DoS or execute arbitrary code (double free)'],
+            ['4.5',     '4.5',     1, 'CVE-2006-4925',  5.0, 'cause DoS via invalid protocol sequence (crash)'],
+            ['1.2',     '4.3p2',   1, 'CVE-2006-4924',  7.8, 'cause DoS via crafted packet (CPU consumption)'],
+            ['3.8.1p1', '3.8.1p1', 1, 'CVE-2006-0883',  5.0, 'cause DoS via connecting multiple times (client connection refusal)'],
+            ['3.0',     '4.2p1',   1, 'CVE-2006-0225',  4.6, 'execute arbitrary code'],
+            ['2.1',     '4.1p1',   1, 'CVE-2005-2798',  5.0, 'leak data about authentication credentials'],
+            ['3.5',     '3.5p1',   1, 'CVE-2004-2760',  6.8, 'leak data through different connection states'],
+            ['2.3',     '3.7.1p2', 1, 'CVE-2004-2069',  5.0, 'cause DoS via large number of connections (slot exhaustion)'],
+            ['3.0',     '3.4p1',   1, 'CVE-2004-0175',  4.3, 'leak data through directory traversal'],
+            ['1.2',     '3.9p1',   1, 'CVE-2003-1562',  7.6, 'leak data about authentication credentials'],
+            ['3.1p1',   '3.7.1p1', 1, 'CVE-2003-0787',  7.5, 'privilege escalation via modifying stack'],
+            ['3.1p1',   '3.7.1p1', 1, 'CVE-2003-0786', 10.0, 'privilege escalation via bypassing authentication'],
+            ['1.0',     '3.7.1',   1, 'CVE-2003-0695',  7.5, 'cause DoS or execute arbitrary code'],
+            ['1.0',     '3.7',     1, 'CVE-2003-0693', 10.0, 'execute arbitrary code'],
+            ['3.0',     '3.6.1p2', 1, 'CVE-2003-0386',  7.5, 'bypass address restrictions for connection'],
+            ['3.1p1',   '3.6.1p1', 1, 'CVE-2003-0190',  5.0, 'discover valid usernames through different time delays'],
+            ['3.2.2',   '3.2.2',   1, 'CVE-2002-0765',  7.5, 'bypass authentication'],
+            ['1.2.2',   '3.3p1',   1, 'CVE-2002-0640', 10.0, 'execute arbitrary code'],
+            ['1.2.2',   '3.3p1',   1, 'CVE-2002-0639', 10.0, 'execute arbitrary code'],
+            ['2.1',     '3.2',     1, 'CVE-2002-0575',  7.5, 'privilege escalation'],
+            ['2.1',     '3.0.2p1', 2, 'CVE-2002-0083', 10.0, 'privilege escalation'],
+            ['3.0',     '3.0p1',   1, 'CVE-2001-1507',  7.5, 'bypass authentication'],
+            ['1.2.3',   '3.0.1p1', 5, 'CVE-2001-0872',  7.2, 'privilege escalation via crafted environment variables'],
+            ['1.2.3',   '2.1.1',   1, 'CVE-2001-0361',  4.0, 'recover plaintext from ciphertext'],
+            ['1.2',     '2.1',     1, 'CVE-2000-0525', 10.0, 'execute arbitrary code (improper privileges)']],
+        'PuTTY': [
+            ['0.68', '0.80', 2, 'CVE-2024-31497', 0.0, 'ecdsa private key recovery by malicious remote server'],
+            ['0.0',  '0.79', 2, 'CVE-2023-48795', 5.9, 'Terrapin attack allows bypassing integrity checks in SSH protocol'],
+            # info for CVE-2021-36367 - only PuTTY up to 0.71 is affected - see https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/reject-trivial-auth.html
+            ['0.0', '0.71', 2, 'CVE-2021-36367', 8.1, 'trivial authentication attack to bypass FIDO tokens and SSH-ASKPASS'],
+            ['0.0', '0.74', 2, 'CVE-2021-33500', 5.0, 'denial of service of the complete windows desktop'],
+            ['0.68', '0.73', 2, 'CVE-2020-14002', 4.3, 'Observable Discrepancy which allows man-in-the-middle attackers to target initial connection attempts'],
+            ['0.54', '0.73', 2, 'CVE-2020-XXXX', 5.0, 'out of bounds memory read'],
+            ['0.0', '0.72', 2, 'CVE-2019-17069', 5.0, 'potential DOS by remote SSHv1 server'],
+            ['0.71', '0.72', 2, 'CVE-2019-17068', 5.0, 'xterm bracketed paste mode command injection'],
+            ['0.52', '0.72', 2, 'CVE-2019-17067', 7.5, 'port rebinding weakness in port forward tunnel handling'],
+            ['0.0', '0.71', 2, 'CVE-2019-XXXX', 5.0, 'undefined vulnerability in obsolete SSHv1 protocol handling'],
+            ['0.0', '0.71', 6, 'CVE-2019-XXXX', 5.0, 'local privilege escalation in Pageant'],
+            ['0.0', '0.70', 2, 'CVE-2019-9898', 7.5, 'potential recycling of random numbers'],
+            ['0.0', '0.70', 2, 'CVE-2019-9897', 5.0, 'multiple denial-of-service issues from writing to the terminal'],
+            ['0.0', '0.70', 6, 'CVE-2019-9896', 4.6, 'local application hijacking through malicious Windows help file'],
+            ['0.0', '0.70', 2, 'CVE-2019-9894', 6.4, 'buffer overflow in RSA key exchange'],
+            ['0.0', '0.69', 6, 'CVE-2016-6167', 4.4, 'local application hijacking through untrusted DLL loading'],
+            ['0.0', '0.67', 2, 'CVE-2017-6542', 7.5, 'buffer overflow in UNIX client that can result in privilege escalation or denial-of-service'],
+            ['0.0', '0.66', 2, 'CVE-2016-2563', 7.5, 'buffer overflow in SCP command-line utility'],
+            ['0.0', '0.65', 2, 'CVE-2015-5309', 4.3, 'integer overflow in terminal-handling code'],
+        ]
+    }
+    TXT: Dict[str, List[List[Any]]] = {
+        'Dropbear SSH': [
+            ['0.28', '0.34', 1, 'remote root exploit', 'remote format string buffer overflow exploit (exploit-db#387)']],
+        'libssh': [
+            ['0.3.3', '0.3.3', 1, 'null pointer check', 'missing null pointer check in "crypt_set_algorithms_server"'],
+            ['0.3.3', '0.3.3', 1, 'integer overflow',   'integer overflow in "buffer_get_data"'],
+            ['0.3.3', '0.3.3', 3, 'heap overflow',      'heap overflow in "packet_decrypt"']]
+    }
@@ -10,7 +10,118 @@
        "none",
        "zlib"
    ],
-    "cves": [],
+    "cves": [
+        {
+            "cvssv2": 7.8,
+            "description": "command injection via anomalous argument transfers",
+            "name": "CVE-2020-15778"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames due to timing discrepancies",
+            "name": "CVE-2018-15473"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "readonly bypass via sftp",
+            "name": "CVE-2017-15906"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames via challenge response",
+            "name": "CVE-2016-20012"
+        },
+        {
+            "cvssv2": 5.5,
+            "description": "bypass command restrictions via crafted X11 forwarding data",
+            "name": "CVE-2016-3115"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "cause DoS via triggering error condition (memory corruption)",
+            "name": "CVE-2014-1692"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "leak data via debug messages",
+            "name": "CVE-2012-0814"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "cause DoS via large value in certain length field (memory consumption)",
+            "name": "CVE-2011-5000"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via large number of connections (slot exhaustion)",
+            "name": "CVE-2010-5107"
+        },
+        {
+            "cvssv2": 4.0,
+            "description": "cause DoS via crafted glob expression (CPU and memory consumption)",
+            "name": "CVE-2010-4755"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "bypass authentication check via crafted values",
+            "name": "CVE-2010-4478"
+        },
+        {
+            "cvssv2": 2.6,
+            "description": "recover plaintext data from ciphertext",
+            "name": "CVE-2008-5161"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via multiple login attempts (slot exhaustion)",
+            "name": "CVE-2008-4109"
+        },
+        {
+            "cvssv2": 6.5,
+            "description": "bypass command restrictions via modifying session file",
+            "name": "CVE-2008-1657"
+        },
+        {
+            "cvssv2": 6.9,
+            "description": "hijack forwarded X11 connections",
+            "name": "CVE-2008-1483"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "privilege escalation via causing an X client to be trusted",
+            "name": "CVE-2007-4752"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "discover valid usernames through different responses",
+            "name": "CVE-2007-2243"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "discover valid usernames through different responses",
+            "name": "CVE-2006-5052"
+        },
+        {
+            "cvssv2": 9.3,
+            "description": "cause DoS or execute arbitrary code (double free)",
+            "name": "CVE-2006-5051"
+        },
+        {
+            "cvssv2": 7.8,
+            "description": "cause DoS via crafted packet (CPU consumption)",
+            "name": "CVE-2006-4924"
+        },
+        {
+            "cvssv2": 4.6,
+            "description": "execute arbitrary code",
+            "name": "CVE-2006-0225"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "leak data about authentication credentials",
+            "name": "CVE-2005-2798"
+        }
+    ],
    "enc": [
        {
            "algorithm": "aes128-cbc",
@@ -6,6 +6,28 @@
 [0;32m(gen) compression: enabled (zlib)[0m

 [0;36m# security[0m
+[0;33m(cve) CVE-2020-15778                      -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
+[0;33m(cve) CVE-2018-15473                      -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
+[0;33m(cve) CVE-2017-15906                      -- (CVSSv2: 5.3) readonly bypass via sftp[0m
+[0;33m(cve) CVE-2016-20012                      -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
+[0;33m(cve) CVE-2016-3115                       -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
+[0;33m(cve) CVE-2014-1692                       -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
+[0;33m(cve) CVE-2012-0814                       -- (CVSSv2: 3.5) leak data via debug messages[0m
+[0;33m(cve) CVE-2011-5000                       -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
+[0;33m(cve) CVE-2010-5107                       -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
+[0;33m(cve) CVE-2010-4755                       -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
+[0;33m(cve) CVE-2010-4478                       -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
+[0;33m(cve) CVE-2008-5161                       -- (CVSSv2: 2.6) recover plaintext data from ciphertext[0m
+[0;33m(cve) CVE-2008-4109                       -- (CVSSv2: 5.0) cause DoS via multiple login attempts (slot exhaustion)[0m
+[0;33m(cve) CVE-2008-1657                       -- (CVSSv2: 6.5) bypass command restrictions via modifying session file[0m
+[0;33m(cve) CVE-2008-1483                       -- (CVSSv2: 6.9) hijack forwarded X11 connections[0m
+[0;33m(cve) CVE-2007-4752                       -- (CVSSv2: 7.5) privilege escalation via causing an X client to be trusted[0m
+[0;33m(cve) CVE-2007-2243                       -- (CVSSv2: 5.0) discover valid usernames through different responses[0m
+[0;33m(cve) CVE-2006-5052                       -- (CVSSv2: 5.0) discover valid usernames through different responses[0m
+[0;31m(cve) CVE-2006-5051                       -- (CVSSv2: 9.3) cause DoS or execute arbitrary code (double free)[0m
+[0;33m(cve) CVE-2006-4924                       -- (CVSSv2: 7.8) cause DoS via crafted packet (CPU consumption)[0m
+[0;33m(cve) CVE-2006-0225                       -- (CVSSv2: 4.6) execute arbitrary code[0m
+[0;33m(cve) CVE-2005-2798                       -- (CVSSv2: 5.0) leak data about authentication credentials[0m
 [0;31m(sec) SSH v1 enabled                      -- SSH v1 can be exploited to recover plaintext passwords[0m

 [0;36m# key exchange algorithms[0m
@@ -3,6 +3,5 @@
    "host": "localhost",
    "passed": true,
    "policy": "Docker policy: test1 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -28,6 +28,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Docker poliicy: test10 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -20,6 +20,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Docker policy: test2 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -19,6 +19,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Docker policy: test3 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -29,6 +29,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Docker policy: test4 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -28,6 +28,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Docker policy: test5 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -3,6 +3,5 @@
    "host": "localhost",
    "passed": true,
    "policy": "Docker poliicy: test7 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -16,6 +16,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Docker poliicy: test8 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -16,6 +16,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Docker poliicy: test9 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -10,7 +10,83 @@
        "none",
        "zlib@openssh.com"
    ],
-    "cves": [],
+    "cves": [
+        {
+            "cvssv2": 7.8,
+            "description": "command injection via anomalous argument transfers",
+            "name": "CVE-2020-15778"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames due to timing discrepancies",
+            "name": "CVE-2018-15473"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "readonly bypass via sftp",
+            "name": "CVE-2017-15906"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames via challenge response",
+            "name": "CVE-2016-20012"
+        },
+        {
+            "cvssv2": 5.5,
+            "description": "bypass command restrictions via crafted X11 forwarding data",
+            "name": "CVE-2016-3115"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via crafted network traffic (out of bounds read)",
+            "name": "CVE-2016-1907"
+        },
+        {
+            "cvssv2": 6.9,
+            "description": "privilege escalation via leveraging sshd uid",
+            "name": "CVE-2015-6564"
+        },
+        {
+            "cvssv2": 1.9,
+            "description": "conduct impersonation attack",
+            "name": "CVE-2015-6563"
+        },
+        {
+            "cvssv2": 5.8,
+            "description": "bypass environment restrictions via specific string before wildcard",
+            "name": "CVE-2014-2532"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "cause DoS via triggering error condition (memory corruption)",
+            "name": "CVE-2014-1692"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "leak data via debug messages",
+            "name": "CVE-2012-0814"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "cause DoS via large value in certain length field (memory consumption)",
+            "name": "CVE-2011-5000"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via large number of connections (slot exhaustion)",
+            "name": "CVE-2010-5107"
+        },
+        {
+            "cvssv2": 4.0,
+            "description": "cause DoS via crafted glob expression (CPU and memory consumption)",
+            "name": "CVE-2010-4755"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "bypass authentication check via crafted values",
+            "name": "CVE-2010-4478"
+        }
+    ],
    "enc": [
        {
            "algorithm": "aes128-ctr",
@@ -4,6 +4,23 @@
 [0;32m(gen) compatibility: OpenSSH 4.7-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

+[0;36m# security[0m
+[0;33m(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
+[0;33m(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp[0m
+[0;33m(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
+[0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
+[0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
+[0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
+[0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
+[0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
+[0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
+[0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
+[0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
+[0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
+[0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
+[0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
+
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
@@ -10,7 +10,83 @@
        "none",
        "zlib@openssh.com"
    ],
-    "cves": [],
+    "cves": [
+        {
+            "cvssv2": 7.8,
+            "description": "command injection via anomalous argument transfers",
+            "name": "CVE-2020-15778"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames due to timing discrepancies",
+            "name": "CVE-2018-15473"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "readonly bypass via sftp",
+            "name": "CVE-2017-15906"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames via challenge response",
+            "name": "CVE-2016-20012"
+        },
+        {
+            "cvssv2": 5.5,
+            "description": "bypass command restrictions via crafted X11 forwarding data",
+            "name": "CVE-2016-3115"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via crafted network traffic (out of bounds read)",
+            "name": "CVE-2016-1907"
+        },
+        {
+            "cvssv2": 6.9,
+            "description": "privilege escalation via leveraging sshd uid",
+            "name": "CVE-2015-6564"
+        },
+        {
+            "cvssv2": 1.9,
+            "description": "conduct impersonation attack",
+            "name": "CVE-2015-6563"
+        },
+        {
+            "cvssv2": 5.8,
+            "description": "bypass environment restrictions via specific string before wildcard",
+            "name": "CVE-2014-2532"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "cause DoS via triggering error condition (memory corruption)",
+            "name": "CVE-2014-1692"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "leak data via debug messages",
+            "name": "CVE-2012-0814"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "cause DoS via large value in certain length field (memory consumption)",
+            "name": "CVE-2011-5000"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via large number of connections (slot exhaustion)",
+            "name": "CVE-2010-5107"
+        },
+        {
+            "cvssv2": 4.0,
+            "description": "cause DoS via crafted glob expression (CPU and memory consumption)",
+            "name": "CVE-2010-4755"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "bypass authentication check via crafted values",
+            "name": "CVE-2010-4478"
+        }
+    ],
    "enc": [
        {
            "algorithm": "aes128-ctr",
@@ -4,6 +4,23 @@
 [0;32m(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

+[0;36m# security[0m
+[0;33m(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
+[0;33m(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp[0m
+[0;33m(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
+[0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
+[0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
+[0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
+[0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
+[0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
+[0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
+[0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
+[0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
+[0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
+[0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
+[0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
+
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
@@ -10,7 +10,83 @@
        "none",
        "zlib@openssh.com"
    ],
-    "cves": [],
+    "cves": [
+        {
+            "cvssv2": 7.8,
+            "description": "command injection via anomalous argument transfers",
+            "name": "CVE-2020-15778"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames due to timing discrepancies",
+            "name": "CVE-2018-15473"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "readonly bypass via sftp",
+            "name": "CVE-2017-15906"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames via challenge response",
+            "name": "CVE-2016-20012"
+        },
+        {
+            "cvssv2": 5.5,
+            "description": "bypass command restrictions via crafted X11 forwarding data",
+            "name": "CVE-2016-3115"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via crafted network traffic (out of bounds read)",
+            "name": "CVE-2016-1907"
+        },
+        {
+            "cvssv2": 6.9,
+            "description": "privilege escalation via leveraging sshd uid",
+            "name": "CVE-2015-6564"
+        },
+        {
+            "cvssv2": 1.9,
+            "description": "conduct impersonation attack",
+            "name": "CVE-2015-6563"
+        },
+        {
+            "cvssv2": 5.8,
+            "description": "bypass environment restrictions via specific string before wildcard",
+            "name": "CVE-2014-2532"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "cause DoS via triggering error condition (memory corruption)",
+            "name": "CVE-2014-1692"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "leak data via debug messages",
+            "name": "CVE-2012-0814"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "cause DoS via large value in certain length field (memory consumption)",
+            "name": "CVE-2011-5000"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via large number of connections (slot exhaustion)",
+            "name": "CVE-2010-5107"
+        },
+        {
+            "cvssv2": 4.0,
+            "description": "cause DoS via crafted glob expression (CPU and memory consumption)",
+            "name": "CVE-2010-4755"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "bypass authentication check via crafted values",
+            "name": "CVE-2010-4478"
+        }
+    ],
    "enc": [
        {
            "algorithm": "aes128-ctr",
@@ -4,6 +4,23 @@
 [0;32m(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

+[0;36m# security[0m
+[0;33m(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
+[0;33m(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp[0m
+[0;33m(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
+[0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
+[0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
+[0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
+[0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
+[0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
+[0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
+[0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
+[0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
+[0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
+[0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
+[0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
+
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
@@ -10,7 +10,83 @@
        "none",
        "zlib@openssh.com"
    ],
-    "cves": [],
+    "cves": [
+        {
+            "cvssv2": 7.8,
+            "description": "command injection via anomalous argument transfers",
+            "name": "CVE-2020-15778"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames due to timing discrepancies",
+            "name": "CVE-2018-15473"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "readonly bypass via sftp",
+            "name": "CVE-2017-15906"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames via challenge response",
+            "name": "CVE-2016-20012"
+        },
+        {
+            "cvssv2": 5.5,
+            "description": "bypass command restrictions via crafted X11 forwarding data",
+            "name": "CVE-2016-3115"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via crafted network traffic (out of bounds read)",
+            "name": "CVE-2016-1907"
+        },
+        {
+            "cvssv2": 6.9,
+            "description": "privilege escalation via leveraging sshd uid",
+            "name": "CVE-2015-6564"
+        },
+        {
+            "cvssv2": 1.9,
+            "description": "conduct impersonation attack",
+            "name": "CVE-2015-6563"
+        },
+        {
+            "cvssv2": 5.8,
+            "description": "bypass environment restrictions via specific string before wildcard",
+            "name": "CVE-2014-2532"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "cause DoS via triggering error condition (memory corruption)",
+            "name": "CVE-2014-1692"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "leak data via debug messages",
+            "name": "CVE-2012-0814"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "cause DoS via large value in certain length field (memory consumption)",
+            "name": "CVE-2011-5000"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via large number of connections (slot exhaustion)",
+            "name": "CVE-2010-5107"
+        },
+        {
+            "cvssv2": 4.0,
+            "description": "cause DoS via crafted glob expression (CPU and memory consumption)",
+            "name": "CVE-2010-4755"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "bypass authentication check via crafted values",
+            "name": "CVE-2010-4478"
+        }
+    ],
    "enc": [
        {
            "algorithm": "aes128-ctr",
@@ -4,6 +4,23 @@
 [0;32m(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

+[0;36m# security[0m
+[0;33m(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
+[0;33m(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp[0m
+[0;33m(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
+[0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
+[0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
+[0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
+[0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
+[0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
+[0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
+[0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
+[0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
+[0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
+[0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
+[0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
+
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
@@ -10,7 +10,83 @@
        "none",
        "zlib@openssh.com"
    ],
-    "cves": [],
+    "cves": [
+        {
+            "cvssv2": 7.8,
+            "description": "command injection via anomalous argument transfers",
+            "name": "CVE-2020-15778"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames due to timing discrepancies",
+            "name": "CVE-2018-15473"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "readonly bypass via sftp",
+            "name": "CVE-2017-15906"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames via challenge response",
+            "name": "CVE-2016-20012"
+        },
+        {
+            "cvssv2": 5.5,
+            "description": "bypass command restrictions via crafted X11 forwarding data",
+            "name": "CVE-2016-3115"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via crafted network traffic (out of bounds read)",
+            "name": "CVE-2016-1907"
+        },
+        {
+            "cvssv2": 6.9,
+            "description": "privilege escalation via leveraging sshd uid",
+            "name": "CVE-2015-6564"
+        },
+        {
+            "cvssv2": 1.9,
+            "description": "conduct impersonation attack",
+            "name": "CVE-2015-6563"
+        },
+        {
+            "cvssv2": 5.8,
+            "description": "bypass environment restrictions via specific string before wildcard",
+            "name": "CVE-2014-2532"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "cause DoS via triggering error condition (memory corruption)",
+            "name": "CVE-2014-1692"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "leak data via debug messages",
+            "name": "CVE-2012-0814"
+        },
+        {
+            "cvssv2": 3.5,
+            "description": "cause DoS via large value in certain length field (memory consumption)",
+            "name": "CVE-2011-5000"
+        },
+        {
+            "cvssv2": 5.0,
+            "description": "cause DoS via large number of connections (slot exhaustion)",
+            "name": "CVE-2010-5107"
+        },
+        {
+            "cvssv2": 4.0,
+            "description": "cause DoS via crafted glob expression (CPU and memory consumption)",
+            "name": "CVE-2010-4755"
+        },
+        {
+            "cvssv2": 7.5,
+            "description": "bypass authentication check via crafted values",
+            "name": "CVE-2010-4478"
+        }
+    ],
    "enc": [
        {
            "algorithm": "aes128-ctr",
@@ -4,6 +4,23 @@
 [0;32m(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

+[0;36m# security[0m
+[0;33m(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
+[0;33m(cve) CVE-2017-15906                        -- (CVSSv2: 5.3) readonly bypass via sftp[0m
+[0;33m(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
+[0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
+[0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
+[0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
+[0;33m(cve) CVE-2015-6563                         -- (CVSSv2: 1.9) conduct impersonation attack[0m
+[0;33m(cve) CVE-2014-2532                         -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard[0m
+[0;33m(cve) CVE-2014-1692                         -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
+[0;33m(cve) CVE-2012-0814                         -- (CVSSv2: 3.5) leak data via debug messages[0m
+[0;33m(cve) CVE-2011-5000                         -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)[0m
+[0;33m(cve) CVE-2010-5107                         -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)[0m
+[0;33m(cve) CVE-2010-4755                         -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)[0m
+[0;33m(cve) CVE-2010-4478                         -- (CVSSv2: 7.5) bypass authentication check via crafted values[0m
+
 [0;36m# key exchange algorithms[0m
 [0;31m(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus[0m
                                                      `- [info] available since OpenSSH 4.4
@@ -40,6 +40,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Hardened OpenSSH Server v8.0 (version 4)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -63,6 +63,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Hardened OpenSSH Server v8.0 (version 4)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -3,6 +3,5 @@
    "host": "localhost",
    "passed": true,
    "policy": "Docker policy: test11 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -40,6 +40,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Docker policy: test12 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -3,6 +3,5 @@
    "host": "localhost",
    "passed": true,
    "policy": "Docker policy: test13 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -16,6 +16,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Docker policy: test14 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -3,6 +3,5 @@
    "host": "localhost",
    "passed": true,
    "policy": "Docker policy: test15 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -83,6 +83,5 @@
    "host": "localhost",
    "passed": false,
    "policy": "Docker policy: test16 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -3,6 +3,5 @@
    "host": "localhost",
    "passed": true,
    "policy": "Docker policy: test17 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -3,6 +3,5 @@
    "host": "localhost",
    "passed": true,
    "policy": "Docker policy: test6 (version 1)",
-    "port": 2222,
-    "warnings": []
+    "port": 2222
 }
@@ -10,7 +10,28 @@
        "none",
        "zlib@openssh.com"
    ],
-    "cves": [],
+    "cves": [
+        {
+            "cvssv2": 7.0,
+            "description": "privilege escalation via supplemental groups",
+            "name": "CVE-2021-41617"
+        },
+        {
+            "cvssv2": 7.8,
+            "description": "command injection via anomalous argument transfers",
+            "name": "CVE-2020-15778"
+        },
+        {
+            "cvssv2": 7.8,
+            "description": "memory corruption and local code execution via pre-authentication integer overflow",
+            "name": "CVE-2019-16905"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames via challenge response",
+            "name": "CVE-2016-20012"
+        }
+    ],
    "enc": [
        {
            "algorithm": "chacha20-poly1305@openssh.com",
@@ -4,6 +4,12 @@
 [0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2020.79+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

+[0;36m# security[0m
+[0;33m(cve) CVE-2021-41617                        -- (CVSSv2: 7.0) privilege escalation via supplemental groups[0m
+[0;33m(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
+[0;33m(cve) CVE-2019-16905                        -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow[0m
+[0;33m(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
+
 [0;36m# key exchange algorithms[0m
 [0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m                                            `- [info] default key exchange from OpenSSH 7.4 to 8.9[0m
@@ -10,7 +10,28 @@
        "none",
        "zlib@openssh.com"
    ],
-    "cves": [],
+    "cves": [
+        {
+            "cvssv2": 7.0,
+            "description": "privilege escalation via supplemental groups",
+            "name": "CVE-2021-41617"
+        },
+        {
+            "cvssv2": 7.8,
+            "description": "command injection via anomalous argument transfers",
+            "name": "CVE-2020-15778"
+        },
+        {
+            "cvssv2": 7.8,
+            "description": "memory corruption and local code execution via pre-authentication integer overflow",
+            "name": "CVE-2019-16905"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames via challenge response",
+            "name": "CVE-2016-20012"
+        }
+    ],
    "enc": [
        {
            "algorithm": "chacha20-poly1305@openssh.com",
@@ -4,6 +4,12 @@
 [0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2020.79+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

+[0;36m# security[0m
+[0;33m(cve) CVE-2021-41617                        -- (CVSSv2: 7.0) privilege escalation via supplemental groups[0m
+[0;33m(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
+[0;33m(cve) CVE-2019-16905                        -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow[0m
+[0;33m(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
+
 [0;36m# key exchange algorithms[0m
 [0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m                                            `- [info] default key exchange from OpenSSH 7.4 to 8.9[0m
@@ -10,7 +10,28 @@
        "none",
        "zlib@openssh.com"
    ],
-    "cves": [],
+    "cves": [
+        {
+            "cvssv2": 7.0,
+            "description": "privilege escalation via supplemental groups",
+            "name": "CVE-2021-41617"
+        },
+        {
+            "cvssv2": 7.8,
+            "description": "command injection via anomalous argument transfers",
+            "name": "CVE-2020-15778"
+        },
+        {
+            "cvssv2": 7.8,
+            "description": "memory corruption and local code execution via pre-authentication integer overflow",
+            "name": "CVE-2019-16905"
+        },
+        {
+            "cvssv2": 5.3,
+            "description": "enumerate usernames via challenge response",
+            "name": "CVE-2016-20012"
+        }
+    ],
    "enc": [
        {
            "algorithm": "chacha20-poly1305@openssh.com",
@@ -4,6 +4,12 @@
 [0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2020.79+[0m
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

+[0;36m# security[0m
+[0;33m(cve) CVE-2021-41617                        -- (CVSSv2: 7.0) privilege escalation via supplemental groups[0m
+[0;33m(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
+[0;33m(cve) CVE-2019-16905                        -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow[0m
+[0;33m(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
+
 [0;36m# key exchange algorithms[0m
 [0;32m(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
 [0;32m                                            `- [info] default key exchange from OpenSSH 7.4 to 8.9[0m
@@ -36,7 +36,7 @@ def test_prevent_runtime_error_regression(ssh_audit, kex):
    kex.set_host_key("ssh-rsa7", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)
    kex.set_host_key("ssh-rsa8", b"\x00\x00\x00\x07ssh-rsa\x00\x00\x00", 1024, '', 0)

-    rv = ssh_audit.build_struct('localhost', None, kex=kex)
+    rv = ssh_audit.build_struct('localhost', None, [], kex=kex)

    assert len(rv["fingerprints"]) == (9 * 2)  # Each host key generates two hash fingerprints: one using SHA256, and one using MD5.

@@ -52,14 +52,6 @@ class TestPolicy:
            version_str = " (version %s)" % BUILTIN_POLICIES[policy_name]['version']
            assert policy_name.endswith(version_str)

-            # Ensure version field is a string, but can be parsed as an integer.
-            version_field = BUILTIN_POLICIES[policy_name]['version']
-            assert type(version_field) is str
-            try:
-                int(version_field)
-            except ValueError:
-                assert False, "version field of %s policy is not parseable as an integer." % policy_name
-
            # Ensure no extra fields are present.
            assert len(required_fields) == len(BUILTIN_POLICIES[policy_name])

@@ -139,7 +139,7 @@ class TestSSH1:
        self.audit(out, self._conf())
        out.write()
        lines = output_spy.flush()
-        assert len(lines) == 13
+        assert len(lines) == 21

    def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket):
        vsocket = virtual_socket
@@ -154,7 +154,7 @@ class TestSSH1:
        out.write()
        assert ret != 0
        lines = output_spy.flush()
-        assert len(lines) == 6
+        assert len(lines) == 14
        assert 'unknown message' in lines[-1]

    def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket):
@@ -165,7 +165,7 @@ class TestSSH2:
        self.audit(out, self._conf())
        out.write()
        lines = output_spy.flush()
-        assert len(lines) == 78
+        assert len(lines) == 83

    def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket):
        vsocket = virtual_socket
@@ -179,7 +179,7 @@ class TestSSH2:
        out.write()
        assert ret != 0
        lines = output_spy.flush()
-        assert len(lines) == 4
+        assert len(lines) == 9
        assert 'unknown message' in lines[-1]

    def test_ssh2_gss_kex(self, output_spy, virtual_socket):
Author	SHA1	Message	Date
Manfred Kaiser	0c5c0f8771	Merge `3116c2e678` into `3b8a75e407`	2024-09-26 11:32:06 +02:00
Manfred Kaiser	3116c2e678	Update versionvulnerabilitydb.py	2024-05-09 16:50:44 +02:00