Andris Raugulis

OK, and also, please, let me know if You give up, so this issue shouldn't stay open forever.

That could be the case, as I have set-up very small timeout limits (3 seconds for connection, 5 seconds for reading data) to use it for bulk scans and receive...

Option could be added, just have to think about the naming and design, e.g., will that include two options (connection and read timeout) or a single one; how to specify...

Good question. It exists (_see below_) and actually it's one of improvements I've planed. Haven't just figured what would be the best way to _show_ that in output. From https://tools.ietf.org/html/rfc4253:...

Yes, this is bug. Thanks for the report, will fix this. For now, as a workaround, You could use: ```./ssh-audit.py -p 22 2000:100:100:1::3```

- [ ] find all related CVE's - [ ] OpenSSH - [x] DropbearSSH - [ ] go through ChangeLog for security issues, which doesn't have assigned CVE - [...

Good tip, @blindfuzzy . As I don't want to rely on external modules/scripts/dependencies, I could use this for double-checking (as existing database). Also, maybe I could add it as optional...

Dropbear SSH CVE's: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=dropbear Correspond exactly to ChangeLog: https://matt.ucc.asn.au/dropbear/CHANGES [cve-search](https://github.com/cve-search/cve-search) is missing CVE-2006-0225 (probably, due to being attributed to OpenSSH).

Security sections for Dropbear SSH (already released) and libssh are done (release next week). Only OpenSSH is left as TODO.

Currently this tool has pretty standard behavior - exits with 0 on success and with 1 if something failed (connection, data, etc). I don't think it is wise to change...