summaryrefslogtreecommitdiffstats
path: root/test/docker/expected_results
diff options
context:
space:
mode:
Diffstat (limited to 'test/docker/expected_results')
-rw-r--r--test/docker/expected_results/dropbear_2019.78_test1.json1
-rw-r--r--test/docker/expected_results/dropbear_2019.78_test1.txt88
-rw-r--r--test/docker/expected_results/openssh_4.0p1_test1.json1
-rw-r--r--test/docker/expected_results/openssh_4.0p1_test1.txt145
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test1.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test1.txt3
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test10.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test10.txt13
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test2.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test2.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test3.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test3.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test4.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test4.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test5.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test5.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test7.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test7.txt3
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test8.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test8.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test9.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_custom_policy_test9.txt9
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test1.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test1.txt153
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test2.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test2.txt153
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test3.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test3.txt153
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test4.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test4.txt152
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test5.json1
-rw-r--r--test/docker/expected_results/openssh_5.6p1_test5.txt151
-rw-r--r--test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.txt3
-rw-r--r--test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt9
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test11.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test11.txt3
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test12.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test12.txt17
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test13.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test13.txt3
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test14.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test14.txt9
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test6.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_custom_policy_test6.txt3
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test1.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test1.txt85
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test2.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test2.txt77
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test3.json1
-rw-r--r--test/docker/expected_results/openssh_8.0p1_test3.txt38
-rw-r--r--test/docker/expected_results/tinyssh_20190101_test1.json1
-rw-r--r--test/docker/expected_results/tinyssh_20190101_test1.txt25
54 files changed, 1367 insertions, 0 deletions
diff --git a/test/docker/expected_results/dropbear_2019.78_test1.json b/test/docker/expected_results/dropbear_2019.78_test1.json
new file mode 100644
index 0000000..186cb06
--- /dev/null
+++ b/test/docker/expected_results/dropbear_2019.78_test1.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-dropbear_2019.78", "software": "dropbear_2019.78"}, "compression": ["zlib@openssh.com", "none"], "enc": ["aes128-ctr", "aes256-ctr", "aes128-cbc", "aes256-cbc", "3des-ctr", "3des-cbc"], "fingerprints": [{"hash": "CDfAU12pjQS7/91kg7gYacza0U/6PDbE04Ic3IpYxkM", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "63:7f:54:f7:0a:28:7f:75:0b:f4:07:0b:fc:66:51:a2", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "curve25519-sha256"}, {"algorithm": "curve25519-sha256@libssh.org"}, {"algorithm": "ecdh-sha2-nistp521"}, {"algorithm": "ecdh-sha2-nistp384"}, {"algorithm": "ecdh-sha2-nistp256"}, {"algorithm": "diffie-hellman-group14-sha256"}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "kexguess2@matt.ucc.asn.au"}], "key": [{"algorithm": "ecdsa-sha2-nistp256"}, {"algorithm": "ssh-rsa", "keysize": 1024}, {"algorithm": "ssh-dss"}], "mac": ["hmac-sha1-96", "hmac-sha1", "hmac-sha2-256"], "target": "localhost"}
diff --git a/test/docker/expected_results/dropbear_2019.78_test1.txt b/test/docker/expected_results/dropbear_2019.78_test1.txt
new file mode 100644
index 0000000..93205f4
--- /dev/null
+++ b/test/docker/expected_results/dropbear_2019.78_test1.txt
@@ -0,0 +1,88 @@
+# general
+(gen) banner: SSH-2.0-dropbear_2019.78
+(gen) software: Dropbear SSH 2019.78
+(gen) compatibility: OpenSSH 7.4+ (some functionality from 6.6), Dropbear SSH 2018.76+
+(gen) compression: enabled (zlib@openssh.com)
+
+# key exchange algorithms
+(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
+(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) kexguess2@matt.ucc.asn.au -- [info] available since Dropbear SSH 2013.57
+
+# host-key algorithms
+(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
+ `- [warn] using weak random number generator could reveal the key
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-dss -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
+ `- [warn] using weak random number generator could reveal the key
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) 3des-ctr -- [fail] using weak cipher
+ `- [info] available since Dropbear SSH 0.52
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+
+# message authentication code algorithms
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+
+# fingerprints
+(fin) ssh-rsa: SHA256:CDfAU12pjQS7/91kg7gYacza0U/6PDbE04Ic3IpYxkM
+
+# algorithm recommendations (for Dropbear SSH 2019.78)
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -3des-ctr -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove 
+(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -ssh-dss -- key algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append 
+(rec) +twofish128-ctr -- enc algorithm to append 
+(rec) +twofish256-ctr -- enc algorithm to append 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -hmac-sha2-256 -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_4.0p1_test1.json b/test/docker/expected_results/openssh_4.0p1_test1.json
new file mode 100644
index 0000000..33e63cf
--- /dev/null
+++ b/test/docker/expected_results/openssh_4.0p1_test1.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [1, 99], "raw": "SSH-1.99-OpenSSH_4.0", "software": "OpenSSH_4.0"}, "compression": ["none", "zlib"], "enc": ["aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "arcfour", "aes192-cbc", "aes256-cbc", "rijndael-cbc@lysator.liu.se", "aes128-ctr", "aes192-ctr", "aes256-ctr"], "fingerprints": [{"hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 1024}, {"algorithm": "ssh-dss"}], "mac": ["hmac-md5", "hmac-sha1", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_4.0p1_test1.txt b/test/docker/expected_results/openssh_4.0p1_test1.txt
new file mode 100644
index 0000000..419105a
--- /dev/null
+++ b/test/docker/expected_results/openssh_4.0p1_test1.txt
@@ -0,0 +1,145 @@
+# general
+(gen) banner: SSH-1.99-OpenSSH_4.0
+(gen) protocol SSH1 enabled
+(gen) software: OpenSSH 4.0
+(gen) compatibility: OpenSSH 3.9-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+(cve) CVE-2008-5161 -- (CVSSv2: 2.6) recover plaintext data from ciphertext
+(cve) CVE-2008-4109 -- (CVSSv2: 5.0) cause DoS via multiple login attempts (slot exhaustion)
+(cve) CVE-2008-1657 -- (CVSSv2: 6.5) bypass command restrictions via modifying session file
+(cve) CVE-2008-1483 -- (CVSSv2: 6.9) hijack forwarded X11 connections
+(cve) CVE-2007-4752 -- (CVSSv2: 7.5) privilege escalation via causing an X client to be trusted
+(cve) CVE-2007-2243 -- (CVSSv2: 5.0) discover valid usernames through different responses
+(cve) CVE-2006-5052 -- (CVSSv2: 5.0) discover valid usernames through different responses
+(cve) CVE-2006-5051 -- (CVSSv2: 9.3) cause DoS or execute arbitrary code (double free)
+(cve) CVE-2006-4924 -- (CVSSv2: 7.8) cause DoS via crafted packet (CPU consumption)
+(cve) CVE-2006-0225 -- (CVSSv2: 4.6) execute arbitrary code
+(cve) CVE-2005-2798 -- (CVSSv2: 5.0) leak data about authentication credentials
+(sec) SSH v1 enabled -- SSH v1 can be exploited to recover plaintext passwords
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-dss -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
+ `- [warn] using weak random number generator could reveal the key
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+
+# encryption algorithms (ciphers)
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4
+
+# algorithm recommendations (for OpenSSH 4.0)
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-dss -- key algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.json
new file mode 100644
index 0000000..52d9e38
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test1 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.txt
new file mode 100644
index 0000000..01146f8
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test1.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Docker policy: test1 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.json
new file mode 100644
index 0000000..7bf35ae
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["3072"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA host key (ssh-rsa-cert-v01@openssh.com) sizes"}, {"actual": ["1024"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes"}], "host": "localhost", "passed": false, "policy": "Docker poliicy: test10 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.txt
new file mode 100644
index 0000000..7f8befc
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test10.txt
@@ -0,0 +1,13 @@
+Host: localhost:2222
+Policy: Docker poliicy: test10 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
+ - Expected: 4096
+ - Actual: 1024
+
+ * RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
+ - Expected: 4096
+ - Actual: 3072
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.json
new file mode 100644
index 0000000..4d39f6a
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"], "expected_optional": [""], "expected_required": ["kex_alg1", "kex_alg2"], "mismatched_field": "Key exchanges"}], "host": "localhost", "passed": false, "policy": "Docker policy: test2 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.txt
new file mode 100644
index 0000000..e88e44b
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test2.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker policy: test2 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * Key exchanges did not match.
+ - Expected: kex_alg1, kex_alg2
+ - Actual: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.json
new file mode 100644
index 0000000..519fc40
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["ssh-rsa", "ssh-dss"], "expected_optional": [""], "expected_required": ["ssh-rsa", "ssh-dss", "key_alg1"], "mismatched_field": "Host keys"}], "host": "localhost", "passed": false, "policy": "Docker policy: test3 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.txt
new file mode 100644
index 0000000..cf7eefc
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test3.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker policy: test3 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * Host keys did not match.
+ - Expected: ssh-rsa, ssh-dss, key_alg1
+ - Actual: ssh-rsa, ssh-dss
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.json
new file mode 100644
index 0000000..83db23b
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "expected_optional": [""], "expected_required": ["cipher_alg1", "cipher_alg2"], "mismatched_field": "Ciphers"}], "host": "localhost", "passed": false, "policy": "Docker policy: test4 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.txt
new file mode 100644
index 0000000..514b715
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test4.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker policy: test4 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * Ciphers did not match.
+ - Expected: cipher_alg1, cipher_alg2
+ - Actual: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.json
new file mode 100644
index 0000000..3fbfe09
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "expected_optional": [""], "expected_required": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac_alg1", "hmac-md5-96"], "mismatched_field": "MACs"}], "host": "localhost", "passed": false, "policy": "Docker policy: test5 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.txt
new file mode 100644
index 0000000..746ca8c
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test5.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker policy: test5 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * MACs did not match.
+ - Expected: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac_alg1, hmac-md5-96
+ - Actual: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160, hmac-ripemd160@openssh.com, hmac-sha1-96, hmac-md5-96
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.json
new file mode 100644
index 0000000..cb4b860
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Docker poliicy: test7 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.txt
new file mode 100644
index 0000000..4014b23
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test7.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Docker poliicy: test7 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.json
new file mode 100644
index 0000000..a7fa650
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["1024"], "expected_optional": [""], "expected_required": ["2048"], "mismatched_field": "RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes"}], "host": "localhost", "passed": false, "policy": "Docker poliicy: test8 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.txt
new file mode 100644
index 0000000..36dceba
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test8.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker poliicy: test8 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * RSA CA key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
+ - Expected: 2048
+ - Actual: 1024
+
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.json b/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.json
new file mode 100644
index 0000000..6e9faec
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["3072"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA host key (ssh-rsa-cert-v01@openssh.com) sizes"}], "host": "localhost", "passed": false, "policy": "Docker poliicy: test9 (version 1)"}
diff --git a/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.txt b/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.txt
new file mode 100644
index 0000000..fc91c9f
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_custom_policy_test9.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker poliicy: test9 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * RSA host key (ssh-rsa-cert-v01@openssh.com) sizes did not match.
+ - Expected: 4096
+ - Actual: 3072
+
diff --git a/test/docker/expected_results/openssh_5.6p1_test1.json b/test/docker/expected_results/openssh_5.6p1_test1.json
new file mode 100644
index 0000000..f189bd8
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test1.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6"}, "compression": ["none", "zlib@openssh.com"], "enc": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "fingerprints": [{"hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024}, {"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 1024}, {"algorithm": "ssh-dss"}], "mac": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_5.6p1_test1.txt b/test/docker/expected_results/openssh_5.6p1_test1.txt
new file mode 100644
index 0000000..014d7e7
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test1.txt
@@ -0,0 +1,153 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_5.6
+(gen) software: OpenSSH 5.6
+(gen) compatibility: OpenSSH 4.7-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib@openssh.com)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
+(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
+(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack
+(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-dss -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
+ `- [warn] using weak random number generator could reveal the key
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4
+
+# algorithm recommendations (for OpenSSH 5.6)
+(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) 
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -arcfour128 -- enc algorithm to remove 
+(rec) -arcfour256 -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-dss -- key algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_5.6p1_test2.json b/test/docker/expected_results/openssh_5.6p1_test2.json
new file mode 100644
index 0000000..64d1590
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test2.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6"}, "compression": ["none", "zlib@openssh.com"], "enc": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "fingerprints": [{"hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024}, {"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 1024}, {"algorithm": "ssh-rsa-cert-v01@openssh.com", "casize": 1024, "keysize": 1024}], "mac": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_5.6p1_test2.txt b/test/docker/expected_results/openssh_5.6p1_test2.txt
new file mode 100644
index 0000000..2a6825f
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test2.txt
@@ -0,0 +1,153 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_5.6
+(gen) software: OpenSSH 5.6
+(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib@openssh.com)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
+(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
+(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack
+(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 5.6
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4
+
+# algorithm recommendations (for OpenSSH 5.6)
+(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) 
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -arcfour128 -- enc algorithm to remove 
+(rec) -arcfour256 -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_5.6p1_test3.json b/test/docker/expected_results/openssh_5.6p1_test3.json
new file mode 100644
index 0000000..db22eed
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test3.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6"}, "compression": ["none", "zlib@openssh.com"], "enc": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "fingerprints": [{"hash": "YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "3c:c3:38:f8:55:39:c0:4a:5a:17:89:60:2c:a1:fc:6a", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024}, {"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 1024}, {"algorithm": "ssh-rsa-cert-v01@openssh.com", "casize": 3072, "keysize": 1024}], "mac": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_5.6p1_test3.txt b/test/docker/expected_results/openssh_5.6p1_test3.txt
new file mode 100644
index 0000000..657b22e
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test3.txt
@@ -0,0 +1,153 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_5.6
+(gen) software: OpenSSH 5.6
+(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib@openssh.com)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
+(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
+(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack
+(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (1024-bit) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-rsa-cert-v01@openssh.com (1024-bit cert/3072-bit CA) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 5.6
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:YZ457EBcJTSxRKI3yXRgtAj3PBf5B9/F36b1SVooml4
+
+# algorithm recommendations (for OpenSSH 5.6)
+(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) 
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -arcfour128 -- enc algorithm to remove 
+(rec) -arcfour256 -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_5.6p1_test4.json b/test/docker/expected_results/openssh_5.6p1_test4.json
new file mode 100644
index 0000000..a5c725d
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test4.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6"}, "compression": ["none", "zlib@openssh.com"], "enc": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "fingerprints": [{"hash": "nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "18:e2:51:fe:21:6c:78:d0:b8:cf:32:d4:bd:56:42:e1", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024}, {"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 3072}, {"algorithm": "ssh-rsa-cert-v01@openssh.com", "casize": 1024, "keysize": 3072}], "mac": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_5.6p1_test4.txt b/test/docker/expected_results/openssh_5.6p1_test4.txt
new file mode 100644
index 0000000..fb48d1c
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test4.txt
@@ -0,0 +1,152 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_5.6
+(gen) software: OpenSSH 5.6
+(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib@openssh.com)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
+(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
+(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack
+(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm
+ `- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 5.6
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244
+
+# algorithm recommendations (for OpenSSH 5.6)
+(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) 
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -arcfour128 -- enc algorithm to remove 
+(rec) -arcfour256 -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_5.6p1_test5.json b/test/docker/expected_results/openssh_5.6p1_test5.json
new file mode 100644
index 0000000..24523b8
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test5.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_5.6", "software": "OpenSSH_5.6"}, "compression": ["none", "zlib@openssh.com"], "enc": ["aes128-ctr", "aes192-ctr", "aes256-ctr", "arcfour256", "arcfour128", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "rijndael-cbc@lysator.liu.se"], "fingerprints": [{"hash": "nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "18:e2:51:fe:21:6c:78:d0:b8:cf:32:d4:bd:56:42:e1", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 1024}, {"algorithm": "diffie-hellman-group-exchange-sha1", "keysize": 1024}, {"algorithm": "diffie-hellman-group14-sha1"}, {"algorithm": "diffie-hellman-group1-sha1"}], "key": [{"algorithm": "ssh-rsa", "keysize": 3072}, {"algorithm": "ssh-rsa-cert-v01@openssh.com", "casize": 3072, "keysize": 3072}], "mac": ["hmac-md5", "hmac-sha1", "umac-64@openssh.com", "hmac-ripemd160", "hmac-ripemd160@openssh.com", "hmac-sha1-96", "hmac-md5-96"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_5.6p1_test5.txt b/test/docker/expected_results/openssh_5.6p1_test5.txt
new file mode 100644
index 0000000..5ff250a
--- /dev/null
+++ b/test/docker/expected_results/openssh_5.6p1_test5.txt
@@ -0,0 +1,151 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_5.6
+(gen) software: OpenSSH 5.6
+(gen) compatibility: OpenSSH 5.6-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
+(gen) compression: enabled (zlib@openssh.com)
+
+# security
+(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies
+(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data
+(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)
+(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid
+(cve) CVE-2015-6563 -- (CVSSv2: 1.9) conduct impersonation attack
+(cve) CVE-2014-2532 -- (CVSSv2: 5.8) bypass environment restrictions via specific string before wildcard
+(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)
+(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages
+(cve) CVE-2011-5000 -- (CVSSv2: 3.5) cause DoS via large value in certain length field (memory consumption)
+(cve) CVE-2010-5107 -- (CVSSv2: 5.0) cause DoS via large number of connections (slot exhaustion)
+(cve) CVE-2010-4755 -- (CVSSv2: 4.0) cause DoS via crafted glob expression (CPU and memory consumption)
+(cve) CVE-2010-4478 -- (CVSSv2: 7.5) bypass authentication check via crafted values
+
+# key exchange algorithms
+(kex) diffie-hellman-group-exchange-sha256 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+(kex) diffie-hellman-group1-sha1 -- [fail] using small 1024-bit modulus
+ `- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+
+# host-key algorithms
+(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/3072-bit CA) -- [fail] using weak hashing algorithm
+ `- [info] available since OpenSSH 5.6
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+
+# encryption algorithms (ciphers)
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 4.2
+(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
+(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.4, unsafe algorithm
+ `- [warn] using weak cipher
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [fail] disabled since Dropbear SSH 0.53
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
+(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [warn] using small 64-bit block size
+ `- [info] available since OpenSSH 2.1.0
+(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
+(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher
+ `- [info] available since OpenSSH 2.1.0
+(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using weak cipher mode
+ `- [info] available since OpenSSH 2.3.0
+
+# message authentication code algorithms
+(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.5.0
+(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 2.1.0
+(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
+(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
+ `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
+ `- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0
+
+# fingerprints
+(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244
+
+# algorithm recommendations (for OpenSSH 5.6)
+(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change (increase modulus size to 2048 bits or larger) 
+(rec) -3des-cbc -- enc algorithm to remove 
+(rec) -aes128-cbc -- enc algorithm to remove 
+(rec) -aes192-cbc -- enc algorithm to remove 
+(rec) -aes256-cbc -- enc algorithm to remove 
+(rec) -arcfour -- enc algorithm to remove 
+(rec) -arcfour128 -- enc algorithm to remove 
+(rec) -arcfour256 -- enc algorithm to remove 
+(rec) -blowfish-cbc -- enc algorithm to remove 
+(rec) -cast128-cbc -- enc algorithm to remove 
+(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove 
+(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove 
+(rec) -hmac-md5 -- mac algorithm to remove 
+(rec) -hmac-md5-96 -- mac algorithm to remove 
+(rec) -hmac-ripemd160 -- mac algorithm to remove 
+(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha1-96 -- mac algorithm to remove 
+(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -ssh-rsa-cert-v01@openssh.com -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.json b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.json
new file mode 100644
index 0000000..f907cde
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Hardened OpenSSH Server v8.0 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.txt b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.txt
new file mode 100644
index 0000000..1b6ddee
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test1.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Hardened OpenSSH Server v8.0 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json
new file mode 100644
index 0000000..49a13bc
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "expected_optional": [""], "expected_required": ["hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "umac-128-etm@openssh.com"], "mismatched_field": "MACs"}], "host": "localhost", "passed": false, "policy": "Hardened OpenSSH Server v8.0 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt
new file mode 100644
index 0000000..de1f3e7
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_builtin_policy_test2.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Hardened OpenSSH Server v8.0 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * MACs did not match.
+ - Expected: hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, umac-128-etm@openssh.com
+ - Actual: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
+
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.json b/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.json
new file mode 100644
index 0000000..2e105ff
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test11 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.txt b/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.txt
new file mode 100644
index 0000000..024bcb9
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test11.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Docker policy: test11 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.json b/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.json
new file mode 100644
index 0000000..677fb96
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["3072"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA host key (rsa-sha2-256) sizes"}, {"actual": ["3072"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA host key (rsa-sha2-512) sizes"}, {"actual": ["3072"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "RSA host key (ssh-rsa) sizes"}], "host": "localhost", "passed": false, "policy": "Docker policy: test12 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.txt b/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.txt
new file mode 100644
index 0000000..6fb0561
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test12.txt
@@ -0,0 +1,17 @@
+Host: localhost:2222
+Policy: Docker policy: test12 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * RSA host key (rsa-sha2-256) sizes did not match.
+ - Expected: 4096
+ - Actual: 3072
+
+ * RSA host key (rsa-sha2-512) sizes did not match.
+ - Expected: 4096
+ - Actual: 3072
+
+ * RSA host key (ssh-rsa) sizes did not match.
+ - Expected: 4096
+ - Actual: 3072
+
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.json b/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.json
new file mode 100644
index 0000000..e412128
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test13 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.txt b/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.txt
new file mode 100644
index 0000000..b8b4b25
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test13.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Docker policy: test13 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.json b/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.json
new file mode 100644
index 0000000..e7a39f8
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.json
@@ -0,0 +1 @@
+{"errors": [{"actual": ["2048"], "expected_optional": [""], "expected_required": ["4096"], "mismatched_field": "Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes"}], "host": "localhost", "passed": false, "policy": "Docker policy: test14 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.txt b/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.txt
new file mode 100644
index 0000000..2bb59fb
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test14.txt
@@ -0,0 +1,9 @@
+Host: localhost:2222
+Policy: Docker policy: test14 (version 1)
+Result: ❌ Failed!
+
+Errors:
+ * Group exchange (diffie-hellman-group-exchange-sha256) modulus sizes did not match.
+ - Expected: 4096
+ - Actual: 2048
+
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.json b/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.json
new file mode 100644
index 0000000..04620b2
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.json
@@ -0,0 +1 @@
+{"errors": [], "host": "localhost", "passed": true, "policy": "Docker policy: test6 (version 1)"}
diff --git a/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.txt b/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.txt
new file mode 100644
index 0000000..b0e9441
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_custom_policy_test6.txt
@@ -0,0 +1,3 @@
+Host: localhost:2222
+Policy: Docker policy: test6 (version 1)
+Result: ✔ Passed
diff --git a/test/docker/expected_results/openssh_8.0p1_test1.json b/test/docker/expected_results/openssh_8.0p1_test1.json
new file mode 100644
index 0000000..cf610a3
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test1.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_8.0", "software": "OpenSSH_8.0"}, "compression": ["none", "zlib@openssh.com"], "enc": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "fingerprints": [{"hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519"}, {"hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9", "hash_alg": "MD5", "hostkey": "ssh-ed25519"}, {"hash": "nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244", "hash_alg": "SHA256", "hostkey": "ssh-rsa"}, {"hash": "18:e2:51:fe:21:6c:78:d0:b8:cf:32:d4:bd:56:42:e1", "hash_alg": "MD5", "hostkey": "ssh-rsa"}], "kex": [{"algorithm": "curve25519-sha256"}, {"algorithm": "curve25519-sha256@libssh.org"}, {"algorithm": "ecdh-sha2-nistp256"}, {"algorithm": "ecdh-sha2-nistp384"}, {"algorithm": "ecdh-sha2-nistp521"}, {"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 2048}, {"algorithm": "diffie-hellman-group16-sha512"}, {"algorithm": "diffie-hellman-group18-sha512"}, {"algorithm": "diffie-hellman-group14-sha256"}, {"algorithm": "diffie-hellman-group14-sha1"}], "key": [{"algorithm": "rsa-sha2-512", "keysize": 3072}, {"algorithm": "rsa-sha2-256", "keysize": 3072}, {"algorithm": "ssh-rsa", "keysize": 3072}, {"algorithm": "ecdsa-sha2-nistp256"}, {"algorithm": "ssh-ed25519"}], "mac": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_8.0p1_test1.txt b/test/docker/expected_results/openssh_8.0p1_test1.txt
new file mode 100644
index 0000000..d7e45b1
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test1.txt
@@ -0,0 +1,85 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_8.0
+(gen) software: OpenSSH 8.0
+(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
+(gen) compression: enabled (zlib@openssh.com)
+
+# key exchange algorithms
+(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
+(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
+(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
+(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+
+# host-key algorithms
+(key) rsa-sha2-512 (3072-bit) -- [info] available since OpenSSH 7.2
+(key) rsa-sha2-256 (3072-bit) -- [info] available since OpenSSH 7.2
+(key) ssh-rsa (3072-bit) -- [fail] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+ `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
+(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
+ `- [warn] using weak random number generator could reveal the key
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
+
+# encryption algorithms (ciphers)
+(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
+ `- [info] default cipher since OpenSSH 6.9.
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
+(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
+
+# message authentication code algorithms
+(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 6.2
+(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 6.2
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+
+# fingerprints
+(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU
+(fin) ssh-rsa: SHA256:nsWtdJ9Z67Vrf7OsUzQov7esXhsWAfVppArGh25u244
+
+# algorithm recommendations (for OpenSSH 8.0)
+(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove 
+(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove 
+(rec) -ssh-rsa -- key algorithm to remove 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha2-256 -- mac algorithm to remove 
+(rec) -hmac-sha2-512 -- mac algorithm to remove 
+(rec) -umac-128@openssh.com -- mac algorithm to remove 
+(rec) -umac-64-etm@openssh.com -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_8.0p1_test2.json b/test/docker/expected_results/openssh_8.0p1_test2.json
new file mode 100644
index 0000000..fb323eb
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test2.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_8.0", "software": "OpenSSH_8.0"}, "compression": ["none", "zlib@openssh.com"], "enc": ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"], "fingerprints": [{"hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519"}, {"hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9", "hash_alg": "MD5", "hostkey": "ssh-ed25519"}], "kex": [{"algorithm": "curve25519-sha256"}, {"algorithm": "curve25519-sha256@libssh.org"}, {"algorithm": "ecdh-sha2-nistp256"}, {"algorithm": "ecdh-sha2-nistp384"}, {"algorithm": "ecdh-sha2-nistp521"}, {"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 2048}, {"algorithm": "diffie-hellman-group16-sha512"}, {"algorithm": "diffie-hellman-group18-sha512"}, {"algorithm": "diffie-hellman-group14-sha256"}, {"algorithm": "diffie-hellman-group14-sha1"}], "key": [{"algorithm": "ssh-ed25519"}, {"algorithm": "ssh-ed25519-cert-v01@openssh.com"}], "mac": ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_8.0p1_test2.txt b/test/docker/expected_results/openssh_8.0p1_test2.txt
new file mode 100644
index 0000000..a13be8a
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test2.txt
@@ -0,0 +1,77 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_8.0
+(gen) software: OpenSSH 8.0
+(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
+(gen) compression: enabled (zlib@openssh.com)
+
+# key exchange algorithms
+(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
+(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
+ `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
+(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4
+(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
+(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
+(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
+(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
+
+# host-key algorithms
+(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
+(key) ssh-ed25519-cert-v01@openssh.com -- [info] available since OpenSSH 6.5
+
+# encryption algorithms (ciphers)
+(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
+ `- [info] default cipher since OpenSSH 6.9.
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
+(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
+
+# message authentication code algorithms
+(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 6.2
+(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 6.2
+(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [warn] using small 64-bit tag size
+ `- [info] available since OpenSSH 4.7
+(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
+ `- [warn] using weak hashing algorithm
+ `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
+
+# fingerprints
+(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU
+
+# algorithm recommendations (for OpenSSH 8.0)
+(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove 
+(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove 
+(rec) +rsa-sha2-256 -- key algorithm to append 
+(rec) +rsa-sha2-512 -- key algorithm to append 
+(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove 
+(rec) -hmac-sha1 -- mac algorithm to remove 
+(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove 
+(rec) -hmac-sha2-256 -- mac algorithm to remove 
+(rec) -hmac-sha2-512 -- mac algorithm to remove 
+(rec) -umac-128@openssh.com -- mac algorithm to remove 
+(rec) -umac-64-etm@openssh.com -- mac algorithm to remove 
+(rec) -umac-64@openssh.com -- mac algorithm to remove 
+
+# additional info
+(nfo) For hardening guides on common OSes, please see: <https://www.ssh-audit.com/hardening_guides.html>
+
diff --git a/test/docker/expected_results/openssh_8.0p1_test3.json b/test/docker/expected_results/openssh_8.0p1_test3.json
new file mode 100644
index 0000000..5728136
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test3.json
@@ -0,0 +1 @@
+{"banner": {"comments": null, "protocol": [2, 0], "raw": "SSH-2.0-OpenSSH_8.0", "software": "OpenSSH_8.0"}, "compression": ["none", "zlib@openssh.com"], "enc": ["chacha20-poly1305@openssh.com", "aes256-gcm@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr", "aes192-ctr", "aes128-ctr"], "fingerprints": [{"hash": "UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519"}, {"hash": "1e:0c:7b:34:73:bf:52:41:b0:f9:d1:a9:ab:98:c7:c9", "hash_alg": "MD5", "hostkey": "ssh-ed25519"}], "kex": [{"algorithm": "curve25519-sha256"}, {"algorithm": "curve25519-sha256@libssh.org"}, {"algorithm": "diffie-hellman-group-exchange-sha256", "keysize": 2048}], "key": [{"algorithm": "ssh-ed25519"}], "mac": ["hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "umac-128-etm@openssh.com"], "target": "localhost"}
diff --git a/test/docker/expected_results/openssh_8.0p1_test3.txt b/test/docker/expected_results/openssh_8.0p1_test3.txt
new file mode 100644
index 0000000..5b20c3f
--- /dev/null
+++ b/test/docker/expected_results/openssh_8.0p1_test3.txt
@@ -0,0 +1,38 @@
+# general
+(gen) banner: SSH-2.0-OpenSSH_8.0
+(gen) software: OpenSSH 8.0
+(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
+(gen) compression: enabled (zlib@openssh.com)
+
+# key exchange algorithms
+(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
+(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
+(kex) diffie-hellman-group-exchange-sha256 (2048-bit) -- [info] available since OpenSSH 4.4
+
+# host-key algorithms
+(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
+
+# encryption algorithms (ciphers)
+(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
+ `- [info] default cipher since OpenSSH 6.9.
+(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
+(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
+(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+(enc) aes192-ctr -- [info] available since OpenSSH 3.7
+(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
+
+# message authentication code algorithms
+(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
+(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
+
+# fingerprints
+(fin) ssh-ed25519: SHA256:UrnXIVH+7dlw8UqYocl48yUEcKrthGDQG2CPCgp7MxU
+
+# algorithm recommendations (for OpenSSH 8.0)
+(rec) +diffie-hellman-group14-sha256 -- kex algorithm to append 
+(rec) +diffie-hellman-group16-sha512 -- kex algorithm to append 
+(rec) +diffie-hellman-group18-sha512 -- kex algorithm to append 
+(rec) +rsa-sha2-256 -- key algorithm to append 
+(rec) +rsa-sha2-512 -- key algorithm to append 
+
diff --git a/test/docker/expected_results/tinyssh_20190101_test1.json b/test/docker/expected_results/tinyssh_20190101_test1.json
new file mode 100644
index 0000000..6bf8f24
--- /dev/null
+++ b/test/docker/expected_results/tinyssh_20190101_test1.json
@@ -0,0 +1 @@
+{"banner": {"comments": "", "protocol": [2, 0], "raw": "", "software": "tinyssh_noversion"}, "compression": ["none"], "enc": ["chacha20-poly1305@openssh.com"], "fingerprints": [{"hash": "89ocln1x7KNqnMgWffGoYtD70ksJ4FrH7BMJHa7SrwU", "hash_alg": "SHA256", "hostkey": "ssh-ed25519"}, {"hash": "dd:9c:6d:f9:b0:8c:af:fa:c2:65:81:5d:5d:56:f8:21", "hash_alg": "MD5", "hostkey": "ssh-ed25519"}], "kex": [{"algorithm": "curve25519-sha256"}, {"algorithm": "curve25519-sha256@libssh.org"}, {"algorithm": "sntrup4591761x25519-sha512@tinyssh.org"}], "key": [{"algorithm": "ssh-ed25519"}], "mac": ["hmac-sha2-256"], "target": "localhost"}
diff --git a/test/docker/expected_results/tinyssh_20190101_test1.txt b/test/docker/expected_results/tinyssh_20190101_test1.txt
new file mode 100644
index 0000000..9e833c6
--- /dev/null
+++ b/test/docker/expected_results/tinyssh_20190101_test1.txt
@@ -0,0 +1,25 @@
+# general
+(gen) software: TinySSH noversion
+(gen) compatibility: OpenSSH 8.0-8.4, Dropbear SSH 2018.76+
+(gen) compression: disabled
+
+# key exchange algorithms
+(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
+(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
+(kex) sntrup4591761x25519-sha512@tinyssh.org -- [warn] using experimental algorithm
+ `- [info] available since OpenSSH 8.0
+
+# host-key algorithms
+(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
+
+# encryption algorithms (ciphers)
+(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
+ `- [info] default cipher since OpenSSH 6.9.
+
+# message authentication code algorithms
+(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
+ `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
+
+# fingerprints
+(fin) ssh-ed25519: SHA256:89ocln1x7KNqnMgWffGoYtD70ksJ4FrH7BMJHa7SrwU
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-06 06:05:48 +0000