For those running Debian Bookworm and potentially others - judging by the result message this seems to use the banner version to decide whether or not you're vulnerable. For me it says "OpenSSH_9.2p1 is potentially vulnerable to regreSSHion (CVE-2024-6387)", but the vulnerability has been patched by Debian themselves without incrementing the version visible in the banner. The patched package version is "1:9.2p1-2+deb12u3".
Any chance to OpenSource this? We're a small provider with quite a few IP addresses that I would like to run this over, but for obvious reasons you have rate limits :)
For those running Debian Bookworm and potentially others - judging by the result message this seems to use the banner version to decide whether or not you're vulnerable. For me it says "OpenSSH_9.2p1 is potentially vulnerable to regreSSHion (CVE-2024-6387)", but the vulnerability has been patched by Debian themselves without incrementing the version visible in the banner. The patched package version is "1:9.2p1-2+deb12u3".