In a way it’s expected to crash, especially the hardware :)

An author of this report made that commit. It's good to see work like this.

Quite brazen that they are tweeting about reports after their termination date https://twitter.com/0xRzlr

Wow zero self-awareness

These will be one of those cases where the person will be surprised they landed in jail

You are right it isn't expensive, but it is much noisier to use something like masscan over 16m internal IP addresses if you are pentesting an organization with a decent blue team.

I don't think this tool was made for the use case of HashKnownHosts not being set.

Using shell history, known hosts, netstat, etc are all great ways to find hosts to pivot to.

Substituting ssh with a malicous version is extremely noisy and risky as well.