Tested!
Many of the internals were refactored to make testing easier. There is now an initial test suite that starts up a bunch of containers running sshd with different configurations in order to test the authentication process.
ssh-auditor now flags hosts that it could authenticate to, but could not run a command or tunnel as the result "auth". This type of result may mean you found a valid credential that can't access anything via ssh, but it may work over another protocol.