Does someone have SSH1 fingerprint parser? I wish use this fingerprint for comparison SSL certificates with DB of malicious SSL certificates.
Fingerprints don't appear in certificates or SSH sessions - they are hashes calculated from the public keys. Calculating hashes is (relatively) computationally expensive, not something you want to do in a parser on the fly.
The TLS_lua parser will register certificate serial numbers as meta ssl.serial (nonstandard key) but that's not helpful for SSH. The Signed_Executable parser will register ssl.serial as well.
Retrieving data ...