Skills
.Work. You
Rest

deserialization-php

Official

Exploit PHP deserialization vulns.

Software Engineering#php#deserialization#rce#phpggc#phar#gadget chain
Authorblacklanternsecurity
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps penetration testers identify and exploit PHP deserialization vulnerabilities, which can lead to remote code execution.

Core Features & Use Cases

  • Identify Serialization Formats: Detects common PHP serialization patterns (objects, arrays, strings).
  • Exploit Gadget Chains: Leverages tools like PHPGGC to generate and inject malicious payloads using known framework vulnerabilities.
  • PHAR Deserialization: Exploits vulnerabilities where PHP filesystem functions process PHAR archives.
  • Use Case: A penetration tester finds an application that unserializes user-provided data. They use this Skill to craft a payload that executes arbitrary commands on the server.

Quick Start

Use the deserialization-php skill to generate a PHPGGC RCE1 chain for Monolog and execute the 'id' command, outputting the result as a base64 encoded string.

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: deserialization-php
Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#deserialization-php

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.