php-serialize-audit
CommunityAudit PHP deserialization & POP chains.
Authoryunmengya
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the critical security risks associated with PHP deserialization, including the exploitation of Phar archives and POP (Plain Old PHP) chains, to identify and report vulnerabilities.
Core Features & Use Cases
- Vulnerability Identification: Detects
unserialize()andPhar://wrapper usage, pinpointing potential entry points for attacks. - POP Chain Analysis: Identifies and analyzes magic methods (like
__wakeup,__destruct) to construct potential POP chains for exploitation. - Input Controllability Assessment: Traces data flow to determine if user-controlled input can reach deserialization sinks.
- Evidence Recording: Documents the evidence chain, controllability, and findings for detailed reporting.
- Use Case: Auditing a PHP application to find and report on deserialization vulnerabilities that could lead to Remote Code Execution (RCE) via POP chains.
Quick Start
Use the php-serialize-audit skill to audit the project for deserialization vulnerabilities and POP chain risks.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: php-serialize-audit Download link: https://github.com/yunmengya/PHP_AUDIT_SKILLS/archive/main.zip#php-serialize-audit Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.