phpggc_generate
Generate PHP unserialize gadget chains for penetration testing. Input chain identifier and command to create encoded exploit payloads.
Instructions
Generate a single PHP unserialize gadget chain via phpggc.
Args:
chain: Gadget chain identifier (e.g. Laravel/RCE9, Symfony/RCE4,
Monolog/RCE1). Run phpggc -l locally to enumerate.
command: Shell command to embed in the chain (e.g. id, curl ...).
encoding: One of raw, base64, url, json, soft.
fast_destruct: Adds --fast-destruct (triggers without await).
extra_args: Extra raw arguments to pass through.
Returns:
PhpggcReport with the generated payload (string). If phpggc is not
installed, available is False.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| chain | Yes | ||
| command | Yes | ||
| encoding | No | base64 | |
| extra_args | No | ||
| fast_destruct | No |