2026-03-04 10:00:59 网络安全文章来源：ZONE.CI 全球网 0 阅读模式

文章总结： 文档介绍了PHP反序列化利用工具PHPGGC，该工具类似Java的ysoserial，支持Laravel、Symfony等主流框架的利用链生成，能辅助快速构建漏洞利用载荷。文末附带了安全圈子的推广信息，涉及红队免杀工具、钓鱼手法及内网对抗技术分享，整体内容兼具工具介绍与营销性质。 综合评分： 60 文章分类： 安全工具,渗透测试,红队,免杀

cover_image

渗透测试工具–phpggc

原创

Hello888 Hello888

安全天书

2026年3月3日 16:20 广西

0x01 工具介绍

PHPGGC 是一个包含 unserialize（）负载的库，并附带一个生成这些负载的工具，可以从命令行或程序生成。当你在没有代码的网站上遇到非序列化，或者试图构建漏洞时，这个工具可以让你生成有效载荷，而无需经历繁琐的寻找工具和组合的步骤。它可以看作是

Frohoff 的 ysoserial，但适用于 PHP。目前，该工具支持的各种小工具链，如：CodeIgniter4、Doctrine、Drupal7、Guzzle、Laravel、Magento、Monolog、Phalcon、Podio、Slim、SwiftMailer、Symfony、Wordpress、Yii 和 ZendFramework。

$ ./phpggc&nbsp;-l
Gadget Chains-------------
NAME &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;VERSION &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;TYPE &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; VECTOR &nbsp; &nbsp; &nbsp; &nbsp; I &nbsp; &nbsp;Bitrix/RCE1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;17.x.x&nbsp;<=&nbsp;22.0.300&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;RCE (Function&nbsp;call) &nbsp; &nbsp;__destruct &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CakePHP/RCE1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;?&nbsp;<=&nbsp;3.9.6&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;RCE (Command) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;__destruct &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CakePHP/RCE2 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;?&nbsp;<=&nbsp;4.2.3&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;RCE (Function&nbsp;call) &nbsp; &nbsp;__destruct &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CodeIgniter4/FR1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;4.0.0&nbsp;<=&nbsp;4.3.6&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;File read &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;__toString &nbsp; &nbsp;&nbsp;*&nbsp; &nbsp;&nbsp;CodeIgniter4/RCE1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;4.0.2&nbsp;<=&nbsp;4.0.3&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;RCE (Function&nbsp;call) &nbsp; &nbsp;__destruct &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CodeIgniter4/RCE2 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;4.0.0-rc.4&nbsp;<=&nbsp;4.3.6&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RCE (Function&nbsp;call) &nbsp; &nbsp;__destruct &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CodeIgniter4/RCE3 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;4.0.4&nbsp;<=&nbsp;4.3.6&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;RCE (Function&nbsp;call) &nbsp; &nbsp;__destruct &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CodeIgniter4/RCE4 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;4.0.0-beta.1&nbsp;<=&nbsp;4.0.0-rc.4&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;RCE (Function&nbsp;call) &nbsp; &nbsp;__destruct &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CodeIgniter4/RCE5 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;-4.1.3+&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RCE (Function&nbsp;call) &nbsp; &nbsp;__destruct &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CodeIgniter4/RCE6 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;-4.1.3&nbsp;<=&nbsp;4.2.10+&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RCE (Function&nbsp;call) &nbsp; &nbsp;__destruct &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Doctrine/FW1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;? &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;File write &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; __toString &nbsp; &nbsp;&nbsp;*&nbsp; &nbsp;&nbsp;Doctrine/FW2 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;2.3.0&nbsp;<=&nbsp;2.4.0&nbsp;v2.5.0&nbsp;<=&nbsp;2.8.5&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;File write &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; __destruct &nbsp; &nbsp;&nbsp;*&nbsp; &nbsp;&nbsp;Doctrine/RCE1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;1.5.1&nbsp;<=&nbsp;2.7.2&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;RCE (PHP code) &nbsp; &nbsp; &nbsp; &nbsp; __destruct &nbsp; &nbsp;&nbsp;*&nbsp; &nbsp;&nbsp;Doctrine/RCE2 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;1.11.0&nbsp;<=&nbsp;2.3.2&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RCE (Function&nbsp;call) &nbsp; &nbsp;__destruct &nbsp; &nbsp;&nbsp;*&nbsp; &nbsp;&nbsp;Dompdf/FD1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1.1.1&nbsp;<=&nbsp;? &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; File&nbsp;delete&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; __destruct &nbsp; &nbsp;&nbsp;*&nbsp; &nbsp;&nbsp;...

GitHub地址：

https://github.com/ambionics/phpggc

注意：请勿利用文章内的相关技术从事非法测试，由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。工具来自网络，安全性自测。

0x02 红蓝偶像练习生小圈子

圈子主要研究方向渗透测试、红蓝对抗、钓鱼手法思路、武器化作，红队工具二开与免杀。圈内不定期分享红队技术文章，攻防经验总结，学习笔记以及自研工具与插件，目前圈子已满300人，欢迎各位进圈子交流学习！****

**圈子目前更新相关技术文章：

* HeavenlyBypassAV内部版-轻松免杀各大杀软

Heavenly白加黑自动化生成免杀工具
冰蝎webshell免杀工具
哥斯拉webshell免杀工具
红队场景下lnk钓鱼Bypass国内AV
Frp免杀隧道工具
1day和0dayPOC
lnk钓鱼思路视频讲解
lnk钓鱼Bypass天擎
msi钓鱼
chm钓鱼
Kill360核晶
AV对抗-致盲AV（核晶）
捆绑免杀360
Kill火绒
火绒6.0内存免杀
kill-windows Defender
Defender分离免杀
Defender知识点
HeavenlyProtectionCS内部CS插件
EDR对抗思路
进程注入知识点
自启动思路
多种维权手法
Fscan免杀核晶
QVM解决思路
红队思路-钓鱼环境下小窗口截屏窃取
免杀Todesk/向日葵读取工具
渗透测试文章思路
内网对抗文章思路
还有更多红队思路文章！期待您的加入！！！**

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：安全天书 Hello888 Hello888《渗透测试工具–phpggc》