Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
Jan 11, 2021
Jan 11, 2021


A code fragmentation technique for avoiding filtering or detection from things like web application firewalls. Inspired by the concept of fragmented shellcode used in memory corruption [omelet][1] and can scatter fragmented PHP code through log files yet still execute it as a single bit of PHP.

The broad concept is:

  1. Everything inside the <?php ?> tags is code
  2. Everything inside the /* */ multi line comments are ignored
  3. PHP parsing has some flexibility

The preferred use of this is to inject a small stager payload, but bigger files could be transformed as well.

The steps are simple enough that they can be performed manually:

  1. Add comment after all opening tags
  2. Add comment before all closing tags
  3. Add comments before and after semi colons
  4. Add comment after comma
  5. Add comments before and after opening and closing pharanteses
  6. Remove duplicate comments
  7. Insert new line before each closing multi line comment
  8. Remove empty lines

More steps can be added, or you can implement your own version, but keeping them simple means you can use the steps on other languages like JavaScript as well.

This repository includes some scripts to help automate the process of fragmenting and injecting the code, and some "debugging" tools. The automated process is not syntax aware so beware when using strings or embedding PHP in things like HTML.


The main script for fragmenting PHP code, uses regex to generate fragmented PHP code. Code is given as the first agrument. Examples:

$ ./omelette '<?=eval($_GET[0])?>'
$ ./omelette "$(cat t/shell3.php)" > plate and

Automatically fragment and inject the omelette to a website. Takes PHP code as first argument and a URL as the second. Will send injection as parameter or via UserAgent. Examples:

$ ./ '<?php phpinfo(); ?>' ''
$ ./ "$(cat t/shell1.php)"

Tries to show the fragmented code in a cleaner/readable format. Example:

./ ./plate


Breaks PHP code into parsed tokens, handy when seeing how the PHP parser deals with fragmented code:

php php_parse.php ./file


Wireghoul -

References: [1]: "Eggs to omelet"


Code fragmentation technique for scripting languages






No releases published


No packages published