28 February 2011 | 13,122 views

JBoss Autopwn – JSP Hacking Tool For JBoss AS Server

Don't let a Dragon into your website!

This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.


  • Multiplatform support – tested on Windows, Linux and Mac targets
  • Support for bind and reverse bind shells
  • Meterpreter shells and VNC support for Windows targets


Dependencies include

  • Netcat
  • Curl
  • Metasploit v3, installed in the current path as “framework3″

You can download JBoss Autopwn here:


Or read more here.


Recent in Exploits/Vulnerabilities:
- Rowhammer – DDR3 Exploit – What You Need To Know
- Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD
- Google Expands Pwnium Year Round With Infinite Bounty

Related Posts:
- winAUTOPWN v2.8 Released For Download – Windows Auto-Hacking Toolkit
- Metasploit 3.4.0 Hacking Framework Released – Over 100 New Exploits Added
- Gooscan – Automated Google Hacking Tool

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 229,567 views
- AJAX: Is your application secure enough? - 119,408 views
- eEye Launches 0-Day Exploit Tracker - 85,198 views

Advertise on Darknet

3 Responses to “JBoss Autopwn – JSP Hacking Tool For JBoss AS Server”

  1. secret 4 March 2011 at 9:33 pm Permalink

    Hey, man! Link don’t work, plz update! Tnx! )

  2. STRSHR 5 March 2011 at 10:20 am Permalink

    The whole github profile of spiderlabs is not available, any mirror will be appreciated.

  3. jbossLover 7 March 2011 at 6:38 pm Permalink

    This exploit is the same to http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf or am i wrong?