tomcatWarDeployer is an Apache Tomcat auto WAR deployment & pwning penetration testing tool.
What is it?
This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically generate and deploy JSP Backdoor, as well as invoke it afterwards and provide nice shell (either via web gui, listening port binded on remote machine or as a reverse tcp payload connecting back to the adversary).
In practice, it generates JSP backdoor WAR package on-the-fly and deploys it at the Apache Tomcat Manager Application, using valid HTTP Authentication credentials that pentester provided (or custom ones, in the end, we all love tomcat:tomcat ).
+ as well as some pty to interact with it
+ Finish implementing noconnect and connect functionality
+ Test it on tomcat8
git clone https://github.com/mgeeky/tomcatWarDeployer && cd tomcatWarDeployer
python tomcatWarDeployer.py -h