import requests


# Config 
TARGET_URL   = '' # E.g http://10.10.10.10
TARGET_PORT  = 80
FILE_NAMES   = [] # Don't include extension
EXTENSIONS   = ['pdf', 'txt', 'doc', 'docx', 'png', 'jpg', 'jpeg']
BRUTE_YEARS  = ['2016','2017','2018','2019']
BRUTE_MONTHS = ['01','02','03','04','05','06','07','08','09','10','11','12']


BASE_PATH  = 'wp-content/uploads'
USER_AGENT = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0'


def main():

  headers = {
    'User-Agent': USER_AGENT
  }
  
  print("[+] Starting brute force")

  for file_name in FILE_NAMES:
    for extension in EXTENSIONS:
      for year in BRUTE_YEARS:
        for month in BRUTE_MONTHS:

          url = "{}:{}/{}/{}/{}/{}.{}".format(TARGET_URL, TARGET_PORT, BASE_PATH, year, month, file_name, extension)
          r = requests.get(url, headers=headers)

          if r.status_code == 200:
            print("[!] Found valid url: {}".format(url))

  print("[+] Completed brute force")


if __name__ == '__main__':
  main()