import requests # Config TARGET_URL = '' # E.g http://10.10.10.10 TARGET_PORT = 80 FILE_NAMES = [] # Don't include extension EXTENSIONS = ['pdf', 'txt', 'doc', 'docx', 'png', 'jpg', 'jpeg'] BRUTE_YEARS = ['2016','2017','2018','2019'] BRUTE_MONTHS = ['01','02','03','04','05','06','07','08','09','10','11','12'] BASE_PATH = 'wp-content/uploads' USER_AGENT = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0' def main(): headers = { 'User-Agent': USER_AGENT } print("[+] Starting brute force") for file_name in FILE_NAMES: for extension in EXTENSIONS: for year in BRUTE_YEARS: for month in BRUTE_MONTHS: url = "{}:{}/{}/{}/{}/{}.{}".format(TARGET_URL, TARGET_PORT, BASE_PATH, year, month, file_name, extension) r = requests.get(url, headers=headers) if r.status_code == 200: print("[!] Found valid url: {}".format(url)) print("[+] Completed brute force") if __name__ == '__main__': main()