So what does that have to do with anything? Well, one of my favorite web vulnerabilities is weak permissions on sensitive files. Think of things like phpMyAdmin, TinyMCE, or FCKeditor etc. Web servers are very rarely setup correctly, and misconfiguration will most likely lead to compromise or at least information leakage. I found myself taking the unique indicators within web applications and searching for the projects on Github. Once I located the github project I was taking the git repo to create a directory and file list for brute forcing later. I believe in automating anything I have to do manually more than five times. So that is what I did. You can find the python script here.

Run the script like this: