Document broken link hijacking

stevenvachon / broken-link-checker

Find broken links, missing images, etc within your HTML.

MIT License

1.94k stars 298 forks source link

Open AnotherWayIn opened 5 years ago

AnotherWayIn commented 5 years ago

Awesome tool. Any chance you could make it accept a list of URLs and run multi threaded please?

stevenvachon commented 5 years ago

A list of URLs for what purpose?

The requests are already multi-threaded thanks to libuv.

AnotherWayIn commented 5 years ago

I’m using it for pentesting a large scope of web apps. Thanks

Sent from my iPhone

A list of URLs for what purpose?

The requests are already multi-threaded thanks to libuvhttps://github.com/libuv/libuv.

stevenvachon commented 5 years ago

Why not simply use curl?

AnotherWayIn commented 5 years ago

I don’t understand. Could you give an example? If curl could achieve the same results in a quicker way, then what value does this tool add?

All I need is a fast method of finding broken links across many apps

Sent from my iPhone

Why not simply use curl?

stevenvachon commented 5 years ago

I'm pretty sure that finding broken links is not a penetration test.

If all you want is to test multiple sites, you can do so with multiple commands in a shell script or batch file.

AnotherWayIn commented 5 years ago

It's okay, you obviously don't understand the implications of having broken links in your apps, from a security perspective.

stevenvachon commented 5 years ago

If you have security related broken links, then you probably have XSS issues.

AnotherWayIn commented 5 years ago

Partly. It'll be easier if I provide a link with specific examples using this tool: https://edoverflow.com/2017/broken-link-hijacking/

stevenvachon commented 5 years ago

Thank you. I'll look into this further at a later time.