Web Penetration Testing

Broken Link Checker Tool for Web Pentesting – Hijacking

Hello Guys, today in this tutorial we are going to talk about a web application penetration testing tool called “breaker-link-checker“. The code of this tool is written in Node JS, which comes with the below features.

Broken link hijacking (BLH) is a type of web attack. Uses external links that are no longer valid. This vulnerability can be tested using automated tools. Broken Link Checker is an automated tool developed in NodeJS and also available on GitHub. This tool takes the destination URL as input and tests each URL to identify broken links. This tool is free and open source to use.


Note: Make sure you have Node JS installed on your system as this is a Node JS-based tool. Click to check the installation process: Steps to install Node JS on Linux



  • ✅ Complete: Unicode, redirection, compression, basic authentication, absolute/relative/local URL.
  • ⚡️ Fast: Concurrent, streamed, and cached.
  • 🍰 Easy: Convenient defaults and very configurable.

Other features:

  • Support for many HTML elements and attributes; not only <a href> and <img src>.
  • Support for relative URLs with <base href>.
  • WHATWG specifications-compliant HTML and URL parsing.
  • Honor robot exclusions (robots.txt, headers and rel), optionally.
  • Detailed information for reporting and maintenance.
  • URL keyword filtering with simple wildcards.
  • Pause/Resume at any time.



Required Dependencies:

So first we need to install the “npm” dependency which is usually not pre-installed in any operating system. npm is a package manager for Node. js and the JavaScript coding language.



Installation of Broken Link Checker Tool

Step 1: Use the following command to install the “npm” dependency.

apt install npm
root@OnlineHacking:~$ sudo apt install npm
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
gyp javascript-common libauthen-sasl-perl libc-ares2 libclone-perl libdata-dump-perl libencode-local
node-abbrev node-agent-base node-ajv node-ansi node-ansi-regex node-ansi-styles node-ansistyles node-ap
Get:223 https://deb.debian.org/debian bullseye/main amd64 x11-xserver-utils amd64 7.7+8 [168 kB]
0 upgraded, 0 newly installed, 1 to install and 7 not upgraded.
After this operation, 2,499 kB disk space will be freed.
Do you want to continue? [Y/n] Y
Fetched 18.3 MB in 1s (17.4 MB/s) 
Setting up libxml-parser-perl:amd64 (2.46-2) ...
Setting up libxml-twig-perl (1:3.52-1) ...
Setting up libnet-dbus-perl (1.2.0-1+b1) ...
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for libc-bin (2.31-13+deb11u5) ...



Step 2: Now install and configure the Broken Link Checker tool using the following command.
Good 🙂!! Now we can easily install and configure any node js project using this tool as below.

npm install broken-link-checker -g
root@OnlineHacking:~$ npm install broken-link-checker -g
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  
npm WARN deprecated [email protected]: no longer maintained
npm WARN deprecated [email protected]: use universal-url, minurl, relateurl, url-relation
npm WARN deprecated [email protected]: try optionator

added 104 packages, and audited 105 packages in 8s

5 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
npm notice
npm notice New major version of npm available! 8.19.3 -> 9.1.3n of npm available! 8.19.3 -> 9.1.3
npm notice Changelog: https://github.com/npm/cli/releases/tag/v9.1.3
npm notice Run npm install -g [email protected] to update!
npm notice



Step 3: Check the help section with the following command. Done 🙂!! We think users will become experts by installing various tools with us. The tool has been installed and you can now control it by simply dropping its name on the terminal.

blc --help



Use of Broken Link Checker

Example 1 – Recursive and ordered
Basically, we just name the site we want to hunt and add filters to get the results recursively. Sometimes the website’s external links expire and the website owner doesn’t look at them even once, and the reason for this carelessness can reward hackers.

blc https://onlinehacking.org -ro

Note: HTTP proxies are not directly supported. If your network is configured incorrectly and no resolution is visible, you can try using a container with proxy settings.



Example 2 – Exclude internal links
We think that looking for internal links is not useful. Let’s assume that even if we get it, we will eliminate the process of searching for internal links, which will reduce the search time and give us fast and accurate results.

blc https://onlinehacking.org -i

In this example, we will eliminate the internal link search process, which will reduce the search time and give us fast and accurate results.

Finally 🙂!! We tested the rest of the features of this tool but they don’t seem useful so we gave up, but you can try it yourself once.


Hello, I'm SUMAN from India. I’m currently working on Cyber Ethical Hacking Penetration Testing & Bug Bounty. I’m currently learning more about Web Design, Android ROM

Related Articles

Notify of
Newest Most Voted
Inline Feedbacks
View all comments
1 year ago

plz upload vd forz pubg global acount and pubg bgmi account

Reply to  saara
1 year ago

Jani apna number do

Back to top button
Would love your thoughts, please comment.x