cUrl cheatsheet

cUrl Cheatsheet

# download a file from a remote server and save it locally
curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/56a39ab9a70a89b56d66dad8bdffb887fba1260e/Passwords/2023-200_most_used_passwords.txt

# Read entry
curl http://<SERVER_IP>:<PORT>/api.php/city/london

# Read all entries - add the "-s" flag to reduce cluttering the response with unnecessary data
curl -s http://<SERVER_IP>:<PORT>/api.php/city/ | jq

#Filter output with jq on a specific endpoint and value
curl -X 'GET'   'http://94.237.53.81:43876/api/v2/suppliers'   -H 'accept: application/json'   
| jq '.suppliers[] | select(.securityQuestion != "SupplierDidNotProvideYet")'

# Create (add) entry
curl -X POST http://<SERVER_IP>:<PORT>/api.php/city/ -d '{"city_name":"HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

# Update (modify) entry
curl -X PUT http://<SERVER_IP>:<PORT>/api.php/city/london -d '{"city_name":"New_HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

# Delete entry
curl -X DELETE http://<SERVER_IP>:<PORT>/api.php/city/New_HTB_City

# Set custom headers for API requests
curl -H "Authorization: Bearer <TOKEN>" http://<SERVER_IP>:<PORT>/api.php/city/london

# Use a specific HTTP method with custom headers
curl -X PATCH http://<SERVER_IP>:<PORT>/api.php/city/london -H "Authorization: Bearer <TOKEN>" -H 'Content-Type: application/json' -d '{"city_name":"Updated_City"}'

# Perform an API request with error handling and verbose mode
curl -v --fail-http http://<SERVER_IP>:<PORT>/api.php/city/london || echo "Request failed"

# Download a file from the API
curl -o output_file.txt http://<SERVER_IP>:<PORT>/api.php/file.txt

Command

Info

curl site.com

cURL (client URL) is a command-line tool and library that primarily supports HTTP along with many other protocols. This makes it a good candidate for scripts as well as automation, making it essential for sending various types of web requests from the command line, which is necessary for many types of web penetration tests.

curl -O inlanefreight.com/index.html

-O will download the index.html page

curl -o filename site.com/path

-o with the -o option we can specify a filename

curl -h

display th help message

curl --help all

display the full help page

curl -k https://inlanefreight.com

-k allows you to skip the SSL veriifcation if you are testing a local webapp that does not yt contain a valid SSL cert

curl site.com -vvv

use -v verbose mode to show the http request and response headers

curl -I site.com

curl -i site.com

-I sends a HEAD request, while -i sends any request we specify and prints the headers as well. Head is very powerfull and allows us to request the metadata of a resoures like availability size, links without downloading it.

curl -i https://inlanefreight.com -A 'Jiji' -vvv

-A modifies the user agent to a custom value

cUrl fo API

Command

Description

curl http://<SERVER_IP>:<PORT>/api.php/city/london

Read entry

curl -s http://<SERVER_IP>:<PORT>/api.php/city/ | jq

Read all entries

curl -X POST http://<SERVER_IP>:<PORT>/api.php/city/ -d '{"city_name":"HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

Create (add) entry

curl -X PUT http://<SERVER_IP>:<PORT>/api.php/city/london -d '{"city_name":"New_HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

Update (modify) entry

curl -X DELETE http://<SERVER_IP>:<PORT>/api.php/city/New_HTB_City

Delete entry

PreviousBurpsuite and browser tricks NextKnown web CVE's

Last updated 3 months ago

hashtagcUrl Cheatsheet

hashtagcUrl fo API

cUrl Cheatsheet

cUrl fo API