cUrl cheatsheet

curl site.com

cURL (client URL) is a command-line tool and library that primarily supports HTTP along with many other protocols. This makes it a good candidate for scripts as well as automation, making it essential for sending various types of web requests from the command line, which is necessary for many types of web penetration tests.

-O will download the index.html page

curl -o filename site.com/path

-o with the -o option we can specify a filename

curl -h

display th help message

curl --help all

display the full help page

-k allows you to skip the SSL veriifcation if you are testing a local webapp that does not yt contain a valid SSL cert

curl site.com -vvv

use -v verbose mode to show the http request and response headers

curl -I site.com

curl -i site.com

-I sends a HEAD request, while -i sends any request we specify and prints the headers as well. Head is very powerfull and allows us to request the metadata of a resoures like availability size, links without downloading it.

curl -i https://inlanefreight.com -A 'Jiji' -vvv

-A modifies the user agent to a custom value

Command

Description

curl http://<SERVER_IP>:<PORT>/api.php/city/london

Read entry

curl -s http://<SERVER_IP>:<PORT>/api.php/city/ | jq

Read all entries

curl -X POST http://<SERVER_IP>:<PORT>/api.php/city/ -d '{"city_name":"HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

Create (add) entry

curl -X PUT http://<SERVER_IP>:<PORT>/api.php/city/london -d '{"city_name":"New_HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

Update (modify) entry

curl -X DELETE http://<SERVER_IP>:<PORT>/api.php/city/New_HTB_City

Delete entry