Skip to main content

Transfers data from or to a server. Supports most protocols including HTTP, FTP, POP3.

# To make an HTTP GET request and dump the contents in 'stdout':
curl <https://example.com>

# To make an HTTP GET request, fo[L]low any '3xx' redirects, and [D]ump the reply headers and contents to 'stdout':
curl --location --dump-header - <https://example.com>

# To download a file, saving the [O]utput under the filename indicated by the URL:
curl --remote-name <https://example.com/filename.zip>

# To send form-encoded [d]ata (POST request of type 'application/x-www-form-urlencoded'). Use '--data @file_name' or '--data @'-'' to read from 'stdin':
curl -X POST --data <'name=bob'> <http://example.com/form>

# To send a request with an extra header, using a custom HTTP method and over a pro[x]y (such as BurpSuite), ignoring insecure self-signed certificates:
curl -k --proxy <http://127.0.0.1:8080> --header <'Authorization: Bearer token'> --request <GET|PUT|POST|DELETE|PATCH|...> <https://example.com>

# To send data in JSON format, specifying the appropriate Content-Type [H]eader:
curl --data <'{"name":"bob"}'> --header <'Content-Type: application/json'> <http://example.com/users/1234>

# To pass client certificate and key for a resource, skipping certificate validation:
curl --cert <client.pem> --key <key.pem> --insecure <https://example.com>

# To resolve a hostname to a custom IP address, with [v]erbose output (similar to editing the '/etc/hosts' file for custom DNS resolution):
curl --verbose --resolve <example.com>:<80>:<127.0.0.1> <http://example.com>

# -----------------------------------------------------------------------------

# To download a single file:
curl http://path.to.the/file

# To download a file and specify a new filename:
curl http://example.com/file.zip -o new_file.zip

# To download multiple files:
curl -O URLOfFirstFile -O URLOfSecondFile

# To download all sequentially numbered files (1-24):
curl http://example.com/pic[1-24].jpg

# To download a file and pass HTTP Authentication:
curl -u username:password URL

# To download a file with a Proxy:
curl -x proxysever.server.com:PORT http://addressiwantto.access

# To download a file from FTP:
curl -u username:password -O ftp://example.com/pub/file.zip

# To get an FTP directory listing:
curl ftp://username:password@example.com

# To resume a previously failed download:
curl -C - -o partial_file.zip http://example.com/file.zip

# To fetch only the HTTP headers from a response:
curl -I http://example.com

# To fetch your external IP and network info as JSON:
curl http://ifconfig.me/all/json

# To limit the rate of a download:
curl --limit-rate 1000B -O http://path.to.the/file

# To get your global IP:
curl httpbin.org/ip

# To get only the HTTP status code:
curl -o /dev/null -w '%{http_code}\n' -s -I <url>

# -----------------------------------------------------------------------------

# To set request headers (-v verbose):
curl -v -H "Accept: application/json" http://somehost.com/somepath/somefile

# To sequentially download numbered resources (01-24), and set the naming pattern:
curl http://example.com/files/file-[01-24].pdf -o "chapter-#1.pdf"

# To download remote resoureces using braces {..} to specify alternatives:
curl http://example.com/files/{one,two,three}.html

# To detect request directs:
curl -sI google.com | head -1 | egrep '301|302|307' | wc -l

# To create a POST request:
curl -d "item=bottle&category=consumer&submit=ok" www.example.com/process.php

# To create a HTTP Basic auth request:
curl -u username:password http://www.example.com/

# To follow redirected URL's:
curl -L http://google.com

# To specify a proxy server:
curl -U : --proxy-ntlm --proxy my-proxyserver.net:80 -O http://www.google.com/

# To set the referer:
curl -e http://some_referring_site.com  http://www.example.com/

# To set the user-agent:
curl -A "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30"

# To fetch response headers:
curl -I http://jonlabelle.com/

# To fetch response headers:
curl --head https://www.jonlabelle.com/

# To fetch response headers and body:
curl -i http://jonlabelle.com/

# To dump response headers to file:
curl --dump-header headers.txt https://www.jonlabelle.com/

# To download a file using FTP:
curl -u ftpuser:ftppass -O ftp://ftp_server/public_html/xss.php

# To get an FTP directory listing:
curl ftp://username:password@example.com

# To get an FTP directory listing for a specific directory:
curl -u ftpuser:ftppass -O ftp://ftp_server/public_html/

# To upload a file with FTP:
curl -T uploadfilename -u username:password ftp://sitename.com/myfile
curl -T uploadfilename -u username:password ftp://sitename.com/directory/myfile

# To get an FTP list and download files using ranges:
curl ftp://ftp.uk.debian.org/debian/pool/main/[a-z]/

# To FTP upload multiple files at a same time using ranges:
curl -u ftpuser:ftppass -T "{file1,file2}" ftp://ftp.testserver.com

# To get user input, and save contents to ftp as `myfile_1.txt`:
curl -u ftpuser:ftppass -T - ftp://ftp.testserver.com/myfile_1.txt

# To enable a full-trace dump of all incoming/outgoing data:
curl -v --trace - http://google.com

# To specify a proxy server and download a file:
curl -x proxysever.test.com:3128 http://google.co.in

# To send mail using SMTP Protocol (note: type . (period) as the last to send):
curl --mail-from blah@test.com --mail-rcpt foo@test.com smtp://mailserver.com

# To get network info:
curl ifconfig.me        # ip
curl ifconfig.me/host   # hostname
curl ifconfig.me/ua     # user agent
curl ifconfig.me/<port> # open port check
curl ifconfig.me/all    # all

# To continue/resume a previous download:
curl -O http://www.gnu.org/software/gettext/manual/gettext.html      # ctl+c to stop the dl
curl -C - -O http://www.gnu.org/software/gettext/manual/gettext.html # continue the dl

# To limit the rate of data transfer (1000 bytes/second):
curl --limit-rate 1000B -O \
    http://www.gnu.org/software/gettext/manual/gettext.html

# To download a file if modified before/after the given date and time:
curl -z 21-Dec-11 http://www.example.com/yy.html  # if modified `later` than the given date and time
curl -z -21-Dec-11 http://www.example.com/yy.html # if modified `before` the given date and time

# To resume a failed download:
curl -C - -o partially_downloaded_file 'http://www.example.com/path/to/the/file'

# To get the population of the US (in JSON):
curl --silent 'http://api.census.gov/data/2016/pep/population?get=POP,GEONAME&for=us:*' | python -c 'import json,sys;obj=json.load(sys.stdin);print obj[1][0]'

# To get the population of the world (in JSON):
curl --silent http://www.census.gov/popclock/data/population/world | python -c 'import json,sys;obj=json.load(sys.stdin);print obj["world"]["population"]'

# To download all images from a 4chan thread (first grep all href images then sed the url part then wget):
curl --silent $1 | grep -o -i '<a href="//images.4chan.org/[^>]*>' | sed -r 's%.*"//([^"]*)".*%\1%' | xargs wget

# To store and reuse cookies (i.e.: for logging into web site):
curl -L -d "uid=<username>&pwd=<password>" http://www.example.com -c cookies.txt

# To debug redirects between production reloads:
#   watches the headers of a curl, following any redirects and printing only
#   the HTTP status and the location of the possible redirects
watch 'curl -s --location -I http://any.site.or.url | grep -e "\(HTTP\|Location\)"'

# To check if a web server supports gzip compression:
curl -I -H "Accept-Encoding: gzip,deflate" http://example.org

# To get the external IP and network info (as json):
curl ifconfig.me/all/json

# To download a file from SFTP:
curl -u username sftp://example.com/path/to/file.txt

# To download a file using SSH and SCP (secure copy), and a private key for authentication:
curl -u username: --key ~/.ssh/id_rsa --pubkey ~/.ssh/id_rsa.pub \
    scp://example.net/~/videos/rhn_register.ogv

# To get a remote resource file size in bytes:
curl -sI http://example.com/css/base.css | awk '/Content-Length/ { print $2 }'

###

#
# Authentication
# https://ec.haxx.se/http/http-auth

# To make a request using Basic Authentication:
curl --user daniel:secret http://example.com/

# To ask curl to figure that out and then automatically use the most safe auhentication method it knows about:
curl --anyauth --user daniel:secret http://example.com/

# Same concept as above, but using a proxy server:
curl --proxy-anyauth --proxy-user daniel:secret http://example.com/ --proxy http://proxy.example.com:80/

# To specify an authentication method:
curl --digest --user daniel:secret http://example.com/
curl --negotiate --user daniel:secret http://example.com/
curl --ntlm --user daniel:secret http://example.com/