Linux Essentials: Curl Fundamentals

What is Curl?

Curl is a utility that allows you to transfer data to or from a network server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE).

 

  • It is a multi-platform tool.

 

Syntax

Curl <parameters/options> <URL>

 

Installation

  • Linux - sudo apt-get install curl
  • MacOS - brew install curl

 

 

 

Important commands to know

Basic query

 

Curl <url>

This will fetch the content of the specified URL, for example;

Curl hsploit.com

 

Downloading files

 

When you want to save the output of a query to a file:

 

Curl -o <file name.ext> https://hsploit.com -- This will download the webpage

 

Curl -o <ubuntu.iso> http://ubuntu.mirror.ac.ke/ubuntu-release/18.04.2/ubuntu-18.04.2-desktop-amd64.iso

 

 

You can also let curl automatically assign a name to the file

 

Curl -O http://ubuntu.mirror.ac.ke/ubuntu-release/18.04.2/ubuntu-18.04.2-desktop-amd64.iso

 

 

Downloading more than one file

curl -o hsploit.html https://hsploit.com -O http://ubuntu.mirror.ac.ke/ubuntu-release/18.04.2/ubuntu-18.04.2-desktop-amd64.iso

 

 

Redirects

In many cases, redirects may be set up (HTTP 3XX) request and to make curl automatically follow the redirect we use the -L command.

The HTTP protocol syntax is very important in curl, using the -L command essentially makes sure you are directed to the real URL/working URL.

 

Example: curl https://hsploit.com

 

Curl -L -o  hsploit.html https://hsploit.com

 

 

Querying Response Headers

You can also view and analyze the response headers being sent by the server, can help in web assessments.

 

Curl -I https://hsploit.com

 

View connection details

 

Curl -v https://hsploit.com

 

 

Crafting Post Requests

 

We can craft post requests with different parameters to test

 

curl --data "log=admin&pwd=wordpress" http://192.168.1.103/wp-login.php
Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Releated

SSH Brute-force Protection With Fail2Ban

Fail2Ban is an intrusion prevention framework written in Python that protects Linux systems and servers from brute-force attacks. We can setup Fail2Ban to provide brute-force protection for SSH on our server, this will ensure that the server is secure from brute-force attacks and it also allows us to monitor the strength of the brute-force attacks […]

Share this post

SUDO Security Bypass Vulnerability – CVE-2019-14287

Vulnerability Details: Release date: 14th October 2019 CVE ID: CVE-2019-14287 Affected Versions: Versions prior to <= 1.8.28 https://www.sudo.ws/alerts/minus_1_uid.html Brief description of vulnerability The security policy bypass vulnerability that allows users on a Linux system to execute commands as root, while the user permissions in the sudoers file explicitly prevents these commands from being run as […]

Share this post