Linux Essentials: Curl Fundamentals

What is Curl?

Curl is a utility that allows you to transfer data to or from a network server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE).


  • It is a multi-platform tool.



Curl <parameters/options> <URL>



  • Linux - sudo apt-get install curl
  • MacOS - brew install curl




Important commands to know

Basic query


Curl <url>

This will fetch the content of the specified URL, for example;



Downloading files


When you want to save the output of a query to a file:


Curl -o <file name.ext> -- This will download the webpage


Curl -o <ubuntu.iso>



You can also let curl automatically assign a name to the file


Curl -O



Downloading more than one file

curl -o hsploit.html -O




In many cases, redirects may be set up (HTTP 3XX) request and to make curl automatically follow the redirect we use the -L command.

The HTTP protocol syntax is very important in curl, using the -L command essentially makes sure you are directed to the real URL/working URL.


Example: curl


Curl -L -o  hsploit.html



Querying Response Headers

You can also view and analyze the response headers being sent by the server, can help in web assessments.


Curl -I


View connection details


Curl -v



Crafting Post Requests


We can craft post requests with different parameters to test


curl --data "log=admin&pwd=wordpress"
Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *


SSH Brute-force Protection With Fail2Ban

Fail2Ban is an intrusion prevention framework written in Python that protects Linux systems and servers from brute-force attacks. We can setup Fail2Ban to provide brute-force protection for SSH on our server, this will ensure that the server is secure from brute-force attacks and it also allows us to monitor the strength of the brute-force attacks […]

Share this post

SUDO Security Bypass Vulnerability – CVE-2019-14287

Vulnerability Details: Release date: 14th October 2019 CVE ID: CVE-2019-14287 Affected Versions: Versions prior to <= 1.8.28 Brief description of vulnerability The security policy bypass vulnerability that allows users on a Linux system to execute commands as root, while the user permissions in the sudoers file explicitly prevents these commands from being run as […]

Share this post