Hacking with cURL: Unleash the CLI beast

Source:- GeeksforGeeks

Curl, or client URL is a command line tool that enables data exchange between a device and a server through a terminal. We can use this tool on almost every OS. Today’s blog is focused on how do we use it in our pentesting & bug bounties. Best thing about curl is it supports almost all major protocols i.e.- DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET, and TFTP.

When we use curl, what basically we are doing is, we are sending/recieving the data to/from a server. Now, think of some scenarios where we can use it in our pentests. Got any? If yes, good! If not, no worries let me explain.

First thing you can check in curl is, what you can do with it. Hit a simple command called

This will look something like this:-

Now if you can see, there are multiple options here. It depends on you what do you want to do with it, you can follow JavaTpoint for that!

Now, we can do a lot of stuff here with options. Sometimes, you have to submit a file to a remote server and if you want to do it with curl, there is a command:-

This will upload your file to desired server and then you can try RCEs etc.

Another great example of using curl in pentests is we can modify the default DNS config. It is more of a network pentest side but still, it does the job:-

DNS request to resolve the hostname will originate from or from eth1.

You can use curl to brute force/fuzz a login form as well:-

We can also try creating new users through curl:-

Capture a full trace of the HTTP request:-

We can use it to download a file from server as well:-

Identifying HTTP headers allowed on a server:-

Curl is also used in HTTP authentication. Authentication is used to inform the server user’s username and password so that it can authenticate that you’re allowed to send the request you’re sending. We can use this command to check it:-

We can specify a referer to a request:-

Last but not the lease, we all need log files! curl can also generate nice output to be processed by another tool. It can generate personalized outputs:

These are SOME of the best use cases from Curl. There could be many more cases such as getting request from GET/POST parameters etc but I have put the best ones which I know. Let me know in comment section, or my twitter DM if you have better ones. For now, enjoy these curl usage.

All the best! Happy hacking ❤

Twitter:- @manasH4rsh

Linkedin:- Manas Harsh



Information security Analyst | Synack Red Teamer | Writer | Learner, achiever & Contributor

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Manas Harsh

Information security Analyst | Synack Red Teamer | Writer | Learner, achiever & Contributor