curl
Transfer data from or to a server
TLDR
Make an HTTP GET request and dump the contents in stdout
Make an HTTP GET request, follow any 3xx redirects, and dump the reply headers and contents to stdout
Download a file, saving the output under the filename indicated by the URL
Send form-encoded data (POST request of type application/x-www-form-urlencoded). Use --data @file_name or --data @'-' to read from stdin
Send a request with an extra header, using a custom HTTP method and over a proxy (such as BurpSuite), ignoring insecure self-signed certificates
Send data in JSON format, specifying the appropriate Content-Type header
Pass client certificate and private key for the request, skipping certificate validation
Resolve a hostname to a custom IP address, with verbose output (similar to editing the /etc/hosts file for custom DNS resolution)
SYNOPSIS
curl [options] [URL ...]
PARAMETERS
-d, --data <data>
Sends specified data in POST or PUT request body
-H, --header <header>
Passes custom header line to server
-I, --head
Fetches headers only (HEAD request)
-L, --location
Follows HTTP redirects
-o, --output <file>
Writes output to file instead of stdout
-O, --remote-name
Saves file with remote name
-X, --request <command>
Specifies HTTP method (e.g., POST, DELETE)
-u, --user <user:password>
Server login credentials
-v, --verbose
Enables verbose output for debugging
-s, --silent
Silent mode, no progress meter or errors
-k, --insecure
Skips SSL certificate verification
-c, --cookie-jar <file>
Saves cookies to file
-b, --cookie <data>
Reads cookies from file or string
-f, --fail
Fails silently on HTTP errors (no output)
--max-time <seconds>
Maximum time allowed for operation
-i, --include
Includes HTTP headers in output
-w, --write-out <format>
Custom output on completion (e.g., %{http_code})
-A, --user-agent <agent>
Sets User-Agent string
--progress-bar
Replaces progress meter with simple bar
-K, --config <file>
Reads options from config file
--connect-timeout <seconds>
Max time to connect
-J, --remote-header-name
Uses header-filename for -O output
--proxy <proxy>
Uses specified proxy server
DESCRIPTION
curl is a versatile command-line utility for transferring data using URL syntax. It supports numerous protocols like HTTP, HTTPS, FTP, SFTP, SMTP, IMAP, and over 20 others, enabling uploads, downloads, API interactions, and server testing. Designed for scripting and automation, curl handles POST requests, authentication, cookies, proxies, and custom headers effortlessly.
By default, it fetches data to stdout, perfect for piping (e.g., curl URL | grep pattern). Options provide fine control: verbose logging for debugging, silent mode, timeouts, and progress meters. curl is non-interactive, lightweight, and cross-platform, making it indispensable for developers, sysadmins, and CI/CD pipelines. Its companion libcurl library powers tools like git and web browsers.
curl excels in reproducibility—exact requests via options—and security features like OCSP stapling. Widely pre-installed on Linux, it's a go-to for quick HTTP checks or complex transfers.
CAVEATS
Outputs to stdout by default; redirect or use -o to save. Large responses can flood terminals. -k disables SSL checks—risky for production. No built-in decompression; pipe to gunzip. Rate-limited sites may block aggressive use.
COMMON EXAMPLES
curl https://example.com (fetch page)
curl -O https://example.com/file.tar.gz (download file)
curl -d 'key=value' https://api.example.com (POST data)
curl -u user:pass -L https://protected.com (auth + redirect)
PROTOCOLS SUPPORTED
DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP (27+ total)
HISTORY
Developed by Daniel Stenberg in 1996 for geocities mirroring. First public release March 20, 1998 (v4.0). Evolved from single-protocol tool to multi-protocol powerhouse supporting 28+ protocols by v8.x (2023). Open-source under MIT license; libcurl extracted in 2001. Actively maintained by curl team.
