Aquaboutic | Focus Security Research | Vulnerability Exploit | POC

 Home

common usage of curl in penetration

Posted by zura at 2020-03-06
all

Curl is an open source file transfer tool that uses URL syntax to work on the command line. There are many functions and parameters, however, what can we do with curl in penetration testing? For example, welcome to clap bricks! The download address of the tool is as follows:

https://curl.haxx.se/download.html

Regular visit

curl http://www.myh0st.cn

File name regular

curl ftp://ftp.myh0st.cn/file[1-100].txt  

curl ftp://ftp.myh0st.cn/file[1-100:10].txt  

curl ftp://ftp.myh0st.cn/file[001-100].txt  

curl ftp://ftp.myh0st.cn/file[a-z].txt  

curl  ftp://ftp.myh0st.cn/file[a-z:2].txt  

Domain name regular

curl http://site.{one,two,three}.com  

Directory regularization

curl http://www.myh0st.cn/archive[1996-1999]/vol[1-4]/part{a,b,c}.html  

General download page

curl -o index.html http://www.myh0st.cn/  

curl http://www.myh0st.cn/ > index.html  

Add download progress bar

curl -# http://www.myh0st.cn/   > index.html  

Use different versions of HTTP protocol

Default version 1.0

curl -0 http://www.myh0st.cn  

Specified version

curl --http1.1 http://www.myh0st.cn

curl --http2 http://www.myh0st.cn  

Access with different SSL versions

Tlsv1

curl -1 http://www.myh0st.cn  

curl --tlsv1 http://www.myh0st.cn

Sslv2

curl -2 http://www.myh0st.cn  

curl --sslv2 http://www.myh0st.cn

SSLv3

curl -3 http://www.myh0st.cn  

curl --sslv3 http://www.myh0st.cn

Using different IP Protocols

IPv4

curl -4 http://www.myh0st.cn  

curl --ipv4 http://www.myh0st.cn

IPv6

curl -6 http://www.myh0st.cn  

curl --ipv6 http://www.myh0st.cn

Specify user agent

curl -A "wget/1.0" http://www.myh0st.cn  

curl --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"  http://www.myh0st.cn  

curl --user-agent "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)"  http://www.myh0st.cn  

Specify cookie

curl -b "phpsession=Testtest" http://www.myh0st.cn  

curl --cookie "name=Daniel" http://www.myh0st.cn  

Specify cookie file

curl -c cookies.txt http://www.myh0st.cn  

curl --cookie-jar cookies.txt http://www.myh0st.cn  

Submit post data

curl -d "username=admin&password=pass" http://www.myh0st.cn  

curl --data "birthyear=1905&press=%20OK%20"  http://www.myh0st.cn/when.cgi

curl --data-urlencode "name=I am Daniel" http://curl.haxx.se

curl --data "<xml>" --header "Content-Type: text/xml" --request PROPFIND url.com

Specify the referer

curl -e "http://www.myh0st.cn/referer" http://www.myh0st.cn  

curl --referer http://www.myh0st.cn/referer http://www.myh0st.cn  

Specify header

curl --header "Host:www.myh0st.cn" http://www.myh0st.cn  

Display the header of the visited web page

curl -D - http://www.myh0st.cn  

curl --dump-header headers_and_cookies http://www.myh0st.cn

Follow location to jump to page

curl -L http://www.myh0st.cn

curl --location http://www.myh0st.cn

Specify DNS to visit website

curl --dns-servers 8.8.8.8 http://www.myh0st.cn

Specify a certificate to visit HTTPS's web page

curl --cert mycert.pem https://www.myh0st.cn

summary

You can download this software to play by yourself. It may not be completely sorted out. As an excellent command-line web browsing tool, it can help us a lot in the actual penetration. It depends on how you play. Please leave a message below if you have any suggestions or comments.

© 2023