Command line tool and library for transferring data with URLs!

cURL
Report    Share

Browse by Company

Adobe, Apowersoft, Ashampoo, Autodesk, Avast, Corel, Cyberlink, Google, iMyFone, iTop, Movavi, PassFab, Passper, Stardock, Tenorshare, Wargaming, Wondershare

cURL

  -  6.5 MB  -  Freeware
Free Download

Safe & Secure

  • Latest Version

    cURL 8.19.0 LATEST

  • Review by

    Daniel Leblanc

  • Operating System

    Windows 7 / Windows 8 / Windows 10 / Windows 11

  • User Rating

    Click to vote

  • Author / Product

    Daniel Stenberg / External Link

  • Filename

    curl-8.19.0.zip

cURL (Client URL) is a command-line tool and library designed for transferring data using various network protocols.

Originally developed by Daniel Stenberg, it has become an essential tool for developers, system administrators, and security professionals.

cURL for Windows supports multiple protocols, including HTTP, HTTPS, FTP, FTPS, SCP, SFTP, LDAP, and many more.

It is widely used for automating data transfer tasks, testing APIs, and debugging network issues.

Key Features

Multi-Protocol Support – Supports HTTP, FTP, IMAP, SMTP, LDAP, and many other protocols.

Secure Data Transfer – Provides support for TLS and SSL encryption.

User Authentication – Supports basic, digest, NTLM, Negotiate, and Kerberos authentication.

Proxy Support – Works with HTTP, SOCKS4, and SOCKS5 proxies.

Automated Scripting – Ideal for batch processing and scripting.

Cookie and Session Management – Supports handling cookies and maintaining sessions.

Header and Data Manipulation – Allows setting custom headers and sending POST, GET, and other HTTP methods.

Resume and Bandwidth Control – Supports resuming interrupted downloads and controlling bandwidth usage.

Cross-Platform Availability – Works on Windows, Linux, macOS, and many other operating systems.

Open-Source – Free to use and modify under the MIT license.

User Interface

cURL does not have a graphical user interface (GUI); it operates exclusively via the command-line interface (CLI).

Users interact with cURL by typing commands in the terminal or command prompt.

While this may seem complex for beginners, it is incredibly powerful and flexible for experienced users.

Installation and Setup

Download – Visit the official website or FileHorse.com and download the latest Windows binary.

Extract Files – Unzip the downloaded file to a directory of your choice.

Set Environment Variables – Add the cURL directory to the Windows PATH variable to run it from any command prompt.

Verify Installation – Open the command prompt and run curl --version to check if it is installed correctly.

How to Use

Basic Web Request:

curl https://www.example.com

Download a File:

curl -O https://www.example.com/file.zip

Send POST Request with Data:

curl -X POST -d "param1=value1&param2=value2" https://api.example.com

Use Authentication:

curl -u username:password https://api.example.com

Use Proxy:

curl -x http://proxy.example.com:8080 https://www.example.com

FAQ

Is cURL free to use?
Yes, cURL is open-source and completely free under the MIT license.

Can cURL handle JSON data?
Yes, it can send and receive JSON data using headers and data payloads.

How do I check if cURL is installed on Windows?
Run curl --version in the command prompt to verify installation.

Does cURL support file uploads?
Yes, using -F or --upload-file options, you can upload files to a server.

Can cURL resume downloads?
Yes, use the -C - option to resume a previously interrupted download.

Alternatives

Postman – GUI tool for testing APIs and HTTP requests.

Wget – Another command-line tool focused on downloading files.

HTTPie – A user-friendly command-line HTTP client.

ARIA2 – A lightweight, multi-threaded download utility.

PowerShell Invoke-WebRequest – Built-in Windows command for making web requests.

Pricing

This tool is completely FREE and open-source. There are no paid plans or licenses required.

System Requirements
  • Operating System: Windows 7, 8, 10, 11
  • Processor: Any x86 or x64 processor
  • RAM: Minimum 512MB (1GB recommended)
  • Storage: Less than 10MB for installation
  • Network: Required for most functionalities
PROS
  • Supports a wide range of protocols.
  • Free and open-source.
  • Lightweight with minimal system requirements.
  • Powerful for automation and scripting.
  • Available across multiple platforms.
CONS
  • No graphical user interface.
  • Requires knowledge of command-line syntax.
  • Limited built-in documentation.
  • Can be complex for beginners.
Conclusion

cURL is a powerful and indispensable tool for developers, system administrators, and security professionals. With its extensive protocol support, automation capabilities, and lightweight footprint, it stands out as one of the best command-line utilities for data transfer.

Download cURL Latest Version
Why is this app published on FileHorse? (More info)

What's new in this version:

Changed:
- BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026
- cmake: add `CURL_BUILD_EVERYTHING` option
- mqtt: initial support for MQTTS
- tool: support fractions for --limit-rate and --max-filesize
- tool_cb_hdr: with -J, use the redirect name as a backup
- vquic: drop support for OpenSSL-QUIC
- windows: add build option to use the native CA store
- windows: bump minimum to Vista (from XP)

Fixed:
- altsvc: only accept 17 byte dates from files
- asyn-ares: abort with OOM error when Curl_dnscache_mk_entry fails
- async-ares: blocking resolve timeout handling, better
- badwords: move into ./scripts, speed up
- build: add missing `GENERATEDCERTS` files
- build: adjust minimum version for some clang picky warnings
- build: check `MSG_NOSIGNAL` directly, drop detection and interim macro
- build: constify `memchr()`/`strchr()`/etc result variables (cont.)
- build: detect and include `inttypes.h` again
- build: do not include wolfSSL header in `curl_setup.h`
- build: drop duplicate C includes
- build: drop global suppression of `-Wformat-nonliteral`, fix fallouts
- build: drop unused `snprintf()` feature check on Windows
- build: fix `-Wunused-macros` warnings, and related tidy-ups
- build: fix building rare combinations
- build: fully omit verbose strings and code when disabled
- build: globally suppress DJGPP warnings in `FD_SET()`
- build: merge TrackMemory (`CURLDEBUG`) into debug-enabled option
- build: move curl stat struct type to the curlx namespace
- build: opt-in MSVC to C99-style verbose logging logic
- build: require POSIX `strdup()`
- build: tidy up and dedupe `strdup` functions
- cf-socket: ignore SOCK_CLOEXEC etc for socktype equality checks
- cf-socket: use SOCK_CLOEXEC in socket_open when available
- checksrc-all.pl: skip non-repository files
- checksrc: do not apply `BANNEDFUNC` to struct member functions
- checksrc: warn for leading spaces before the preprocessor hash
- clang-tidy: add missing and delete redundant parentheses
- clang-tidy: add more missing parentheses in macro values
- clang-tidy: avoid/silence `bugprone-not-null-terminated-result`
- clang-tidy: check `bugprone-macro-parentheses`, fix fallouts
- clang-tidy: drop redundant conditions reported by `misc-redundant-expression`
- clang-tidy: enable `bugprone-signed-char-misuse`, fix fallouts
- clang-tidy: enable more checks
- clang-tidy: enable scanning headers
- clang-tidy: fix issues found with build-fuzzing
- clang-tidy: silence more minor issues found by v22
- cmake/FindMbedTLS: add workaround for missing static MSVC `mbedcrypto.lib` 4.0.0
- cmake: add `CURL_DROP_UNUSED` option to reduce binary sizes
- cmake: add native clang-tidy support for tests, with concatenated sources
- cmake: always build curlu and curltool test libs in unity mode
- cmake: always define `CURL::win32_winsock` on Windows in `curl-config.cmake`
- cmake: convert `curl_add_clang_tidy_test_target()` macro to function
- cmake: enable binutils ld workaround for all toolchains at build-time
- cmake: fix `LOCATION` property access condition (debug)
- cmake: fix `LOCATION` property read errors in target debug function
- cmake: fix building with `CMAKE_FIND_PACKAGE_PREFER_CONFIG=ON`
- cmake: fix confusing error when a dependency is undetected in `curl-config.cmake`
- cmake: fix logic for openssl/zlib binutils ld workaround
- cmake: fix passing system header directories to clang-tidy for tests
- cmake: fix system include directory position for clang-tidy in tests
- cmake: improve clang-tidy test command-line reproduction
- cmake: minor fixes to test targets after prev
- cmake: normalize uppercase hex winver (for display)
- cmake: omit `curl.rc` from curltool lib
- cmake: reference OpenSSL and ZLIB imported targets only when enabled
- cmake: replace internal option with a new `tt` (test tools) target
- cmake: silence potential unused var warnings in C++ test snippet
- cmake: silence silly Apple clang warnings in C89 mode, test in CI
- cmake: silence useless compiler warnings triggered by the FASTBuild generator
- cmake: skip binutils ld hack if zlib/openssl target is not `IMPORTED`
- cmake: warn for invalid `CURL_TARGET_WINDOWS_VERSION` values
- cmke: add `*_USE_STATIC_LIBS` options for 9 dependencies
- config-plan9: set `HAVE_STDINT_H` again
- config2setopts: acknowledge OOM error from CURLOPT_MIMEPOST
- config2setopts: fix for --disable-aws build configuration
- configure: drop always true `if` check (Windows)
- content_encoding: return 'identity' if none other exists
- curl: add -I and -i to -h important
- curl: limit Windows-specific code to Windows builds, other tidy-ups
- curl_easy_nextheader.md: a new transfer invalidates 'prev'
- curl_get_line: drop single-use macro
- curl_multi_perform.md: resolve inconsistency
- curl_ntlm_core: merge two `#if` blocks
- curl_setup.h: drop extra header guard for internal include
- curl_setup.h: merge back single-use internal header `curl_setup_once.h`
- curl_setup.h: simplify curl memory macro mappings
- curl_setup_once: allow CURL_DEBUGASSERT for customization
- CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md: fix available protocols
- curlx: drop unused `curlx_saferealloc()`
- digest: escape double quotes and backslashes in realm and nonce
- digest: fix memory leak in auth_create_digest_http_message()
- digest: handle quotes in the path
- docs/INSTALL: update configure details
- docs/libcurl: unify WARNING use
- docs: add LibreELEC to DISTROS.md
- docs: add reproducible example for generating man page
- docs: avoid starting sentences with However,
- docs: avoid using the word 'magic'
- docs: clarify --ipv4 and --ipv6
- docs: document the need for a 64-bit type and stdint.h
- docs: drop basically
- docs: explicitly call out Slowloris as not a security flaw
- docs: fix grammar nitpicks
- docs: handle error in `curl_global_init*` examples
- docs: replace instances of the vague qualifier 'quite'
- docs: reword explanation of --variable option
- docs: some nitpicks
- docs: use dot instead of comma at end of sentences
- easy: reset errorbuf on eyeballing success
- easy: reset pausing when resetting request
- examples/usercertinmem: use modern OpenSSL API, drop mentions of RSA
- examples: improve OpenSSL certificate examples
- examples: omit forward declarations, apply misc fixes
- FAQ: syntax improvements
- fopen.h: simplify curl memory macro mappings
- ftp: replace a `curlx_free()` with `curlx_dyn_free()`
- ftp: split ftp_state_use_port into sub functions
- GOVERNANCE.md: Post-Daniel BDFL
- gss: exclude verbose error logic from non-verbose builds
- h2+h3: align stream close handling
- hostip.c: fix leak of addrinfo
- hostip6: remove debug-only code
- hostip: fix unreachable code in rare build configuration
- http/3: add description for known server error codes
- http1: fix potential NULL dereference in `Curl_h1_req_parse_read()`
- http: only send bearer if auth is allowed
- http_aws_sigv4: fix query normalization of %2b
- imap: add a check for Curl_meta_get()
- imap: check `imap_sendf()` printf masks at compile-time
- imap: skip literals inside quoted strings
- include: avoid recursive macros
- include: mask computed auth/proto bitmasks to 32 bits
- INSTALL-CMAKE.md: document Apple framework options
- INSTALL.md: fix typo
- INSTALL.md: suggest `-Wl,-dead_strip` for Apple targets
- KNOWN_BUGS.md: absolute Unix domain filename for SOCKS on Windows
- ldap: silence clang-tidy v22 warning
- ldap: silence potential unused variable warning (OS400)
- lib: delete unused local includes
- lib: disable websockets early if no http
- lib: make sigpipe handling more lazy
- lib: reorder protocol functions to avoid forward declarations (email)
- lib: reorder protocol functions to avoid forward declarations (ftp)
- lib: reorder protocol functions to avoid forward declarations (misc cont.)
- lib: reorder protocol functions to avoid forward declarations (misc)
- lib: reorder protocol functions to avoid forward declarations (ssh)
- lib: separate scheme info from protocol implementation
- lib: skip compiling code with features disabled
- lib: use (u)int64_t instead of long long
- libcurl docs: reduce 'since ...' in descriptions
- libcurl-security.md: fix typos and add a point about URLs
- libtests: drop two redundant `memset()`s
- Makefile.am: delete RPM targets referencing non-existent files
- Makefile.am: drop stray VC project files from dist
- managen: silence Perl warnings
- mbedtls: guard TLS 1.3 + session tickets usage inside ifdef
- mbedtls: no pinnedpubkey wo MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- mbedtls: remove newline from failf() call
- mbedtls: split mbed_connect_step1 into sub functions
- md4, md5: drop redundant forward declarations
- md4, md5: replace custom types with `uint32_t`
- memdebug: include `backtrace.h` as system header
- mime: drop fallback for unused `R_OK` macro
- mimepost: allocate main struct on-demand
- mk-ca-bundle.pl: drop support for obsolete/insecure fingerprint algos
- mod_curltest: silence unused argument compiler warning
- mprintf: drop old sprintf fallback
- mprintf: rename internal enum to avoid collision with AmigaOS symbol
- mprintf: silence clang-tidy `readability-suspicious-call-argument`
- mprintf: use `_snprintf()` when compiled with VS2013 and older
- mqtt: better too-big-message-check
- mqtt: fix EOF handling
- mqtt: verify Remaining Length for CONNACK and PUBACK
- msvc: drop exception, make `BIT()` a bitfield with Visual Studio
- msvc: VS2026: unlock picky warning in cmake, test in CI
- multi: avoid a theoretical 32-bit wrap
- multi: fix unreachable code compiler warning
- multi: probe for IPv6 functionality in multi_init()
- multi: split multi_runsingle into sub functions
- multi: update timer unconditionally in multi_remove_handle
- ngtcp2: stabilize recv
- noproxy: simplify, don't mix const non-const in strchr()
- openldap: avoid forward declarations in ldaps code
- openssl+ech: workaround for insecure handshakes
- openssl: adapt to OpenSSL master adding const to more APIs
- OpenSSL: check reuse of sessions for verify status
- openssl: disable local keylog feature if built-in upstream
- openssl: fix compiler warning with OpenSSL master
- openssl: fix potential NULL dereference when loading certs (Windows)
- openssl: fix potential OOB read in debug/verbose logging
- plan9: drop special build and orphaned references
- proxy-auth: additional tests
- pytest: remove 03_02
- quiche: use PRIu64 for outputting the stream id
- rand: drop impossible preprocessor branches (wincrypt)
- rand: drop scan-build silencer
- ratelimit: download finetune
- request.h: rename parameter 'buf' to 'req' in Curl_req_send
- REUSE: drop broken reference to `MAIL-ETIQUETTE`
- rtsp: fix assertion failure on zero-length RTP payload
- rtspd: fix to check `realloc()` result
- runtests: pass config filename to stunnel in native format (Windows)
- schannel: refactor: reduce variable scopes, fix comment, fix indent
- send: drop `CURL_UNCONST()` from buffer argument on most platforms
- setopt: fix checking range for CURLOPT_MAXCONNECTS
- setopt: refuse blobs with zero length
- setup-os400.h: drop no longer used custom type `u_int32_t`
- sigpipe: unset SA_SIGINFO since it is using sa_handler
- silent.md: also mention it shuts off warning messages
- smb: free the path in the request struct properly
- smb: include arpa/inet.h for NonStop
- socket: check result of SO_NOSIGPIPE
- socketpair: clear 'err' when retrying due to EINTR
- socketpair: set SO_NOSIGPIPE where possible
- socks: ensure DNS is freed in failure cases.
- src: simplify declaring `curl_ca_embed`
- ssh: dedupe state change function
- stop using the word 'just'
- sws: prevent "connection monitor" to say disconnect twice
- synctime: fix use of uninitialized buffer on non-Windows
- system_win32: replace manual init code with `curlx_now_init()` call
- tests/server/sockfilt: avoid possible endless loop on Windows
- tests/server: drop unused `curlx/version_win32.c`
- tests/server: fix to clear the complete `srvr_sockaddr_union_t` variable
- tests/server: tidy-up error messages (Windows)
- tests: avoid assignment in `if` conditions in `first.h`
- tests: convert base64 data to %b64[]
- tftp: correct the filename length check
- timeout handling: auto-detect effective timeout
- tls: add new SSLSUPP flags for several options
- tls: remove checks for DEFAULT
- tool: enable header separation for HTTPS proxies
- tool: improve config error messaging
- tool: improve error/warning messages when output filename sanitization fails
- tool: rename curl handle and result variable in `--libcurl`-generated code
- tool: return code variable consistency
- tool_cb_hdr: suppress header output when --out-null
- tool_cb_prg: drop duplicate preprocessor logic
- tool_dirhie: drop superfluous `F_OK` fallback (Windows)
- tool_doswin: avoid memory-leak with CURL_FN_SANITIZE_*
- tool_doswin: avoid Windowsisms in socket code (cont.)
- tool_doswin: avoid Windowsisms in socket code
- tool_doswin: document `ENABLE_VIRTUAL_TERMINAL_PROCESSING` toolchain support
- tool_getparam: avoid `-Wcomma` with Apple clang in C89 mode
- tool_operate: remove 'else' for VMS
- tool_operate: reset the URL --url-query between --next
- typos: silence false positives found in C code
- unit3205: suppress two clang-tidy false positives
- URL-SYNTAX.md: fix port number mistakes for IMAP and LDAP
- url.c: code/comment cleanup around conn creation
- url.h: fix `-Wdocumentation`
- url: fix reuse of connections using HTTP Negotiate
- urlapi: use U_CURLU_URLDECODE when toggling it off unsigned
- urldata.h: remove two forward-declared structs not used
- urldata: byebye `conn->hostname_resolve`
- urldata: change 'keep_post' into three distinct bitfields
- urldata: convert 'long' fields to fixed variable types
- urldata: switch to uint* types
- usercertinmem: use the correct cert BIO
- verbose.md: explain the { and } prefixes
- vquic: fix unused variable warning reported by clang-tidy
- vquic: handle SOCKEMSGSIZE correctly
- vtls: dedupe common on-session-reuse logic
- vtls: use ALPN http/1.0 & http/1.1 for HTTP/1.0 requests
- VULN-DISCLOSURE-POLICY.md: push reports to the web form
- VULN-DISCLOSURE-POLICY.md: use hackerone
- winapi: use FormatMessageA instead of FormatMessageW
- windows: `USE_WINSOCK` to guard winsock2 code (where missing)
- windows: determine `RtlVerifyVersionInfo` address on global init
- windows: tidy up `wincrypt.h` / BoringSSL/AWS-LC coexist workaround
- wolfssl: fix build without USE_BIO_CHAIN
- ws/tftp: include header file even when protocol disabled
- x509asn1: make encodeOID stop on too long input

Top Downloads

More Popular Software »