netsleuth's req CLI is an advanced command-line HTTP client that takes inspiration from curl and httpie, and adds its own unique flavor.

$ req
GET /example.json HTTP/1.1
User-Agent: netsleuth/1.0.1 (req; +

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 17

{ hello: 'world' }

$ req POST Header:val foo=bar n=5
POST /example.json HTTP/1.1
User-Agent: netsleuth/1.0.1 (req; +
Header: val
Content-Type: application/json
Accept: application/json, */*
Content-Length: 19

{ foo: 'bar', n: 5 }

HTTP/1.1 202 Accepted
Content-Type: application/json; charset=utf-8
Content-Length: 2


req comes with a number of features not found elsewhere:

Usage examples can be found here.

Make sure you've installed netsleuth globally (npm install -g netsleuth) to have req available on your PATH. The following content is also available by running req --help.


req [options] [method] <url> [<param>...]
req <command>

By default, req will print HTTP headers on stderr and the response body on stdout. In addition, the request and response details will be sent to the netsleuth GUI, which is available at http://localhost:9000/inspect/req-cli

Positional arguments:


The HTTP request method. Any uppercase word accepted. Default: GET or POST depending on whether there is data to be sent in the request body.


The request URL. May be fully-qualified, or use shorthand:

Default to localhost

Without an explicit hostname, req will assume localhost.

req /foo ->
req :3000/foo ->

// and s//

Shortcut for http:// and https://.

req //host/foo -> http://host/foo

Named profile

req allows you to configure named profiles with a saved Origin URL, cookies, and default headers. See the section on Profiles below.

req profilename/foo ->

With fully-qualified URLs, you may also specify auth credentials using the standard URL auth notation. Username + password credentials are sent using HTTP Basic auth. If no password is specified, the username is sent as a Bearer token.

req http://user:pass@localhost/foo -> "Authorization: Basic dXNlcjpwYXNz"
req http://t0k3n@localhost/foo -> "Authorization: Bearer t0k3n"


Use the special har: scheme to specify that req should make a request by replaying from a HAR file on disk (or har:! to read the system clipboard). Optionally use entry to search request URLs or specify the the request entry by index (default 0). Later params can override any properties loaded from the HAR.

req har:file.har bar=baz
req har:file.har#/foo


Any number of additional space-separated parameters may be specified. Values may be quoted as necessary.

key=value and key==value

The request body will be set to a JSON object with this key/value added.

req /foo n=1 a==1 b="x y" c=z -> {"n":1,"a":"1","b":"x y","c":"z"}
req /foo a=\\@a b=\\=b -> {"a":"@a","b":"=b"}
req /foo obj.a=1 obj.b=2 -> {"obj":{"a":1,"b":2}}
req /foo arr[]=1 arr[]=2 -> {"arr":[1,2]}


Reads and buffers this file and adds its content to the request body. If the file can be parsed as JSON, the object itself is set on the property. Otherwise, the raw contents are set as a string.

req /foo bar=@bar.json -> {"bar":{"from":"file"}}
req /foo bar=@bar.txt -> {"bar":"stuff from file"}


URL parameters to be merged in to the request URL. (Useful to avoid shell-escaping &s and manual URL-encoding.)

req /foo ?q="bar baz" ?p=1 -> http://localhost/foo?q=bar%20baz&p=1


Adds a request header.

req /foo X-Signature:"xyz" -> X-Signature: xyz


The request body will be streamed from this file. If a Content-Type header is not explicitly specified, req will try to guess based on file extension or fall back to application/octet-stream. Cannot be mixed with key=value params.

req PUT /foo @~/example.json


If the <url> uses a Profile, req will copy JSON properties saved in the Profile under this name to the request body. Later params can override. Assuming the “proj” Profile has a payload named “bar” with the value {a:1, b:2, c:3}:

req proj/foo +bar b=5 -> {"a":1,"b":5,"c":3}

– raw body

The text following -- (and a space) will be transmitted as the request body. req will not apply any modification to the text, but normal shell escaping rules apply. Cannot be mixed with key=value, @filepath, or +payload params, but Header:value params may be specified before the --.

–paste clipboard

If the --paste option is specified, req will use your system clipboard contents as the request body. Only plain text is supported. If the text parses as JSON, you may use key=value params to override keys in the pasted data.


req supports named profiles, which are a set of default options for a particular host. This allows you to send saved headers with your requests, without having to specify them on the command line every time.

Profiles can be managed using the req profile command. See req profile --help for more details. Alternatively, manually edit ~/.sleuthrc.

Use profiles by typing the profile name in place of the protocol+host part of the URL. Any params on the command line override the profile’s defaults.

req profilename/foo a=1

Standard in/out

req prints most of its output on stderr; only the HTTP response body is printed to stdout. This means shell pipes and redirection work exactly as one might expect.

req GET /page > page.html
req POST /upload -t jpg < cat.jpg
req /foo | req --txt /bar

If stdout is connected to a terminal, JSON responses are buffered, parsed, and pretty-printed. Otherwise (or if --raw is set), the response is streamed out unmodified.


Additional commands are available which manage req’s configuration and environment. Type req <command> --help for details of each command.



HTTP Behavior
  --no-follow, -F  Do not follow HTTP 3xx redirects                    [boolean]
  --continue       Send Expect: 100-continue and wait for a 100 before sending
                   request body                                        [boolean]
  --txt            Set request Content-Type: text/plain (utf8)         [boolean]
  --json           Set request Content-Type: and Accept: application/json, and
                   treat response as JSON regardless of Content-Type   [boolean]
  --bin            Set request Content-Type: application/octet-stream  [boolean]
  --type, -t       Set request Content-Type to the mimetype normally associated
                   with the specified file extension
  --charset, -h    Add a `charset` directive to the request Content-Type.
  --gzip, -z       Set Accept-Encoding: gzip                           [boolean]
  --gzip-req, -Z   Compress the request body                           [boolean]
  --ua, -u         Use a common User-Agent string.  Choices:
                   {chrome,firefox}[-{win,mac,linux}] safari edge ie ios android
  --enc            Force the response body to be treated as text with this
                   character encoding
  --no-ua, -U      Do not set default User-Agent                       [boolean]
  --1945           Strictly follow RFC1945 when handling HTTP 301/302 redirects
                   and do not change the request method                [boolean]

  --raw, -r         Response body should be streamed out unmodified (ie disable
                    pretty-printing)                                   [boolean]
  --quiet, -q       Do not print any HTTP information, only the response body in
                    the terminal                                       [boolean]
  --term-enc        Character encoding used when sending data to the terminal
                                                              [default: "utf-8"]
  --max-length, -l  Maximum length of body data to print to the terminal (0 for
                    no limit)                         [number] [default: 156160]
  --diff            Diff the request/response against one saved in this HAR file
                    (or - for stdin, or ! for clipboard).  Use #entry to search
                    request URLs or specify an entry index (like har: scheme,
                    above; default 0)

Network Behavior
  --secure, -s     Force TLS (https)                                   [boolean]
  --insecure, -S   Ignore TLS certificate errors                       [boolean]
  --ca             Validate TLS certificates using the CA certificate(s) in this
  --client-cert    Present TLS client certificate from this PEM or PFX file
  --client-key     File containing key for PEM client-cert
  --client-key-pw  Password for client certificate's private key
  -4               Use IPv4 only                                       [boolean]
  -6               Use IPv6 only                                       [boolean]
  --bind           Local interface to bind for network connections
  --max-upload     Limit request upload to this number of [kmg]bytes/sec
  --max-download   Limit response download to this number of [kmg]bytes/sec

  --inspector, -i     Inspector GUI tab to send this request to
                                                            [default: "req-cli"]
  --no-inspector, -I  Do not send this request to the Inspector GUI    [boolean]

  --out-enc   Enable character encoding conversion and use this encoding when
              sending data to non-terminal outputs.
  --har       Write request and response details to a HAR file located at this
              path, or - for stdout.  If the file already exists, data will be
  --copy, -c  Copy response body to clipboard                          [boolean]

  --paste, -v  Send clipboard contents as request body                 [boolean]

  --version             Show version number                            [boolean]
  --chrome-cookies, -C  Use your browser's cookies for this request    [boolean]
  --help, -?            Show my help                                   [boolean]

Options may appear anywhere on the command line (before or after positional arguments).