Nimesh Thakur

Posted on Nov 23

I Built 404ping — A Lightweight API Testing CLI (curl + Postman had a baby)

#linux #webdev #javascript #programming

The Problem

Picture this: It's 2 AM. You're deep in API testing. You've got 15 endpoints to test, each with auth tokens, custom headers, and JSON bodies.

Option 1: Postman

Open Postman... loading... still loading
Internet hiccups? Request failed.
Crashes randomly. Lost your work.
500MB+ of RAM just sitting there.

Option 2: curl

curl -X POST https://api.example.com/auth/login \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -d '{"email":"test@example.com","password":"secret123"}'

Every. Single. Time. No memory. No variables. Copy-paste hell.

I was tired. So I built something better.

Introducing 404ping 🚀

Lightweight API testing CLI — curl with a brain.

# What used to be this nightmare...
curl -X POST https://api.myapp.com/auth/login \
  -H "Authorization: Bearer abc123" \
  -d '{"email":"test@test.com"}'

# Becomes this...
404ping run myapp:login

That's it. One command. Done.

Installation

# Clone it
git clone https://github.com/toklas495/404ping.git
cd 404ping

# Install & build
npm install
npm run build

# Now use it anywhere
404ping

You'll see this beautiful banner:

   _  _    ___  _  _         _             
  | || |  / _ \| || |       (_)            
  | || |_| | | | || |_ _ __  _ _ __   __ _ 
  |__   _| | | |__   _| '_ \| | '_ \ / _` |
     | | | |_| |  | | | |_) | | | | | (_| |
     |_|  \___/   |_| | .__/|_|_| |_|\__, |
                      | |             __/ |
                      |_|            |___/

Core Features

1️⃣ Simple Requests

Just like curl, but cleaner:

# GET request
404ping request https://api.example.com/users

# POST with JSON body
404ping request https://api.example.com/login \
  -X POST \
  -d '{"email":"test@example.com","password":"secret"}'

# With headers
404ping request https://api.example.com/me \
  -H "Authorization: Bearer mytoken"

2️⃣ Global Variables (Game Changer)

Set once, use everywhere with {{variable}} syntax:

# Set variables globally
404ping set host:https://api.myapp.com token:abc123 -g

# Now use them in any request
404ping request {{host}}/users/me -H "Authorization: Bearer {{token}}"

Why this matters:

Token expired? Update once: 404ping set token:newtoken -g
Testing staging? Change once: 404ping set host:https://staging.myapp.com -g
No more find-and-replace across 50 requests.

# List all variables
404ping vars

# Remove variables
404ping unset host token

3️⃣ Collections (Save Your Sanity)

Group related requests together:

# Create a collection
404ping collection create myapp

# Save requests to it
404ping collection save myapp login \
  -X POST {{host}}/auth/login \
  -d '{"email":"{{email}}","password":"{{pass}}"}'

404ping collection save myapp get-profile \
  {{host}}/users/me \
  -H "Authorization: Bearer {{token}}"

404ping collection save myapp update-user \
  -X PUT {{host}}/users/me \
  -d '{"name":"New Name"}' \
  -H "Authorization: Bearer {{token}}"

# List all collections
404ping collection list

# See requests in a collection
404ping collection show myapp

4️⃣ Run Saved Requests (The Magic)

This is where 404ping shines:

# Run any saved request instantly
404ping run myapp:login
404ping run myapp:get-profile
404ping run myapp:update-user

Override without saving:

# Test with different URL (temporary)
404ping run myapp:login -u "https://staging.api.com/auth/login"

# Test with different body (temporary)
404ping run myapp:login -d '{"email":"other@test.com","password":"test"}'

Override AND save:

# Permanently update the saved request
404ping run myapp:login -u "https://newapi.com/auth/login" --save

5️⃣ Collection-Scoped Variables

Use variables from specific collections:

# Reference collection variables
404ping request {{myapp.host}}/api/v1/users
404ping request {{another-project.host}}/api/endpoint

Output Options

# Show response headers
404ping request {{host}}/api/users -i

# Show response size
404ping request {{host}}/api/users --size

# Raw output (pipe to jq, files, etc.)
404ping request {{host}}/api/users --raw

# Request summary
404ping request {{host}}/api/users --info

# Full debug dump
404ping request {{host}}/api/users --debug

Real-World Workflow

Here's how I use 404ping daily:

# 1. Setup environment
404ping set host:https://api.target.com -g

# 2. Create project collection
404ping collection create target-app

# 3. Save auth request
404ping collection save target-app login \
  -X POST {{host}}/auth/login \
  -d '{"email":"test@test.com","password":"password123"}'

# 4. Test login
404ping run target-app:login

# 5. Got token? Save it!
404ping set token:eyJhbGciOiJIUzI1NiIs... -g

# 6. Save authenticated endpoints
404ping collection save target-app profile \
  {{host}}/users/me \
  -H "Authorization: Bearer {{token}}"

404ping collection save target-app admin-panel \
  {{host}}/admin/dashboard \
  -H "Authorization: Bearer {{token}}"

# 7. Test everything quickly
404ping run target-app:profile
404ping run target-app:admin-panel

# 8. Found IDOR? Test with different IDs
404ping run target-app:profile -u "{{host}}/users/123"
404ping run target-app:profile -u "{{host}}/users/456"

Why I Built This

I'm a bug bounty hunter. I test APIs all day.

Postman problems:

Heavy (500MB+ RAM)
Needs internet for sync
Crashes on my potato laptop
Slow startup

curl problems:

No memory (copy-paste everything)
No variables
Long commands for simple requests
Easy to make typos

404ping solution:

Lightweight (~50MB)
Works offline
Variables like Postman
Fast like curl
Collections for organization
Runs saved requests instantly

Command Cheatsheet

Command	Description
`404ping request <url>`	Send HTTP request
`404ping set <key:value> -g`	Set global variable
`404ping unset <keys>`	Remove variables
`404ping vars`	List all variables
`404ping collection create <name>`	Create collection
`404ping collection save <coll> <req>`	Save request
`404ping collection list`	List collections
`404ping collection show <name>`	Show collection requests
`404ping run <coll:req>`	Run saved request
`404ping run <coll:req> --save`	Run & save changes

Options Reference

Option	Alias	Description
`--method`	`-X`	HTTP method (GET/POST/PUT/DELETE)
`--data`	`-d`	JSON request body
`--header`	`-H`	Custom header (repeatable)
`--url`	`-u`	Override URL (in run command)
`--s_header`	`-i`	Show response headers
`--size`		Show response size
`--raw`		Raw output
`--info`		Request summary
`--debug`		Full dump
`--save`		Save overrides permanently
`--global`	`-g`	Save variable globally

What's Next?

Planning to add:

[ ] Environment files (.env support)
[ ] Request chaining (use response in next request)
[ ] Export to curl command
[ ] Import from Postman collections
[ ] Response assertions

Try It Out!

git clone https://github.com/toklas495/404ping.git
cd 404ping
npm install && npm run build
404ping --help

GitHub: github.com/toklas495/404ping

Final Thoughts

I built 404ping because I needed it. No fancy UI, no cloud sync, no subscription — just a fast CLI that remembers my requests.

If you're a bug bounty hunter, API developer, or anyone who tests APIs from terminal — give it a shot.

Found a bug? Have a feature request? Open an issue or PR. Let's build this together.

Happy hunting! 🎯

— Nimesh (toklas495)

If this helped you, drop a ❤️ and follow for more tools & writeups!

DEV Community