I’ve run into a few scenarios, mostly when using Reddit, where I want to share a file with someone but don’t want it to share any identifying information. For example, one could easily add a file to their Google Drive or Dropbox account, but that could reveal your name or email address. 0x0.st and transfer.sh both offer solutions to this problem. Both of the aforementioned websites allow you to post files with curl from the command line, which is an added bonus for me, since I almost always have a terminal open on my laptop.
I’ll discuss the two websites a bit and then discuss a script I wrote that allows for simpler syntax and easy encryption of files.
- 0x0.st allows you to post files stored locally or on remote servers. It also offers url shortening, which is pretty nifty.
- File URLs are valid for at least 30 days and up to a year, depending on the file size.
- There are some blocked file types (e.g. android apks) and some warning to not use the platform for things such as piracy or crypto currencies. Refer to the website if you are unsure if what you’re posting is acceptable
- Tends to be a bit more reliable than transfer.sh, which has experienced occasional outages in the two months that I’ve been using it.
From the 0x0.st website:
This is what a real usage looks like:
Depending on when you are reading this, you may still be able to access the file: https://0x0.st/qVM.txt
You can either download the file by navigating to the url, or you could use another curl command:
As a bonus, I discovered a way to post from stdin as well:
- transfer.sh is an aesthetically pleasing alternative, great for sharing with people who won’t be using the command line
- You can upload files of up to 10 GB
- You can set a limit on the maximum number of downloads
- You can set a limit on how long the file is stored, which is a maximum of 14 days
I copied some of the examples from the transfer.sh website:
Standard upload and download:
Encrypt your files before transfer:
There are a ton more examples on the site, which I recommend looking at.
My transfer script
I wrote a bash script that hides the usage of curl for uploading/download and gpg for encryption/decryption to make for a more user friendly experience. It currently supports 0x0.st and transfer.sh. The features are as follows:
- Upload files
- Upload directories (archives them as they are being uploaded)
- Download files
- Encrypt files as they are being uploaded
- Decrypt files as they are being downloaded
- Decrypt files after they are downloaded
- Log urls to
- Provide default password with
- Upload a file or directory:
- Automatically encrypt a file or directory using a default password while uploading:
transfer -e <FILE|DIRECTORY>
- Automatically encrypt a file or directory using a provided password while uploading:
transfer -e -p <PASSWORD> <FILE|DIRECTORY>
- Download a file:
- Automatically decrypt a file using a default password while downloading:
transfer -d <URL>
- Automatically decrypt a file using a provided password while downloading:
transfer -d -p <password> <URL>
- Decrypt file with default password:
transfer -d <FILE>
- Decrypt file with a provided password
transfer -d -p <password> <FILE>
- Do all of the above but upload to https://0x0.st instead:
transfer -s 0x0.st <everything else>