Wget Command Generator
Build a wget command for downloads, mirrors, API fetches, and FTP pulls with shell-aware quoting, import parsing, and safety warnings.Generated result
Generated result
Headers:
| Field | Value | Copy |
|---|---|---|
| {{ row.label }} | {{ row.value }} | |
| No summary available. | ||
A wget line often survives longer than the terminal where it was first typed. It may be pasted into a runbook, attached to a support ticket, saved in a deployment note, or handed to someone who will run it on a different operating system. In those settings, the command needs to describe the transfer job clearly enough that another person can see the target, request identity, retry behavior, saved filename, crawl scope, and safety tradeoffs before anything touches the network.
Wget is built for non-interactive retrieval. It can download a single file, resume an interrupted transfer, send HTTP headers for an API-style request, authenticate to HTTP or FTP, and follow links for recursive retrieval. Those uses look similar at first because they all begin with a URL, but the intent changes the command. A one-file archive usually needs careful output naming and resume behavior. A static site mirror needs depth, no-parent limits, wait timing, link conversion, and attention to robots.txt. An API fetch may need Accept or Authorization headers and a User-Agent value that matches the service expectation.
| Transfer choice | What changes | Common mistake |
|---|---|---|
| Single download | Target URL, output file, download directory, progress display | Saving under an unexpected name or overwriting a local file. |
| Resumable download | Continuation, retry count, retry wait, timeout, rate limit | Assuming every server supports partial-file resume. |
| Header-based request | User-Agent, Referer, Accept, Authorization, and other headers | Putting bearer tokens, cookies, or private URLs into reusable text. |
| Recursive retrieval | Mirror mode, depth, no-parent, filters, waits, robots.txt behavior | Fetching far more than the starting page or overloading a server. |
Shell choice is more than cosmetic. A value that is harmless in Bash can be misread in PowerShell or Windows CMD if quotes, path prefixes, or line continuations are wrong. Long flags are easier to review in shared notes, while short flags are useful when the operator already knows the option set and wants a compact line.
The most important limit is that a valid-looking command is not automatically a good one. A crawl can be too broad, a Referer can reveal private context, a User-Agent can misrepresent the client, and credentials can leak through shell history, process lists, screenshots, or copied files. A reliable wget command is a reviewed transfer plan, not just a pasted URL.
How to Use This Tool:
Start with the kind of transfer you need, then review the generated command and the option summary before copying it into a terminal.
- Choose Preset when the job fits Quick download, Resume large file, Mirror static site, API fetch, or FTP transfer. Pick Custom when none of those starter profiles matches the command you want to build.
- Enter a complete URL and choose the destination Shell. The generator accepts HTTP, HTTPS, and FTP targets. The shell selection changes quoting, home-directory handling, line continuation, and the Nushell external-command prefix.
- Set Output file when the saved filename must be explicit, and use Download directory when the result should land under a specific local folder. Leave the output file blank when wget should use the remote filename or server-provided filename behavior.
- Open Advanced for request identity and transfer behavior. Use User-Agent, Referer, and Headers for HTTP request details; use continuation, timestamping, no-clobber, retries, waits, timeout, and rate limit for reliability and pacing.
- For recursive work, verify Recursive download, Mirror mode, Recursive depth, Convert links, No parent, Ignore robots.txt, Accept patterns, and Reject patterns. A mirror preset is a starting point, not permission to crawl a site without limits.
- Use Import wget command when you already have a command to clean up or convert. The importer understands common long flags, short flags, selected combined short flags, headers, output paths, crawl options, timing options, and HTTP or FTP credentials, but unsupported shell logic should still be checked manually.
- Stop on Errors and fix the named field. Treat Warnings as review prompts, then compare Wget Command, Command Option Table, and JSON so the copied command, audit table, and structured record agree.
Interpreting Results:
The generated command is the runnable text, but the fastest sanity check is often the summary above it. Confirm the host, scheme, flag count, flag style, output name, resume state, recursive state, retries, and rate limit before reading individual tokens. If those signals do not match the transfer you intended, change the fields first.
The Command Option Table is the safer handoff view for peer review because it separates the same command into readable fields. Use it to check URL, Output file, Directory, User-Agent, Referer, Headers, Resume, Recursive, Authentication, Retries, Wait, Limit rate, and Flags.
- Do not run the command while Errors are present; command generation is intentionally blocked.
- Review every Warning against the option table, especially malformed headers, blank custom User-Agent values, random wait without a base wait, and blank passwords.
- Long flags are usually easier to audit. Short flags and combined short flags are compact, but they require more wget familiarity from the person reviewing the line.
- Masking in JSON does not make the whole record secret-safe. URLs, header values, usernames, and hostnames can still disclose private systems.
- Test crawl, TLS certificate bypass, authentication, and rate-limit choices on a small target before adding the command to a repeatable job.
Technical Details:
Wget command syntax is a sequence of a command name, option flags, option values, and one or more URLs. This generator emits one target URL so the line stays reviewable, then builds a command from request, storage, transfer, crawl, pacing, filter, and authentication choices. Absolute HTTP, HTTPS, and FTP URLs are accepted; unsupported schemes are blocked before any command text is shown.
Option order is chosen for readability. Identity and header flags appear before storage flags, transfer controls, crawl controls, pacing controls, filters, credentials, and the final URL. That order does not make every wget option order-dependent, but it does make the line easier to audit because related decisions sit near each other.
Transformation Core:
| Stage | Inputs | Command effect | Audit question |
|---|---|---|---|
| Target | URL, Shell | Uses one HTTP, HTTPS, or FTP URL and quotes it for the selected shell. | Do the scheme and host match the system you meant to contact? |
| Request identity | User-Agent, Referer, Headers | Adds request-identification flags and repeated header flags. | Are tokens, cookies, and private context still placeholders? |
| Storage | Output file, Download directory, content disposition | Controls forced filename, destination directory, or server filename handling. | Will the result overwrite, duplicate, or hide a file unexpectedly? |
| Transfer behavior | Continue, timestamping, no-clobber, progress, quiet mode, TLS certificate bypass | Controls resume, freshness, overwrite behavior, logging, and certificate checking. | Is the command safe for the network and trust boundary where it will run? |
| Crawl scope | Recursive download, mirror mode, depth, link conversion, no-parent, robots.txt override, accept and reject patterns | Controls traversal, local link rewriting, directory limits, and file selection. | Can the command leave the intended site path or fetch too much? |
| Pacing and filters | Wait, random wait, retries, retry wait, timeout, rate limit, accept patterns, reject patterns | Adds delay, retry, timeout, bandwidth, and filename filter flags. | Will retries and crawl speed be polite enough for the target server? |
Rule Core:
| Condition | Result | What to fix or verify |
|---|---|---|
| URL is blank, malformed, or not HTTP, HTTPS, or FTP | Blocking error | Enter a full supported URL before using any generated command. |
| Header text is missing a colon or a header name | Warning | Use a Name: value shape and confirm the Headers row count. |
| Custom User-Agent is selected with no value | Warning | Enter the exact string, choose a preset, or return to the wget default. |
| Random wait is on while Wait between files is zero | Warning | Add a positive wait value or turn random wait off. |
| Retry attempts, retry wait, or timeout is negative | Blocking error | Use zero to omit the setting or enter a positive value. |
Limit rate does not look like 500k, 2m, or a byte value |
Warning | Check the suffix before relying on the throttle. |
| Mirror mode and positive Recursive depth are both set | Warning | Review the final Flags row because the command can include both mirror and level flags. |
| Authentication is enabled without a username | Blocking error | Provide a username or set Authentication back to None. |
| Authentication password is blank | Warning | Leave it blank only when prompting at runtime is intentional. |
Shell Quoting Map:
Every non-flag argument is quoted after the option list is assembled. Bash, Zsh, and POSIX sh use single-quoted arguments and backslash line continuations when multi-line output is enabled. fish uses its own single-quote escaping. PowerShell doubles apostrophes inside single-quoted values and uses backtick continuations. Nushell runs the external command with the ^wget prefix and remains single-line. Windows CMD uses double quotes and maps ~/ paths to %USERPROFILE%.
Importing a command reverses part of that process. The parser reads one command that starts with wget, recognizes common long and short flags, expands selected combined short flags, and maps supported options back into fields. It is a convenience for ordinary wget lines, not a shell interpreter. Review the regenerated command whenever the imported text used variables, command substitution, unusual quoting, or options outside the supported set.
Privacy Notes:
Generating the command does not run wget and does not contact the target URL. The privacy risk begins when sensitive text is typed into the fields, copied, downloaded, exported, pasted into a terminal, saved in shell history, or shared with someone else.
- Passwords can appear in the generated command when the password field is filled.
- The JSON view masks the password value, but it can still include sensitive URLs, headers, usernames, and hostnames.
- Authorization headers, cookies, signed URLs, and private filenames should be placeholders until final execution.
- No check certificate disables TLS certificate validation and can hide a server-identity problem.
- Ignore robots.txt should be limited to targets you own or are explicitly allowed to crawl.
Worked Examples:
Large archive on an unreliable link. A release manager enters an archive download URL, keeps Shell set to Bash/Zsh, sets Output file to archive.tar.gz, enables Continue partial download, sets Retry attempts to 5, Retry wait to 15, and Timeout to 60. The Resume row reads Enabled, Retries reports 5 attempts, 15s waitretry, and Flags includes continuation, tries, waitretry, and timeout flags.
API-style fetch with headers. An operator starts from API fetch, keeps Authorization: Bearer YOUR_TOKEN as a placeholder, and adds Accept: application/json. If the pasted header says Authorization Bearer TOKEN without a colon, Warnings names the malformed header line and the Headers row shows fewer headers than expected. Fixing the colon restores the header count before the command is copied.
Small static mirror. A documentation owner uses Mirror static site, keeps No parent, leaves Ignore robots.txt off, sets Wait between files to 1, and keeps Random wait on. The Recursive row should read Mirror, while Flags should show mirror, link conversion, no-parent, wait, and random-wait choices. If Recursive depth is also set, the warning is a prompt to inspect the final Flags row before running a crawl.
FTP credentials with runtime prompting. A user imports wget ftp://ftp.example.com/pub/example.iso --continue --limit-rate=1m, then changes Authentication to FTP credentials and enters anonymous as Username while leaving Password blank. The password warning is expected when runtime prompting is intentional, and Limit rate should read 1m.
FAQ:
Why does the command change when I switch shells?
The transfer choices stay the same, but quotes, home-directory handling, line continuation, and the command prefix differ by shell. Choose the shell that will actually receive the pasted command.
Can I import an existing wget command?
Yes. Paste one command that starts with wget. The importer fills supported fields, then you should compare Wget Command and Command Option Table because variables, command substitution, and unsupported options may not survive the import.
Why am I getting a header warning?
Each extra header needs a name, a colon, and a value. Use a shape such as Accept: application/json or Authorization: Bearer YOUR_TOKEN, then confirm the Headers row count.
Should I use mirror mode or recursive download?
Use Mirror mode when you want wget's mirror-oriented behavior for a site copy. Use Recursive download with explicit depth, no-parent, accept patterns, and reject patterns when you need tighter crawl control.
Is a blank password ever useful?
It can be useful when you want wget to prompt at runtime instead of embedding the secret in copied command text. The warning reminds you to decide whether that is intentional.
Does generating the command download anything?
No. The generated text is only a command. The target server is contacted only after you run the command in your own terminal or script.
Glossary:
- Wget
- A command-line retrieval program commonly used for non-interactive HTTP, HTTPS, and FTP downloads.
- User-Agent
- A request header value that identifies the client software or chosen client identity sent to a server.
- Referer
- A request header that can tell a server which page or application context led to the request.
- Recursive retrieval
- Following links from a starting URL so wget can fetch more than one resource.
- Mirror mode
- A wget mode used for site-copy jobs with recursive and timestamp-oriented behavior.
- No-parent
- A crawl limit that keeps recursive retrieval from climbing above the starting URL path.
- robots.txt
- A site-published crawl instruction file that responsible automated clients are expected to check.
- Rate limit
- A bandwidth cap such as
500kor2mused to slow a transfer.
References:
- GNU Wget Manual, GNU Project and Free Software Foundation.
- RFC 9309: Robots Exclusion Protocol, RFC Editor.
- User-Agent header, MDN Web Docs.
- Referer header, MDN Web Docs.
- How to send custom headers with wget, simplified.guide.
- How to change the user agent in wget, simplified.guide.
- How to prevent overwriting existing files with wget, simplified.guide.
- How to honor Content-Disposition filenames in wget, simplified.guide.