https://www.comparitech.

com/net-admin/kali-linux-cheat-sheet/
The tools that we will look at in this guide are:
1. Aircrack-ng A packet sniffer for wireless LANs.

2. Autopsy A graphical interface to The Sleuth Kit, which aids forensic

exploration of hard disks.

3. Armitage A front end for Metasploit tools that manages attack

strategies.

4. Burp Suite A system that launches man-in-the-middle attacks and

includes password cracking.

5. BeEF The Browser Exploitation Framework tries to break into servers

through websites.

6. Cisco Global Exploiter Attacks Cisco routers and switches.

7. Ettercap A traffic interceptor designed for man-in-the-middle attacks.

8. Foremost A command-line disk copying and file recovery tool.

9. Hashcat A password cracker.

10.Hydra A password cracker.

11.John the Ripper A command-line password cracker.

12.Kismet A network scanner, packet sniffer, and intrusion detection

system for wireless networks.
 13.Maltego A data discovery tool that maps relationships between data,
including network layouts, social media connections, and software
dependencies.

14.Metasploit Framework Scans targets for endpoints and then builds attacks
based on discovered knowledge.

15.Nikto A command-line Web vulnerability scanner.

16.Nmap A command-line network scanner and device discovery tool.

17.OWASP ZAP The Zed Attack Proxy is a Web vulnerability scanner and
traffic interceptor.

18.Sqlmap A command-line service for web vulnerability scanning and

password cracking.

19.Wireshark A world-famous packet sniffer.

20.WPScan A vulnerability scanner for WordPress sites.

These are the most useful tools in the Kali bundle that you will probably use
all the time when pen-testing. If you don’t want to bother installing the full
Kali package that includes all of the other tools, you could just install Debian
Linux and each of these tools individually because they are all available for
free. The links in the tool names in the above list will take you through to the
home page for that system.
You can read more about each of these tools in the following sections.
1. Aircrack-ng

Aircrack-ng offers detection of wireless signals and it can extract data as it

passes along a selected channel. The system allows you to export captured
packets for analysis in another tool. The Aircrack-ng utility is a command-
line system and it displays its output in multi-colored characters to aid data
comprehension.
The Aircrack-ng features include the ability to crack passwords, but only on
systems with weak security (WEP, WPA 1, WPA 2). It is also able to
broadcast packets into a stream, which allows it to perform a variety of
attacks. These include replay attacks, deauth injection, and man-in-the-
middle attacks. It can also act as a fake AP.
2. Autopsy

Autopsy operates as a graphical front end to The Sleuth Kit, which is also
included in the Kali package. The Sleuth Kit is able to search down into a
hard disk and recover files that have been deleted or possibly damaged by
the loss of the File Access Table.
The combination of Autopsy and The Sleuth Kit is frequently used by law
enforcement agencies to extract files from the confiscated devices of
suspects. It is also able to extract images from phone memory cards.
3. Armitage

Armitage is an attack manager that uses Metasploit as a back end. While

the user is able to visualize discovered computers in Armitage, further
commands in the interface get interpreted down to Metasploit, which
implements further exploration.
As well as identifying devices and documenting their software and services,
Armitage provides a collaboration platform for teams working on a pen
testing project. It also enables an attack strategy to be formulated and then
implemented through Metasploit.
4. Burp Suite

Burp Suite is available in free and paid versions – you get the free
Community Edition bundled in with Kali Linux. The Burp Suite version that
comes with Kali is able to intercept the traffic that passes between a Web
server and a Web browser to deliver and render a Web page.
It is possible to force the transaction onto HTTP to prevent the use of
encryption. The unprotected data passing over the network can then be
scanned for important information, such as login credentials. You can read
more about Burp Suite and how to use it in our Burp Suite Cheat Sheet.
5. BeEF

BeEF stands for the Browser Exploitation Framework. It is a Web

application pen testing tool that tests sites loaded into a test browser and
scan for exploits. BeEF works at the command line and then triggers the
opening of a browser to run the tests.
The system can be used to perform attack strategies that try to get into the
supporting Web server through HTTP transactions.
6. Cisco Global Exploiter

The Cisco Global Exploiter is not a Cisco product; rather, it specializes in

hacking Cisco-produced routers and switches. Cisco devices are very
widely used, and they have their own operating system, called IOS. The
Cisco Global Exploiter is a command-line utility that attempts to break into a
device, using default and commonly-used passwords for the administrator
account.
Sticking to a built-in knowledge of IOS, the Cisco Global Exploiter explores
for known vulnerabilities with Cisco devices.
7. Ettercap

Ettercap is a packet capture tool that can facilitate a man-in-the-middle

attack and also credentials capture. The system is available as a
command-line utility and it also has a rudimentary graphical user interface.
The Ettercap system uses ARP poisoning to establish a position as a
listener between a Web server and a browser. It lets the attacker diver traffic
from an intended destination and it is also able to use the system to create a
fake AP to capture all traffic in an unencrypted format. You can find out
more about Ettercap in our Ettercap Cheat Sheet.
8. Foremost

Foremost operates at the command line and it performs data recovery

functions. Foremost works on disks that might have been damaged, losing
the FAT and scattering the links between segments containing parts of files.
It is able to reassemble those fragments back into accessible files.
This utility was created by agents of the US Air Force Office of Special
Investigations and it is used by law enforcement agencies around the
world for recovering deleted or damaged files, including images. It is also
used for copying entire disks for later analysis.
9. Hashcat

Hashcat is a command-line utility that focuses on system passwords. It is

able to crack passwords or, as the creators express it, to recover
passwords. As its name implies, the system works on hashing algorithms.
Many systems store passwords in a scrambled state; Hashcat tries to work
out which algorithm was used for that protection and then tries to reverse it
to reveal the passwords in plain text.
10. Hydra

Hydra, which is also known as THC Hydra, is a password cracker. Hydra

works at the command line and it is notable for the speed of its password
attacks. This is achieved by running several attempts simultaneously.
The parallel operations of Hydra enable hackers and pen-testers to quickly
cycle through a long list of possible authentication protocols until it works out
exactly which system to use. It then performs a range of attack strategies to
discover username and password combinations.

11. John the Ripper

John the Ripper is another password cracker. This also detects the
hashing algorithm in use and then tries to decrypt the password file. The
John the Ripper package includes a range of password cracking tools,
including brute force password guessing. You can choose to generate a
password dictionary to try or import one from another tool. It is also possible
to create your own dictionary to use for password guessing attempts.

12. Kismet

Kismet is a packet sniffer that can be used to explore a network. Where

this tool is different from most network discovery tools, it works on wireless
networks. Kismet has a great user interface that features live signal
strength indicators for each channel.
By identifying all channels, the system can capture traffic in a
conversation. By examining the contents of transmission to discover new
devices with their identities and user accounts. Kismet can also be used as
an intrusion detection system.
13. Maltego

Maltego is an unusual tool and can be very powerful. It

constructs relationships between information points. The first task of the
system is to discover devices, scan them, and document the software and
settings of each. It then creates a map of these dependencies.
The Maltego mapping system can also be applied to user accounts and
hierarchies. One of the most powerful capabilities of Maltego is its ability to
map social media accounts and the connections between them. Maltego’s
crawling can be limited to a specific network or allowed to chain out all over
the world, passing through a range of systems.
14. Metasploit Framework

Metasploit is a well-known hacker tool that is owned and developed by the

cybersecurity firm, Rapid7. There are two versions of Metasploit. The
edition that is bundled into Kali, Metasploit Framework, is free. The higher
version is a paid tool, called Metasploit Pro.
The main purpose of Metasploit Framework is a vulnerability scanner.
After a system sweep to discover exploits, Metasploit offers an interface in
which to compose attacks.
15. Nikto

Nikto is a web vulnerability scanner that runs at the command line. The tool
looks for 6,700 dangerous programs and also scans services, such as
Web server and email server systems – it includes scans for a total of 1,250
server versions.
After identifying all of the software on a Web server and categorizing it as
threatening, weak, or worthwhile, the system then checks through all of the
settings of those systems. The Nikto system can be used to protect a
system by testing intrusion detection systems.
16. Nmap

Nmap, also called Network Mapper is a highly respected network discovery

tool. This is a command-line tool that can also be run through scripts. For a
GUI version, you should access Zenmap, which is also included with Kali
Linux.
Nmap operates as a packet sniffer. It looks into the headers of passing
traffic to log all of the different devices and the applications operating on
each that generate traffic.
The facilities of Nmap are designed to run within a network. It can be used
by network administrators or consultants who want to quickly document a
network. It is also a very useful tool for white hat hackers.
17. OWASP ZAP

OWASP is the Open Web Application Security Project. One of the key
products of OWASP is the Zed Attack Proxy (ZAP). The service is centered
on a traffic interceptor that focuses on Web transactions. This system has a
graphical user interface, which makes it easy to use.
Tools within the ZAP system include a web crawler, a URL fuzzer, and
a vulnerability scanner. These systems operate through a proxy server,
which acts as a collection point for vulnerability data. These processes test
the security services of a network and the Web server itself.
18. sqlmap

Sqlmap is a command-line utility that offers a number of different ways to

probe the security surrounding databases that work as services to websites
and networked services, such as ERPs.
The implementation of sqlmap is formed through one command, which can
be modified by a very large number of options. Every run of this program
performs a scan on a database that is accessed through a specific URL or a
local address. The standard scan will identify the DBMS and then try to
attack it with a range of SQL injection strategies.
The sqlmap system can be used to document databases, crack credentials,
and extract data. We examine this tool in greater detail in the sqlmap Cheat
Sheet.
19. Wireshark

Wireshark is a very widely-used packet sniffer and you probably already

use it. This system is able to extract passing network packets on LANs and
wireless networks – even Bluetooth. The service provides a GUI interface
and there is also a command-line version called TShark.
You probably won’t use Wireshark exclusively but it is likely to be your top
choice for a packet sniffer among all of the alternatives included in the Kali
Linux bundle. This system is able to exchange data with system
management tools and analysis utilities, so it will form the data feed for
many other applications in your armory.

20. WPScan

WordPress is very widely implemented and is the most popular content

management system in the world. The service has its own environment,
which can make it difficult for security tools to fully explore a WordPress-
based website for vulnerabilities. WPScan specializes in uncovering
vulnerabilities within WordPress implementations.
The free version of WPScan, which is integrated into Kali Linux is
a command-line system. This makes it a little harder to use for non-
technical website owners. However, it is worth putting in the time to learn
how to use this vulnerability scanner because it searches for more than
23,000 WP-specific exploits.
Kali Linux FAQs

Is Kali Linux OK for beginners?

Kali Linux isn’t designed as a tool for beginners. The core of the tool is the
Linux operating system, so you need to know the Linux command set first of
all. Many of the tools included in the Kali Linux package are command-line
systems and require a lot of studying to use because they are not as user-
friendly as applications that have a GUI interface.

Which is better Ubuntu or Kali?

Ubuntu and Kali are two versions of Linux and both are derivatives of
Debian. Kali has much more than Ubuntu because it comes packaged with
a long list of cybersecurity tools. If you don’t need those security tools, all of
the features of Kali would be a waste of space on your computer, so you
would be better off with Ubuntu.
A
•apropos : Search Help manual pages (man -k)
•apt-get : Search for and install software packages (Debian/Ubuntu)
•aptitude : Search for and install software packages (Debian/Ubuntu)
•aspell : Spell Checker
•awk : Find and Replace text, database sort/validate/index

•basename : Strip directory and suffix from filenames

•bash : GNU Bourne-Again SHell
•bc : Arbitrary precision calculator language
•bg : Send to background
•break : Exit from a loop
•builtin : Run a shell builtin
•bzip2 : Compress or decompress named file(s)

•cal : Display a calendar

•case : Conditionally perform a command
•cat : Concatenate and print (display) the content of files
•cd : Change Directory
•cfdisk : Partition table manipulator for Linux
•chgrp : Change group ownership
•chmod : Change access permissions
•chown : Change file owner and group
•chroot : Run a command with a different root directory
•chkconfig : System services (runlevel)
•cksum : Print CRC checksum and byte counts
•clear : Clear terminal screen
•cmp : Compare two files
•comm : Compare two sorted files line by line
•command : Run a command – ignoring shell functions •
•continue : Resume the next iteration of a loop •
•cp : Copy one or more files to another location
•cron : Daemon to execute scheduled commands
•crontab : Schedule a command to run at a later time
•csplit : Split a file into context-determined pieces
•cut : Divide a file into several parts

•date : Display or change the date & time

•dc : Desk Calculator
•dd : Convert and copy a file, write disk headers, boot records
•ddrescue : Data recovery tool
•declare : Declare variables and give them attributes •
•df : Display free disk space
•diff : Display the differences between two files
•diff3 : Show differences among three files
•dig : DNS lookup
•dir : Briefly list directory contents
•dircolors : Colour setup for `ls’
•dirname : Convert a full pathname to just a path
•dirs : Display list of remembered directories
•dmesg : Print kernel & driver messages
•du : Estimate file space usage

•echo : Display message on screen •

•egrep : Search file(s) for lines that match an extended expression
•eject : Eject removable media
•enable : Enable and disable builtin shell commands •
•env : Environment variables
•ethtool : Ethernet card settings
•eval : Evaluate several commands/arguments
•exec : Execute a command
•exit : Exit the shell
•expect : Automate arbitrary applications accessed over a terminal
•expand : Convert tabs to spaces
•export : Set an environment variable
•expr : Evaluate expressions

•false : Do nothing, unsuccessfully

•fdformat : Low-level format a floppy disk
•fdisk : Partition table manipulator for Linux
•fg : Send job to foreground
•fgrep : Search file(s) for lines that match a fixed string
•file : Determine file type
•find : Search for files that meet a desired criteria
•fmt : Reformat paragraph text
•fold : Wrap text to fit a specified width.
•for : Expand words, and execute commands
•format : Format disks or tapes
•free : Display memory usage
•fsck : File system consistency check and repair
•ftp : File Transfer Protocol
•function : Define Function Macros
•fuser : Identify/kill the process that is accessing a file

•gawk : Find and Replace text within file(s)

•getopts : Parse positional parameters
•grep : Search file(s) for lines that match a given pattern
•groupadd : Add a user security group
•groupdel : Delete a group
•groupmod : Modify a group
•groups : Print group names a user is in
•gzip : Compress or decompress named file(s)

•hash : Remember the full pathname of a name argument

•head : Output the first part of file(s)
•help : Display help for a built-in command
•history : Command History
•hostname : Print or set system name

•iconv : Convert the character set of a file

•id : Print user and group id’s
•if : Conditionally perform a command
•ifconfig : Configure a network interface
•ifdown : Stop a network interface
•ifup : Start a network interface up
•import : Capture an X server screen and save the image to file
•install : Copy files and set attributes

•jobs : List active jobs

•join : Join lines on a common field

•kill : Stop a process from running

•killall : Kill processes by name

•less : Display output one screen at a time

•let : Perform arithmetic on shell variables
•ln : Create a symbolic link to a file
•local : Create variables
•locate : Find files
•logname : Print current login name
•logout : Exit a login shell
•look : Display lines beginning with a given string
•lpc : Line printer control program
•lpr : Off line print
•lprint : Print a file
•lprintd : Abort a print job
•lprintq : List the print queue
•lprm : Remove jobs from the print queue
•ls : List information about file(s)
•lsof : List open files

•make : Recompile a group of programs

•man : Help manual
•mkdir : Create new folder(s)
•mkfifo : Make FIFOs (named pipes)
•mkisofs : Create an hybrid ISO9660/JOLIET/HFS filesystem
•mknod : Make block or character special files
•more : Display output one screen at a time
•mount : Mount a file system
•mtools : Manipulate MS-DOS files
•mtr : Network diagnostics (traceroute/ping)
•mv : Move or rename files or directories
•mmv : Mass Move and rename (files)

•netstat : Networking information

•nice Set : the priority of a command or job
•nl Number : lines and write files
•nohup : Run a command immune to hangups
•notify-send : Send desktop notifications
•nslookup : Query Internet name servers interactively

•open : Open a file in its default application

•op : Operator access

•passwd : Modify a user password

•paste : Merge lines of files
•pathchk : Check file name portability
•ping : Test a network connection
•pkill : Stop processes from running
•popd : Restore the previous value of the current directory
•pr : Prepare files for printing
•printcap : Printer capability database
•printenv : Print environment variables
•printf : Format and print data •
•ps : Process status
•pushd : Save and then change the current directory
•pwd : Print Working Directory

•quota : Display disk usage and limits

•quotacheck : Scan a file system for disk usage
•quotactl : Set disk quotas

•ram : ram disk device

•rcp : Copy files between two machines
•read : Read a line from standard input
•readarray : Read from stdin into an array variable
•readonly : Mark variables/functions as readonly
•reboot : Reboot the system
•rename : Rename files
•renice : Alter priority of running processes
•remsync : Synchronize remote files via email
•return : Exit a shell function
•rev : Reverse lines of a file
•rm : Remove files
•rmdir : Remove folder(s)
•rsync : Remote file copy (Synchronize file trees)

•screen : Multiplex terminal, run remote shells via ssh

•scp : Secure copy (remote file copy)
•sdiff : Merge two files interactively
•sed : Stream Editor
•select : Accept keyboard input
•seq : Print numeric sequences
•set: Manipulate shell variables and functions
•sftp : Secure File Transfer Program
•shift : Shift positional parameters
•shopt : Shell Options
•shutdown : Shutdown or restart linux
•sleep : Delay for a specified time
•slocate : Find files
•sort : Sort text files
•source : Run commands from a file `.’
•split : Split a file into fixed-size pieces
•ssh : Secure Shell client (remote login program)
•strace : Trace system calls and signals
•su : Substitute user identity
•sudo : Execute a command as another user
•sum : Print a checksum for a file
•suspend : Suspend execution of this shell
•symlink : Make a new name for a file
•sync : Synchronize data on disk with memory

•tail : Output the last part of file

•tar : Tape ARchiver
•tee : Redirect output to multiple files
•test : Evaluate a conditional expression
•time : Measure Program running time
•times : User and system times
•touch : Change file timestamps
•top : List processes running on the system
•traceroute : Trace Route to Host
•trap : Run a command when a signal is set(bourne)
•tr : Translate, squeeze, and/or delete characters
•true : Do nothing, successfully
•tsort : Topological sort
•tty : Print filename of terminal on stdin
•type : Describe a command

•ulimit : Limit user resources

•umask : Users file creation mask
•umount : Unmount a device
•unalias : Remove an alias
•uname : Print system information
•unexpand : Convert spaces to tabs
•uniq : Uniquify files
•units : Convert units from one scale to another
•unset : Remove variable or function names
•unshar : Unpack shell archive scripts
•until : Execute commands (until error)
•uptime : Show uptime
•useradd : Create new user account
•userdel : Delete a user account
•usermod : Modify user account
•users : List users currently logged in
•uuencode : Encode a binary file
•uudecode : Decode a file created by uuencode

•v : Verbosely list directory contents (`ls -l -b’)

•vdir : Verbosely list directory contents (`ls -l -b’)
•vi : Text Editor
•vmstat : Report virtual memory statistics

•wait : Wait for a process to complete

•watch : Execute/display a program periodically
•wc : Print byte, word, and line counts
•whereis : Search the user’s $path, man pages and source files for a program
•which : Search the user’s $path for a program file
•while : Execute commands
•who : Print all usernames currently logged in
•whoami : Print the current user id and name (`id -un’)
•wget : Retrieve web pages or files via HTTP, HTTPS or FTP
•write : Send a message to another user

•xargs : Execute utility, passing constructed argument list(s)

•xdg-open : Open a file or URL in the user’s preferred application.