Kali Linux Commands – 150 Tools Complete Cheat Sheet

Kali Linux commands list 2026 with 2900+ must know terminal commands for ethical hackers
root@kali:~#
Kali Linux Commands Exclusive Cheat Sheet
150 penetration testing tools · 2955+ ready-to-use commands · copy any command instantly
Authorised testing only 150 Tools One-click copy
150
Tools
2955+
Commands
13
Categories
Free
No signup
Authorised use only. All commands are for systems you own or have explicit written permission to test. Unauthorised use is illegal under the CFAA, UK Computer Misuse Act, and equivalent laws worldwide.
Select Tool (150)
Select a tool from the list to view its commands

What Is This Kali Linux Command Reference?

This is the most comprehensive Kali Linux command reference available — covering all 150 major tools used by professional penetration testers, ethical hackers, OSCP students, bug bounty hunters, and security researchers. Every command is tested, categorised, and copyable with a single click directly from your browser.

Whether you are running your first CTF, preparing for the OSCP exam, or conducting a professional red team engagement, this reference eliminates the need to memorise syntax or dig through man pages mid-test.

150 Tools Across 13 Categories

The reference is organised into 13 categories covering the full penetration testing methodology:

  • Recon (22 tools) — Nmap, Masscan, RustScan, Amass, Subfinder, DNSrecon, theHarvester, Nuclei, httpx, EyeWitness and more
  • Web Application (27 tools) — Burp Suite, OWASP ZAP, Nikto, SQLMap, WPScan, Gobuster, ffuf, feroxbuster, katana, Nuclei and more
  • Exploitation (11 tools) — Metasploit, searchsploit, msfvenom, BeEF-XSS, RouterSploit, Sliver, Covenant
  • Password Attacks (10 tools) — Hydra, Hashcat, John the Ripper, Medusa, Crunch, CeWL, CUPP
  • Wireless (10 tools) — Aircrack-ng, Wifite, Kismet, Reaver, MDK4, Wifiphisher, Airgeddon
  • Post-Exploitation (10 tools) — Netcat, Socat, Chisel, Ligolo-ng, Mimikatz, Empire C2, Rubeus
  • OSINT (13 tools) — theHarvester, Maltego, Recon-ng, SpiderFoot, Shodan CLI, Holehe, Sherlock
  • Sniffing (9 tools) — Wireshark, TCPDump, Ettercap, Bettercap, Responder, Scapy, mitmproxy
  • Vulnerability Assessment (11 tools) — Lynis, OpenVAS, LinPEAS, WinPEAS, Traitor, pspy
  • Forensics (11 tools) — Binwalk, Volatility 3, Ghidra, Radare2, Autopsy, Steghide
  • Cryptography (5 tools) — OpenSSL, GnuPG, hashID, JWT Tool, ssdeep
  • Active Directory (9 tools) — BloodHound, Kerbrute, CrackMapExec, Certipy, Impacket, Rubeus
  • Network (2 tools) — Proxychains, Macchanger

How to Use This Tool

Use the category tabs at the top to filter by testing phase. Use the search box to find commands by tool name, flag, or description — search works across all 150 tools simultaneously. Click any tool in the sidebar to view its full command library. Click Copy next to any command to copy it directly to your clipboard.

Most Used Kali Linux Commands

The most frequently used commands for each stage of a penetration test:

Network Discovery

sudo nmap -sn 192.168.1.0/24
sudo nmap -sV -sC -p- -T4 192.168.1.1
sudo masscan 192.168.1.0/24 -p0-65535 --rate=1000

Web Application Testing

gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt
sqlmap -u "http://target.com/page?id=1" --dbs
wpscan --url http://target.com --enumerate ap,u

Password Cracking

hashcat -m 1000 ntlm_hashes.txt rockyou.txt
john --wordlist=/usr/share/wordlists/rockyou.txt shadow.txt
hydra -l admin -P rockyou.txt ssh://192.168.1.1

Post-Exploitation

nc -lvnp 4444
python3 -c 'import pty; pty.spawn("/bin/bash")'
sudo nmap --script vuln 192.168.1.1

Frequently Asked Questions

What is Kali Linux used for?

Kali Linux is a Debian-based Linux distribution designed for penetration testing, digital forensics, and security research. It comes pre-installed with over 600 security tools including Nmap, Metasploit, Burp Suite, Wireshark, Aircrack-ng, and John the Ripper.

Do I need to memorise all Kali Linux commands?

No. Professional penetration testers use command references and cheat sheets throughout their work. The key is understanding what each tool does and when to use it. This reference gives you the exact syntax when you need it.

Is this tool free to use?

Yes, completely free. No signup, no login, no limits. All 2,955+ commands are accessible immediately.

What is the best Kali Linux command for beginners?

Start with nmap -sV 192.168.1.1 for service discovery, gobuster dir -u http://target -w common.txt for web directory scanning, and hydra -l admin -P rockyou.txt ssh://target for SSH brute forcing. These three commands cover the core of most beginner CTF and lab challenges.

Does this cover Kali Linux 2025 tools?

Yes. The reference is regularly updated to reflect tools available in the current Kali Linux rolling release.

What is the difference between Nmap -sS and -sT?

-sS is a SYN stealth scan that requires root privileges and sends only a SYN packet without completing the TCP handshake — faster and harder to detect. -sT is a full TCP connect scan that completes the handshake and works without root but is slower and more easily logged.

Related SecurityElites Tools

🔍 Google Dork Generator 📧 Email Breach Checker 🌐 Who IS Lookup 📡 IP Address Lookup 🔍 Kali Linux Official Tools