Kali Linux Commands

Kali Linux Commands list

Welcome to the world of Kali Linux, the premier Debian-derived Linux distribution designed for digital forensics and penetration testing. Developed and maintained by Offensive Security Ltd., and crafted by experts including Mati Aharoni, Devon Kearns, and Raphaël Hertzog, Kali Linux is the preferred choice for security professionals and ethical hackers around the globe. With over 600 pre-installed penetration-testing programs, it stands as a formidable tool in the cybersecurity landscape.

Whether you are a novice exploring the cybersecurity domain or a veteran in the field, mastering the fundamentals of the Linux kernel and Terminal is essential. This guide provides a detailed Kali Linux command cheat sheet, aimed at simplifying your navigation through the Terminal and enhancing your operational efficiency. From basic file management to sophisticated penetration testing tools, this cheat sheet covers vital commands for users at every level.

Kali Linux is versatile in its deployment options. It can run natively on a computer, from live CDs or USBs, within a virtual machine, or even dual-booted alongside Windows 10. Let’s embark on this enlightening journey together and unlock the robust capabilities of Kali Linux with each command.

Basic Kali Linux Commands

ls

Description: Lists directory contents.
Syntax:

ls [options] [file|dir].

Example:

ls -lah

Lists all files and directories, including hidden ones, in a human-readable format, detailing permissions, ownership, size, and modification date.

cd

Description: Changes the current directory.
Syntax:

cd [directory]

Example:

cd /var/www/html

Changes the current working directory to ‘/var/www/html’, commonly used in navigating web server directories.

cat

Description: Concatenates and displays file contents.
Syntax:

cat [options] [file. ]

Example:

cat file.txt

Displays the content of ‘file.txt’, useful for viewing text files without opening an editor.

echo

Description: Displays a line of text.
Syntax:

echo [option] [string]

Example:

echo "Hello World"

Prints “Hello World” to the terminal, useful in scripting and displaying status messages.

grep

Description: Searches for patterns within files.
Syntax:

grep [options] pattern [file. ]

Example:

grep "search term" file.txt

Searches for ‘search term’ within ‘file.txt’. Essential for searching through large log files or data sets.

apropos

Description: Searches the man page names and descriptions.
Example:

apropos search_keyword

Finds commands related to a keyword, helping users discover new commands based on a general idea or function.

aspell

Description: Interactive spell checker.
Example:

aspell check filename

Checks spelling in ‘filename’. Useful for editing text files or scripts within the terminal.

awk

Description: Pattern scanning and text processing language.
Example:

awk '' filename

Prints the first column of ‘filename’. Powerful for processing text data and generating reports.

Linux System Information Commands

uname -a

Description: Displays comprehensive system information.
Syntax:

uname -a

Example:

uname -a

Outputs detailed information about the kernel, hostname, kernel release, version, processor, and more, useful for system diagnostics.

hostname

Description: Displays the system’s network name.
Syntax:

hostname

Example:

hostname

Reveals the network name of the host system, critical for network configurations and troubleshooting.

top

Description: Provides a dynamic real-time view of running system processes.
Syntax:

Example:

Displays active processes and their CPU usage, essential for monitoring and managing system resources.

lscpu

Description: Lists detailed information about the CPU architecture.
Syntax:

lscpu

Example:

lscpu

Provides comprehensive details about the CPU(s), such as architecture, cores, threads, and speeds. Indispensable for system analysis and optimization.

df

Description: Reports file system disk space usage.
Syntax:

df [options]

Example:

df -h

Displays disk space used and available on all mounted filesystems in a human-readable format, crucial for managing disk space.

free

Description: Shows the amount of free and used memory in the system.
Syntax:

free [options]

Example:

free -h

Details total, used, and free memory along with buffer and cache usage. Vital for assessing memory usage and requirements.

vmstat

Description: Reports information on processes, memory, paging, block IO, traps, and CPU activity.
Syntax:

vmstat [options] [interval [count]]

Example:

vmstat 2 5

Updates every 2 seconds, displaying system performance metrics for a total of 5 intervals. Useful for spotting performance issues in real-time.

iostat

Description: Provides statistics on CPU utilization and I/O statistics for devices.
Syntax:

iostat [options] [interval [count]]

Example:

iostat -xz 5 2

Shows extended I/O stats every 5 seconds, repeated 2 times, essential for diagnosing bottlenecks in system I/O.

dmesg

Description: Displays kernel and driver messages.
Syntax:

dmesg [options]

Example:

dmesg | grep sda

Filters and shows kernel messages related to ‘sda’, useful for troubleshooting hardware and driver issues.

lsblk

Description: Lists information about block devices.
Syntax:

lsblk [options]

Example:

lsblk -f

Displays block devices with their mount points, filesystem types, and sizes in a tree format, critical for managing storage devices.

lsusb

Description: Lists USB devices connected to the system.
Syntax:

lsusb [options]

Example:

lsusb -t

Shows a tree layout of all connected USB devices, including hubs and peripherals, vital for managing USB hardware.

lspci

Description: Lists all PCI devices.
Syntax:

lspci [options]

Example:

lspci -v

Provides a detailed list of all PCI buses and the devices connected to them, essential for configuring PCI devices and troubleshooting hardware issues.

who

Description: Displays who is logged on to the system.
Syntax:

who [options]

Example:

Lists users currently logged into the system, useful for monitoring system access.

uptime

Description: Shows how long the system has been running.
Syntax:

uptime [options]

Example:

uptime

Provides current time, system uptime, user count, and load averages, crucial for system monitoring.

sar

Description: Collects, reports, or saves system activity information.
Syntax:

sar [options] [interval [count]]

Example:

sar -u 1 3

Monitors CPU usage in real-time, displaying updates every second for three intervals. Requires the ‘sysstat’ package.

Network Operations Commands

ifconfig

Description: Configures or displays network interface parameters for a network using TCP/IP.
Syntax:

ifconfig [interface]

Example:

ifconfig eth0

Shows configuration details for ‘eth0’, including IP address, subnet mask, and other network settings.

ping

Description: Checks network connectivity to another host using ICMP protocol.
Syntax:

ping [options] destination

Example:

ping google.com

Verifies if ‘google.com’ is reachable, measuring trip time and loss to diagnose network issues.

traceroute

Description: Traces the route packets take to a network host, identifying all intermediate hops.
Syntax:

traceroute [options] destination

Example:

traceroute google.com

Displays the path packets take to reach ‘google.com’, useful for pinpointing routing issues and delays in the network.

nmap

Description: Scans for open ports and identifies services running on a host.
Syntax:

nmap [options] target

Example:

nmap -sV -p 1-65535 localhost

Performs a port scan on ‘localhost’, identifying active ports and services, critical for security and penetration testing.

netstat

Description: Displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
Syntax:

netstat [options]

Example:

netstat -tuln

Lists all listening TCP and UDP ports with numeric addresses, helping diagnose network issues and monitor connections.

tcpdump

Description: A powerful command-line packet analyzer.
Syntax:

tcpdump [options]

Example:

tcpdump -i eth0

Captures and displays packets on the ‘eth0’ network interface, useful for network troubleshooting and traffic analysis.

ip

Description: A versatile tool for network configuration, replacing traditional tools like ifconfig and route.
Syntax:

ip [options] OBJECT

Example:

ip addr show

Lists all IP addresses assigned to all network interfaces, essential for network management and configuration.

ss

Description: Investigates sockets, displaying more up-to-date information than netstat.
Syntax:

ss [options] [FILTER]

Example:

ss -tuln

Shows all active listening sockets with their respective TCP and UDP protocols and numeric addresses, critical for monitoring network connections.

dig

Description: Queries DNS servers for information about host addresses, mail exchanges, and name servers.
Syntax:

dig [@server] name [type] [options]

Example:

dig google.com

Performs a DNS lookup for ‘google.com’, retrieving detailed domain information, essential for network troubleshooting and information gathering.

host

Description: A simple utility for performing DNS lookups, intended for diagnosing DNS problems.
Syntax:

host [options] hostname [server]

Example:

host google.com

Finds the IP address and other DNS records for ‘google.com’, useful for quick DNS lookups.

nslookup

Description: A program to query Internet domain name servers. Nslookup has two modes: interactive and non-interactive.
Syntax:

nslookup [option]

Example:

nslookup google.com

Queries the DNS for information about ‘google.com’, useful for DNS troubleshooting and information retrieval.

route

Description: Manipulates the IP routing table.
Syntax:

route [-nNvee] [-FC] [] List kernel routing tables

Example:

route -n

Displays the kernel routing table with numeric addresses, essential for network routing troubleshooting.

arp

Description: Displays or modifies the IP-to-Physical address translation tables used by ARP.
Syntax:

arp [options]

Example:

arp -a

Shows all ARP cache entries, crucial for diagnosing network issues related to IP address mapping.

iwconfig

Description: Configures wireless network interfaces.
Syntax:

iwconfig [interface]

Example:

iwconfig wlan0

Displays and sets parameters for the ‘wlan0’ wireless interface, vital for managing wireless connections.

ethtool

Description: Displays or changes Ethernet device settings.
Syntax:

ethtool [options] interface

Example:

ethtool eth0

Provides detailed information about ‘eth0’, including speed, duplex mode, and other network card settings, important for network management and troubleshooting.

mtr

Description: A network diagnostic tool that combines the functionality of traceroute and ping.
Syntax:

mtr [options] target

Example:

mtr google.com

Combines the functions of traceroute and ping to provide a detailed report of the network path to ‘google.com’, invaluable for detailed network path analysis.

whois

Description: Retrieves domain or IP address registration information from WHOIS servers.
Syntax:

whois [options] domain

Example:

whois google.com

Provides registration details for ‘google.com’, essential for obtaining domain ownership and registration information.

curl

Description: Transfers data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP, or FILE).
Syntax:

curl [options] [URL. ]

Example:

curl http://example.com

Fetches the content of ‘example.com’, useful for testing and downloading files.

wget

Description: A non-interactive network downloader for downloading files from the web.
Syntax:

wget [options]. [URL].

Example:

wget http://example.com

Downloads files from ‘example.com’, supporting HTTP, HTTPS, and FTP protocols, useful for batch downloading and offline viewing.

telnet

Description: User interface to the TELNET protocol.
Syntax:

telnet [options] [host [port]]

Example:

telnet example.com 80

Connects to ‘example.com’ on port 80, useful for testing connectivity to TCP services on specific ports.

iptables

Description: Controls the Linux kernel’s packet filtering system.
Syntax:

iptables [options]

Example:

iptables -L

Lists all current iptables rules.

find

Description: Searches for files in a directory hierarchy based on complex criteria.
Syntax:

find [path] [options]

Example:

find / -name example.txt

Searches the entire filesystem for files named `example.txt`.

chmod

Description: Modifies file access rights.
Syntax:

chmod [options] mode file

Example:

chmod 755 script.sh

Sets the `script.sh` file to be readable and executable by the owner, and readable by others.

chown

Description: Changes the owner and group of files.
Syntax:

chown [options] owner[:group] file

Example:

chown user:group file.txt

Changes the ownership of `file.txt` to “user” and the group to “group”.

crontab

Description: Schedules commands to run periodically at fixed times, dates, or intervals.
Syntax:

crontab [options]

Example:

crontab -e

Opens the current user’s cron file in an editor, where scheduled tasks can be added.

rsync

Description: Copies files and directories either locally or remotely, optimizing file transfer by sending only the differences between source files and existing files.
Syntax:

rsync [options] source destination

Example:

rsync -a /local/dir remote:/backup/dir

Synchronizes contents from a local directory to a remote directory.

kill

Description: Sends signals to processes, typically to stop a process.
Syntax:

kill [options] pid

Example:

kill -9 1234

Forcefully stops the process with PID 1234.

ps

Description: Displays information about active processes.
Syntax:

ps [options]

Example:

ps aux

Shows all running processes with detailed information.

tcpdump

Description: A powerful tool that captures and analyzes network traffic packets.
Syntax:

tcpdump [options]

Example:

tcpdump -i eth0

Captures packets on the `eth0` network interface.

nc (netcat)

Description: Swiss-army knife for TCP/IP networking, useful for reading from and writing to network connections.
Syntax:

nc [options]

Example:

nc -lvp 4444

Listens on port 4444 for incoming connections.

Conclusion

Kali Linux is an immensely powerful tool for those involved in cybersecurity, penetration testing, and IT administration. The commands outlined above represent just the tip of the iceberg in terms of what is possible with Kali Linux. By mastering these commands, you can significantly enhance your ability to perform a wide range of tasks, from routine system maintenance to advanced penetration testing and security checks.

As you continue to explore Kali Linux, remember that the true potential of this powerful distribution is unlocked through practice and continuous learning. Whether you are troubleshooting networks, managing systems, or testing security, Kali Linux provides the tools necessary to get the job done efficiently and effectively.

For beginners, it’s advisable to start with basic commands and gradually move to more complex operations as you gain confidence and experience. For experienced users, Kali Linux is an invaluable toolset that can be expanded and customized to suit your needs and preferences, ensuring that you always have the right tools for any security task.

Ultimately, the success in using Kali Linux lies in your hands. Regular practice, staying updated with the latest tools and updates, and participating in the vibrant Kali community can greatly enhance your skills and knowledge. Embrace the journey into Kali Linux and make the most of its powerful capabilities to secure and manage your IT environments.

Happy exploring and stay secure!