Cheatsheets

Kali Linux Tools Cheatsheet for Penetration Testing

by n8n admin

🤖 AI Prompts Cheatsheet

Daniel Osei — AI-Assisted Security Engineer

What is Kali Linux?

Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It includes numerous tools for various information security tasks, including penetration testing, security research, computer forensics, and reverse engineering.

Installation

Kali Linux can be installed as a primary OS or run in a virtualized environment. You can download it from the official website and follow the installation instructions provided there. For virtual machines, you can use tools like VMware or VirtualBox.

Basic Syntax

Most tools in Kali use a command line interface. The general syntax looks like this:

COMMAND  [options]

Discovery

Nmap

Nmap is one of the most powerful tools for network discovery and security auditing.

nmap -sS

TCP SYN scan, stealth scan.

nmap -sV

Service version detection.

Scanning

Nikto

For web server scanning, Nikto is a fantastic choice.

nikto -h

Scan a web server for vulnerabilities.

Exploitation

Metasploit

The Metasploit Framework is a penetration testing framework that makes discovering, exploiting, and sharing vulnerabilities easier.

msfconsole

Start the Metasploit console.

Analysis

Wireshark

Wireshark is a network protocol analyzer that gives the ability to capture and interactively browse the traffic running on a computer network.

wireshark

Start Wireshark.

Evasion

Burp Suite

Used mainly for testing web application security, Burp Suite can be crucial for evasion techniques.

burpsuite

Reporting

Dradis

Dradis is a reporting tool that helps in consolidating information gathered from various tests.

dradis

Start Dradis for collaborative reporting.

Quick Reference Table

Tool Use Case
Nmap Network discovery and scanning
Nikto Web server vulnerabilities
Metasploit Exploitation
Wireshark Traffic analysis
Burp Suite Web application testing
Dradis Reporting

Pro Tips

  • Use nmap -p- to enumerate all ports on a target.
  • Utilize Firefox with a proxy in Burp Suite for effective web application testing.
  • Regularly update tools in Kali, as vulnerability databases are continuously evolving.

Real-World Examples

Using Nmap to perform a stealth SYN scan against a target: nmap -sS 192.168.1.1. This command will help avoid logging on the target machine.

In Burp Suite, intercepting a request is as simple as setting your browser’s proxy settings to 127.0.0.1:8080.

Related Posts

Using Metasploit for Effective Penetration Testing

🤖 AI Prompts Cheatsheet Daniel Osei — AI-Assisted Security Engineer What is Metasploit? Metasploit is a penetration testing framework that allows security professionals to find vulnerabilities, exploit them, and develop their own exploits. It is…

Mobile Security Tips for Android Devices

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why This Matters With increasing threats to mobile devices, understanding how to secure your Android phone is essential. Personal information, banking details, and work emails…

Essential Security Settings for Mobile Devices

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why This Matters In today’s digital world, mobile devices serve as central hubs for our personal and professional lives. Given the sensitive information stored on…