Kali Linux

Kali Linux Comprehensive Guide & Cheat Sheet

Kali Linux is a powerful, Debian-based distribution designed for digital forensics, penetration testing, and cybersecurity research. This guide provides a thorough overview, including fundamentals, installation, security best practices, tool usage, and further learning resources.

1. Fundamentals & History

Kali Linux is maintained by Offensive Security and is the successor to BackTrack Linux (2006–2013). It is tailored for security professionals, ethical hackers, and digital forensics experts. The name "Kali" is inspired by the Hindu goddess of time and change, reflecting the dynamic nature of the included tools .

Latest Version (2025.2) Highlights:

Menu Reorganization: Now follows the MITRE ATT&CK framework for easier tool discovery.
Desktop Updates: GNOME 48, KDE 6.3.
BloodHound Community Edition: Enhanced for Active Directory analysis.
NetHunter Enhancements: Wi-Fi injection for TicWatch Pro 3, new car hacking toolset (CARsenal).
13 New Tools: Plus updates to existing ones.
Security & Privacy: Built-in tools for anonymity (Tor, proxychains).
Customization: Highly flexible for user needs.
Active Community: Regular updates and support .

2. Installation & Configuration

Installation Methods

Standard Install: Download ISO, create bootable USB/DVD, install on hardware.
Virtual Machine: Use VMware or VirtualBox for isolated environments.
Network Install: Deploy over a network for multiple machines.
Live Boot: Run directly from USB without installation [[Standard Practices]].

System Requirements

CPU: Modern multi-core processor.
RAM: Minimum 2GB (more recommended).
Storage: At least 20GB.
Network: Required for updates and tool downloads.

Configuration Best Practices

Download only from the official Kali Linux website.
Verify checksums of downloaded ISOs.
Create backups before installation.
Close unnecessary applications during install.
Customize tool selection during setup.
Document installation steps for reproducibility.
Test all features post-installation.
Keep the system and tools updated [[Standard Practices]].

3. Security Features & Hardening

Built-in Security Features

LUKS Full-Disk Encryption: Protects sensitive data.
Forensics Mode: Prevents auto-mounting of storage devices for data integrity .

Hardening Techniques

Regular Updates: Use apt update && apt upgrade frequently .

Firewall: Enable and configure UFW:

sudo ufw enable
sudo ufw default deny incoming
sudo ufw allow <port/service>

Disable Unnecessary Services:
```
sudo systemctl disable <service>
```
Automatic Security Updates:
```
sudo apt install unattended-upgrades
```
Antivirus: Install ClamAV for malware scanning.

Best Practices

Change all default passwords.
Use unprivileged accounts for daily tasks.
Prefer SSH key authentication over passwords.
Remove unused software.
Disable root login; use sudo for admin tasks .

4. Core Tools & Cheat Sheet

Categorized Tool List

Domain

Tools (Examples)

Network Scanning

Nmap, Wireshark

Web App Testing

ZAP, Burp Suite

Exploitation

Metasploit, BeEF

Password Cracking

John the Ripper, Hydra

Wireless Attacks

Aircrack-ng, Reaver

Forensics

Autopsy, Volatility

Reverse Engineering

Ghidra, Radare2

Social Engineering

Social-Engineer Toolkit (SET)

Vulnerability Analysis

OpenVAS, Nessus

Sniffing/Spoofing

Ettercap, Bettercap

Maintaining Access

Weevely, Netcat

Reporting

Dradis

Essential Commands & Usage Patterns

Nmap (Network Scanning)

nmap 192.168.1.1                # Basic scan
nmap -O 192.168.1.1             # OS detection
nmap -sV <target>               # Service/version detection
nmap -A <target>                # Aggressive scan
nmap <target> --top-ports 10    # Top 10 ports

Metasploit Framework (Exploitation)

msfconsole                      # Start Metasploit
use exploit/windows/smb/ms17_010_eternalblue

Wireshark (Packet Analysis)

wireshark                       # Launch GUI
# Use filters like 'http' in the display filter bar

Aircrack-ng (Wireless Attacks)

airodump-ng wlan0               # Capture packets
aircrack-ng capture_file.cap    # Crack WEP/WPA keys

Hydra (Password Cracking)

hydra -l user -P passlist.txt ssh://192.168.1.1

John the Ripper (Password Cracking)

john hash.txt
john --wordlist=passwords.txt hash.txt

Burp Suite (Web App Testing)

burpsuite                       # Start Burp Suite
# Use Proxy tab to intercept traffic

Netcat (Networking)

nc -v 192.168.1.1 80            # Connect to TCP port
nc -lvp 4444                    # Listen for connections

5. Further Learning & Community Resources

Official Documentation: Kali Linux Docs
Online Courses: MIT OpenCourseWare, Google for Education.
Community Resources: OER Commons, RDA Toolkit, CERT training.
Forums & Support: Kali Linux Forums, Reddit r/Kalilinux, Stack Overflow.
Government/Education: U.S. Department of Education cybersecurity resources .

6. Quick Reference Table

Task

Command/Tool Example

Update System

sudo apt update && sudo apt upgrade

Start Firewall

sudo ufw enable

List Running Services

systemctl list-units --type=service

Change User Password

passwd

Add New User

sudo adduser <username>

SSH Key Generation

ssh-keygen -t rsa -b 4096

Install New Tool

sudo apt install <toolname>

Search for Tool

apt-cache search <keyword>

Check Disk Usage

df -h

Monitor Processes

htop

7. Best Practices Summary

Always use the latest version and keep tools updated.
Harden your system before using it for sensitive tasks.
Use strong, unique passwords and SSH keys.
Limit root access and use sudo.
Regularly back up important data.
Engage with the community for support and updates.

8. Visual Overview

9. References

All information in this guide is based on the latest official documentation, community resources, and best practices as of June 2025 .

This cheat sheet is designed to be a living document—refer to the official Kali Linux documentation and community forums for the most up-to-date information and advanced usage tips.

PreviousGnuPG NextMetasploit

Last updated 7 days ago

Was this helpful?