Kali Linux

Cheat Sheet

Information Gathering Vulnerability Analysis

ACE-voip Detect and analyze voice over IP traffic BBQSQL A blind SQL injection and exploitation tool
Identify open ports and services on a remote
Amap BED A network protocol fuzzing tool
system
Automatic penetration testing and cisco-global-
APT2 Exploit vulnerabilities in Cisco devices
renerating reports exploiter
arp-scan Discover hosts on a network cisco-ocs Scan and exploit Cisco devices
Automater Automatic OSINT gathering cisco-torch Test and scan the security of Cisco devices
Enumerate hostnames from Bing search
bing-ip2hosts copy-router-config Back up and restore Cisco router configurations
result
Test the security of network devices and
braa Detect and analyze broadcast radio signals Doona
protocols
Create and manage threat intelligence
CaseFile DotDotPwn Exploit directory traversal vulnerabilities
reports
CDPSnarf Extract CDP information from a network HexorBase A database management and exploitation tool
copy-router- Backing up router configurations or
jSQL Injection A SQL injection exploitation tool
config transderring configurations to a new router
Gather target network information including A security auditing and hardening tool for Linux
DMitry Lynis
port scanning and WHOIS lookups and Unix-based systems
dnmap Identify host and services on a network Nmap Network exploration and security auditing tool
Gather information about Dns records
dnsenum ohrwurm A local root exploitation tool
including subdomains
Identify active DNS servers and associated
dnsmap openvas A vulnerability scanner and management tool
hostnames
DNS reconnaissance tool to gather
DNSRecon information about servers, zone transfer and Oscanner Scan Oracle databases for vulnerabilities
IP addresses
Trace DNS queries to identify problems and
dnstracer Powerfuzzer A web application fuzzing and discovery tool
misconfigurations
dnswalk Check common DNS misconfiguration sfuzz A protocol fuzzer and and vulnerability scanner

DotDotPwn Exploit directory traversal vulnerabilities SidGuesser Identify valid user accounts in Windows domains
Gather information from Windows and
enum4linux Samba system including shares, users and SIPArmyKnife Test the security of VoIP systems
passwords
Gather information from IAX-based VoIP
enumIAX sqlmap A SQL injection exploitation tool
systems
EyeWitness Generate screenshots of web applications Sqlninja A SQL server injection and takeover tool
Manage and collaborate on vulnerabiity
Faraday sqlsus Identify and exploit SQL injection vulnerabilities
scans and security assessment
Identify non-contiguous IP space and map Test and exploit Oracle TNS Listener
Fierce tnscmd10g
network infrastructure vulnerabilities
Determine specific traffic blocking by firewall Identify privilege escalation vulnerabilities in
Firewalk unix-privesc-check
and by analyzing TTl values Unix-based systems

Copyright ©2023 linuxsimply.com| All rights reserved.

Prepared By: Md Zahidul Islam Laku
Web: Kali Linux Cheat Sheet
 Kali Linux
Cheat Sheet

fragroute/fragr Intercept and modify network traffic at IP Network protocol analyzer and attack tool for
Yersinia
outer fragmentation level testing network security
Ghost Phisher Security testing for phishing attacks
GoLismero Web security testing tool Wireless Attacks
goofile Search specific file types on a target domain Airbase-ng Configure and attack wireless access points
hping3 Aircrack-ng Audit and test wireless network
ident-user- Identify user accounts on systems that use Airdecap-ng and Decrypt and deobfuscate captured wireless
enum the Ident protocol Airdecloak-ng traffic
LinkedIn reconnaissance tool to gather
Inject taffic to wireless networks to test their
InSpy information about employees, companies Aireplay-ng
security
and job postings
Trace the route of TCP packets through a
InTrace airgraph-ng Generate graphs from wireless network data
network
Enable and Disable monitor mode on wireless
iSMTP Test the security of SMYP servers Airmon-ng
interfaces
Identify load balancers and web application
lbd Airodump-ng Capture wireless traffic and analyze it
firewalls
Identify connections and relationships airodump-ng-oui-
Maltego Teeth Update the OUI databases used by airodump-ng
between entities update
A fast port scanner used for vulnerability Manage and crack password hashes for WPA
masscan Airolib-ng
assessment and WPA2
Gather information and extract metadata
Metagoofil Airserv-ng Run a wireless access point on a Linux system
from public documents
Miranda Tool for exploiting UPnP devices Airtun-ng Create encrypted tunnels over wireless networks
Gather information and extract metadata Crack MS-CHAPv1 and MS-CHAPv2
Metagoofil Asleap
from public documents authentication protocols
Capture and crack WEP and WPA encrypted
Nikto Web server scanner Besside-ng
wireless traffic
SMBMap Enumerate and scan SMB shares Bluelog Scan and log Bluetooth devices
ntop Network traffic monitoring and analysis BlueMaho Discover and attack Bluetooth devices
Intelligence gathering framework used for Simulate Bluetooth honeypots to detect and
OSRFramework Bluepot
data mining track attackers
Passive network traffic analysis for
p0f identidying the operating systems and BlueRanger Control Bluetooth devices remotely
applications used on networked devices
Identify input validation related Exploit Bluetooth vulnerabilities and gaining
Parsero Bluesnarfer
vulnerablities of web applications unauthorized access to devices
Tool for performing social engineering Brute-forcing WPS pins to gain access to wireless
SET Bully
attacks, password attacks etc. networks
smtp-user- Enumberate usernames on a target SMTP
coWPAtty Crack pre-shared keys for WPA-PSK networks
enum server
Enumerate and check the security of SNMP
snmp-check crackle Crack encrypted Bluetooth traffic
devices
Graphical interface for network
SPARTA eapmd5pass Crack MD5 hashes of EAP passwords
infrastructure penetration testing
Easside-ng Crack WEP and WPA encrypted wireless traffic

Copyright ©2023 linuxsimply.com| All rights reserved.

Prepared By: Md Zahidul Islam Laku
Web: Kali Linux Cheat Sheet
 Kali Linux
Cheat Sheet

sslcaudit Audit SSl/Tls certificates on a web server Fern Wifi Cracker Audit and crack wireless networks
Exploit weak credentials in the FreeRADIUS
SSLsplit Intercept and decrypt SSL/TLS traffic FreeRADIUS-WPE
server
Tool for performing man in the middle
sslstrip Ghost Phisher Create phishing attacks on wireless networks
attacks on SSL/TLS encrypted connections
Map and analyze wireless networks using GPS
SSLyze Test SSL/TLS servers and clients GISKismet
data
Enumerate subdomains of a target domain
Sublist3r Gqrx A receiver for exploring wireless signals
using search engines
THC-IPV6 Attack and test IPv6 networks gr-scan scan and decode various radio signals
Gather information of a target domain from
theHarvester hostapd-wpe Test and exploit the WPE feature in hostapd
various public sources
TLSSLed Evaluate the security of SSL/TLS connections ivstools Convert and manipulate IVs for WEP cracking
Find potential usernames and passwords Calibrate the frequency offset of RTL-SDR
twofi kalibrate-rtl
from Twitter dongles
Explore and exploit ZigBee and IEEE 802.15.4
Unicornscan A fast and powerful network scanning tool KillerBee
networks
Generate and test domain typos and
URLCrazy Kismet Detect and analyze wireless networks
variations
Network protocol analyzer for capturing and
Wireshark makeivs-ng Generate and inject fake IVs for WEP cracking
analyzing network traffic
Attack wireless networks by flooding them with
Tool for Wake-On-LAN attacks and network
WOL-E mdk3 deauthentication, disassociation, and other
discovery
packets
Xplico Extract application data from network traffic mfcuk Crack Mifare Classic RFID cards
mfoc Crack Mifare Classic RFID cards
Forensics Tools mfterm Interact with RFID cards
Binwalk Analyze and extract firmware images Multimon-NG Decode various radio signals
Create and inject custom packets into wireless
bulk-extractor Extract artifacts from binary files Packetforge-ng
networks
A multi-platform, multi-architecture Exploit the WPS design flaw to recover
Capstone PixieWPS
disassembly framework WPA/WPA2 passwords
Perform advanced WPA/WPA2 password
chntpw Reset passwords on Windows systems Pyrit
cracking using GPU power
Cuckoo An automated malware analysis system Reaver A tool for brute-forcing WPS
A Bluetooth scanner and vulnerability
dc3dd A tool for imaging and wiping hard drives redfang
assessment tool
A radio scanner for spectrum analysis and
ddrescue Rescuing data from damaged disks RTLSDR Scanner
monitoring
A forensic framework for analyzing digital
DFF Spooftooph A tool for Bluetooth device spoofing and cloning
evidence
WPA encryption key recovery using TKIP
diStorm3 A disassembler library for x86/AMD64 Tkiptun-ng
vulnerabilities
Automated wirelss network hacking for WEP,
Dumpzilla Analyze Mozilla browser history Wesside-ng
WPA and WPA2 encryption

Copyright ©2023 linuxsimply.com| All rights reserved.

Prepared By: Md Zahidul Islam Laku
Web: Kali Linux Cheat Sheet
 Kali Linux
Cheat Sheet

Recover deleted files from ext3/ext4 Perform honey spot attacks on wireless
extundelete Wifi Honey
partitions networks
Foremost Extract files from disk images wifiphisher Steal credential of wireless network
Create virtual wireless access points and monitor
Galleta Analyze browser cookies Wifitap
network traffic
Guymager Create forensic images Wifite Audit and attack automated wireless network
iPhone Backup Filter and clean WPA/WPA2 handshake capture
Analyze iPhone backups. wpaclean
Analyzer file
A tool for passive OS fingerprinting and
p0f
network analysis
pdf-parser A tool for analyzing PDF files Hardware Hacking
A software development kit for developing
pdfid Analyze and detect malicious PDF files android-sdk
Android applications
An open-source electronics platform for creating
pdgmail Analyze Gmail artifacts Arduino
interactive projects
peepdf Analyze and explor PDF files dex2jar Convert Android DEX files to Java JAR files
RegRipper Analyze Windows registry hives Sakis3G Connect to 3G mobile networks
An assembler/disassembler for Android's dex
Volatility Analyze memory dumps smali
format

Exploitation Tools Reverse Engineering

Armitage A graphical cyber attack management tool apktool Reverse engineer and modify Android APK files
Backdoor
Add backdoors to binaries diStorm3 A disassembler library used for binary analysis
Factory
Penetration testing focuses on browser- A cross-platform debugger for x86, ARM, MIPS,
BeEF edb-debugger
based attacks and PowerPC executables
Commix A command injection exploitation tool jad Analyze and reverse engineer Java bytecode
crackle Break Bluetooth Smart encryption javasnoop Intercept and analyze Java method calls
A database of known exploits and
exploitdb JD-GUI Decompile and analyze Java bytecode
vulnerable software
jboss-autopwn Exploit vulnerabilities in JBoss servers OllyDbg A 32-bit assembler-level analyzing debugger
MSFPC Create Metasploit payloads Valgrind Debug and profile Linux programs
Test vulnerabilities in routers and other Match pattern and identify malware and other
RouterSploit YARA
embedded devices suspicious files
Generate shellcode and convert shellcode to
ShellNoob
assembly
Web Applications
Sniffing & Spoofing apache-users Find usernames on an Apache web server

SIPp Test and benchmark SIP-based VoIP systems Arachni A feature-rich web application security scanner

rtpbreak Detect, reconstruct, and analyze RTP sessions BlindElephant Identify web applications version number
SIPVicious Audit SIP-based VoIP systems Burp Suite Web application testing framework
rtpmixsound Mix audio into RTP streams CutyCapt Capture website screenshots
DAVTest Test the security of WebDAV servers
DIRB A tool used for web content discovery

Copyright ©2023 linuxsimply.com| All rights reserved.

Prepared By: Md Zahidul Islam Laku
Web: Kali Linux Cheat Sheet
 Kali Linux
Cheat Sheet

A Swiss Army knife for network attacks and

Discover hidden files and directories on a web
bettercap monitoring, including sniffing, spoofing, and deblaze
server
MITM attacks
A DNS proxy that can be used to forge DNS
DNSChef responses and redirect traffic to malicious DirBuster A multi-threaded web application scanner
sites
A fake IKE daemon used for launching MITM
fiked FunkLoad A web functional testing and load testing tool
attacks against IKEv1-encrypted connections
hamster- Perform session hijacking attacks against
Gobuster Brute forcing directories and files on web servers
sidejack web applications
Detect security vulnerabilities of web
HexInject Craft and inject packets into a network Grabber
applications
Test the security of SMTP servers by sending A tool used for web application testing and
iSMTP hURL
a large number of emails discovery
Exploit software vulnerabilities and perform
isr-evilgrade jboss-autopwn Exploit vulnerable JBoss application servers
automatic updates of malicious software
A SSL-capable intercepting proxy used for
mitmproxy intercepting, modifying, and replaying traffic joomscan Identify vulnerabilities in Joomla! CMS
between clients and servers
Generate payloads and test the detection Test Padding Oracle vulnerabilities in web
ohrwurm PadBuster
capabilities of antivirus software applications
A web application testing proxy used to
protos-sip Test the security of SIP-based VoIP systems Paros
intercept and analyze web traffic
Perform DNS rebinding attacks against web A tool used for web application fingerprinting
rebind Parsero
applications and directory discovery
Steal NTLMv1/v2 hashes and perform
responder plecost A WordPress vulnerability scanner
LLMNR/NBT-NS poisoning
A highly automated web application
rtpinsertsound Insert audio into RTP streams Powerfuzzer
vulnerability scanner
Perform SCTP network scanning and
sctpscan ProxyStrike Attack web applications through proxies
fingerprinting
A tool used for testing the security of SIP-
SIPArmyKnife Recon-ng A web reconnaissance framework
based VoIP systems
A web application security scanner used for
SniffJoke Manipulate network traffic in real-time Skipfish
reconnaissance and discovery
Detect and exploit VoIP security
VoIPHopper ua-tester Test user-agent strings in web applications
vulnerabilities
xspy Monitor and analyze X11 traffic Uniscan Security scanner used for finding vulnerabilities
A framework used for web application security
zaproxy Test security of web applications by scanning w3af
testing
A Java-based web application testing proxy used
WebScarab
for intercepting and analyzing web traffic
A multi-threaded, multi-platform web
Webshag
application vulnerability scanner
WebSlayer Find vulnerabilities in web applications

Copyright ©2023 linuxsimply.com| All rights reserved.

Prepared By: Md Zahidul Islam Laku
Web: Kali Linux Cheat Sheet
 Kali Linux
Cheat Sheet

Password Attacks WebSploit A web application security testing framework

Automate password spraying attacks against A web application fuzzer used for brute forcing
BruteSpray Wfuzz
multiple hosts simultaneously directories and files on web servers
Generate custom wordlists for password Fingerprint web servers and identify
CeWL WhatWeb
cracking and other security assessments vulnerabilities
Reset passwords on Windows systems by
chntpw WPScan A WordPress vulnerability scanner
modifying the Windows registry
Recover CMOS passwords on Windows
CmosPwd XSSer Find and exploit XSS vulnerabilities
systems
Extract password hashes and other Automate web application attacks and
creddump fimap
credentials from Windows systems vulnerability scanning
Brute-force attacks against remote
crowbar
authentication services
Generate custom wordlists for password
crunch Stress Testing
cracking and other security assessments
Identify the hash algorithm used to encrypt Flood DHCP servers with requests, causing them
findmyhash DHCPig
password hashes to crash or become unavailable
Decrypt Group Policy Preferences (GPP) Flood SIP servers with requests, causing them to
gpp-decrypt iaxflood
passwords on Windows systems crash or become unavailable
Identify the type of hash used to encrypt Flood a network with random packets, causing
hash-identifier Inundator
password hashes network congestion and slowdowns
A tool used for advanced password cracking Flood SIP servers with INVITE requests, causing
Hashcat inviteflood
and recovery them to crash or become unavailable
A tool used for database management and Collection of tools for testing and exploiting IPv6
HexorBase ipv6-toolkit
exploitation networks
Brute-force attacks against remote Flood VoIP servers with RTP packets, causing
THC-Hydra rtpflood
authentication services them to crash or become unavailable
A tool used for password cracking and Test the vulnerability of web servers to Slow
John the Ripper SlowHTTPTest
recovery HTTP
Generate network traffic and test the
A graphical user interface for John the Ripper
Johnny t50 performance of network devices under heavy
password cracking tool
loads
Exploit vulnerabilities in Microsoft Windows Test the security of Smart Grid devices and
keimpx Termineter
systems protocols
Generate custom wordlists based on Flood SSL servers with SSL handshake requests,
Maskprocessor THC-SSL-DOS
specified criteria causing them to crash or become unavailable
Brute-force attacks against remote
Ncrack
authentication services
Advanced password cracking and recovery
oclgausscrack on systems with OpenCL-compatible Maintaining Access
hardware
Password cracking and recovery on Windows Create encrypted and authenticated connections
ophcrack CryptCat
systems between two hosts
Inject shellcode into a running process in order
PACK Advanced password cracking and recovery Cymothoa
to gain remote access

Copyright ©2023 linuxsimply.com| All rights reserved.

Prepared By: Md Zahidul Islam Laku
Web: Kali Linux Cheat Sheet
 Kali Linux
Cheat Sheet

Brute-force attacks against multiple A backdoor daemon that allows remote access
patator dbd
protocols and services to a system via a network connection
phrasendresche Generate custom wordlists based on natural A tool used to tunnel TCP traffic over DNS
dns2tcp
r language patterns protocols
Retrieve password policy information from
polenum HTTPTunnel A tool used to tunnel traffic over HTTP protocols
Windows systems
Advanced password cracking and recovery Generate payloads for exploitation of
RainbowCrack Intersect
using rainbow tables vulnerabilities
A collection of various security-related
Create and execute PowerShell scripts for
SecLists wordlists for password cracking and other Nishang
penetration testing
security assessments
Generate custom wordlists based on SQL Collection of PowerShell scripts for penetration
SQLdict PowerSploit
queries testing and other security assessments
Generate custom wordlists based on Bypass NAT firewalls and establish direct
Statsprocessor pwnat
statistical analysis of existing passwords connections between two hosts
THC-pptp- Enumerate user accounts and groups on
Brute-force attacks against PPTP VPNs RidEnum
bruter Windows systems
A tool used for advanced password cracking Create a secure backdoor connection between
TrueCrack sbd
and recovery two hosts
Collection of various wordlists for password Bypass antivirus software and other security
wordlists shellter
cracking mechanisms
Exploit security vulnerabilities in U3 USB smart
U3-Pwn
drives
Collection of scripts and tools used for remote
Reporting Tools Webshells
access and exploitation of web servers
Create diagrams and charts to aid in the
A webshell used to gain remote access to web
CaseFile organization and visualization of data during Weevely
servers and execute commands
investigations
A hierarchical note-taking application that
Remotely execute commands on Windows
cherrytree allows the creation and organization of notes Winexe
systems from a Linux or Unix host
and code snippets
Capture screenshots of web pages from the
CutyCapt
command line
Convert DOS-style line endings to Unix-style
dos2unix
line endings in text files
A collaboration and reporting platform for
Dradis
security testing professionals
Visualize and analyze data from different
MagicTree sources, such as file systems, network traffic,
and databases
A tool used for auditing network device
Nipper-ng
security configurations
A password analyzer and cracking tool used
pipal
to identify weak passwords
Perform remote desktop protocol
RDPY operations, such as screen capture and input
injection

Copyright ©2023 linuxsimply.com| All rights reserved.

Prepared By: Md Zahidul Islam Laku
Web: Kali Linux Cheat Sheet