Kali Linux commands list – Basic to Advanced with Examples

kali linux commands basic to advance

Easiest way to use Kali Linux by commands but you should know there are thousands of the Kali Linux commands. And the biggest problem for the new user to learn about these commands.

Overview of Kali Linux commands:

In this article, I am going to cover how to use Kali Linux commands exactly without knowing anything about the tool.
Many students want to learn Kali Linux free of cost. If you are one of them then this article is useful for you.

And they start searching online, and they find lots of articles written by multiple experts, These are available online, but most articles are related on how to install Kali Linux, how to use tools of Kali Linux.

There is a big difference between the installation of the Kali Linux and using the Kali Linux tools. The gap is how to use Kali Linux commands already exist in Kali Linux.

kali linux commands basic to advance 2

How to finish Kali Linux using Gap?

In this tutorial I will try to remove that gap, so you can complete your journey from installation to using the tools and get involved in penetration testing. In the last article, I have written about Kali Linux hacker so if you want to know more about Kali Linux you can go there and read about it. otherwise, you have another option to know about Kali Linux go on Official website Kali Linux
Before writing this article I think about lots of factor about commands, and find out that:

Kali Linux commands Categories:

  1. System commands
  2. Tool commands
  3. Switches Or Sub-tools

System Commands in Kali Linux:

System commands are basic commands which are used for a system administration, these commands are helpful to manage the Kali Linux operating system.

You can use these commands to manage another Linux Operating system, for example, Ubuntu, mint, RHEL, etc.

As I have told you in my previous post “Kali Linux system is the combination of Linux OS and Hacking tools”. So all the basic commands are similar to other Linux System.

In this tutorial, I am going to describe basic and advanced Kali Linux commands to manage the operating system.
So good news here, First you will learn basic commands, then you can go for advanced kali Linux commands.

In the sense of meaning, all commands are the same for a normal user, sudo user, and Root user.

Basic Kali Linux commands:

Very basic commands can be used by Normal user. The identification of normal user ‘$’ sign, you can see in the following image vijay@kali:~$.

1# Date Command:


date command is used for checking the current date and time. the date can be changed by running following code

$ date –set=’20 September 2017 13:09′

but the normal user can’t change system time, Then you are thinking about “how to change system time” Of-course I will teach you in this article, dont worry about it.

2# cal command:


Cal command is used to display calendar

$cal

3# whoami command:


it is looking something difference command but it is used to tell about you. For example if you forget “which user is logged in?This command will tell you who are you current.

$whoami

Kali linux commands basic 1

4# pwd command:


it is used for print working directory. It means “On what location you are“. location meaning is here directory and sub-directory. The parent directory is “/” called root directory. A little confusion here, there is another root directory “/root”, this is home directory for root user.

5# ls command:


ls command is used to see files and directory inside a directory. use ‘ls’ to see the files and folders inside current directory. if you want to look up inside another directory, you will have to specify location.

$ls

$ls /var

$ls /home/username

6# cd command:


it is very useful command and play very important role for Linux user. this command is used for changed directory. cd /desired/location

If you use blank ‘cd’ without location then you will move in user’s home directory. so see the power of cd commands and enjoy!

$cd

$cd ..

$cd /desired/location ($cd /home/vijay)

Kali linux commands basic 2

7# mkdir command:


You have heard 100% about the directory, and “very easy to create a folder in Windows” . The graphical interface is really awesome. Command line interface is the fastest way to operate to Operating System. Linux users love it.

mkdir command is used to create a directory. if want to create a directory within the current directory. just use mkdir ‘directory name’. if you want to create a directory in the desired location then $mkdir /desired/location/directory name.

$mkdir lab

$mkdir /home/vijay/lab1

8# cat command:


These tutorial for hackers, So if you will get access of any computer of drive then you will 100% find some files. so cat command is used to see, edit matter inside file. You can create file and add content inside file.

How is it possible?

Simple use

$cat > ‘New File’ [Create new file or overwrite data on desired file] 

$cat “file name” [See matter inside file]

$ cat >> “file name” [add some data into file] 

Kali linux commands basic use cat

9# cp command:


cp command is used to copy files and folders from one location to another location. or copy in newfile name. This is big command and can be used in difference ways. here you can read more about https://www.computerhope.com/unix/ucp.htm

10# mv command:


If I don’t like files and folders, and want to move in another location. mv command is useful for you.

$mv “file/folder name” /destination/location

mv source location if the file or directory is not exist in current location if the file/folders within current location then us mv file/folder name [space] destination location {destination location = where you want to move}

mv command is also used for rename the file and folder

$mv ‘old filename’ ‘new filename’

11# rm command:


rm command is used to remove file and folder. In another word this command for deleting files and folders.


Kali linux commands basic 3

System Basic Kali Linux commands 


12# uname command:


Do you want to know name of your linux. if yes then use uname command 
The “uname” stands for (Unix Name), display detailed information about the machine name, Operating System and Kernel.

$uname

$uname -a

uname-command

13# uptime command:


this command is used to check how long your system is running. uptime for your system, this command can be used for forensics also.

14# users command:


users command is used to check current logged in user, On my Kali Linux system I have logged in with root user and later I switched to vijay user.

15# Less Command


less command is used for quickly view file. user can page up and down. Press ‘q‘ to quit from less window.

$less /etc/passwd

16#More Command


more command is used for  quickly view file and shows details in percentage. Press up and down arrow for  page up and down. Press ‘q‘ to quit out from more window.

$more /etc/passwd

17# Sort command


You can sort lines of text files in ascending order. with -r options will sort in descending order.

$sort filename.txt [ascending order]

$sort -r filename.txt [descending order]

18#VI Command


Vi is a most popular text editor used for  most of the UNIX-like OS. Here is a great article for vi editor 

19#Free command


Free command shows free, total and swap memory information in bytes.
Free with -t options shows total memory used and available to use in bytes.

$free

$free -t

free-command Kali linux basic

20# history command:


History command is used to check recent running commands. Oh really it is useful because Forgetting is the nature of human. IF you forget previous running command, you can use history command.

$history

history-command in kali linux

System Advanced Kali Linux commands 

TOP Free Hacking Tools used by Black Hat Hackers

free hacking tools

When I have started to learn hacking in 2011, the single question was stuck in my mind always what are the free hacking tools used by top hackers worldwide. At that time I have been working as a Linux System Administrator, and have good command over Linux. So I chose the Backtrack operating system to start hacking.

Today I can understand your condition if you are learning how to hack and still confused about hacking tools used by pro hacker and penetration tester then this post is relevant for you.

Free Hacking tools for Information Gathering

#1 OSINT Framework

OSINT Framework This is not a tool but framework focused on gathering information using different tools available open source (over internet). The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost.

#2 SHODAN

SHODAN: Shodan also is not a tool, it is a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.[1] This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server.

#3 Check User Name

CheckUserName: It is an online service that helps hacker to check usernames more than over 170 social networks. This is especially useful if Hacker is looking for social media accounts with a specific username and helpful The penetration tester for running an investigation to determine the usage of the same username on different social networks.

#4 Google Dorks

GOOGLE DORKS: Hacker never forgets to gather useful information using the search engine Google. Google hacking is a technique to get information hidden in a deep search engine Database. Google Hacking Database is the collection of google dorks.

Google Dorks Tutorial Google Hacking | Open web information Gathering

Free Google Hacking Books: Google Hacking Filters Google Hacking for Penetration Tester

#5 Maltego

Maltego: Maltego is the passive information gathering tool condition if may collect informative data from the internet available publicly. It can also gather information about individuals such as their potential email addresses/ phone no./Address etc.

Maltego Kali Linux Tutorial

#6 Recon-ng

Recon-ng: Recon-ng is another great tool pre-built in Kali Linux used to perform gathering information quickly. it is a full-featured Web Framework, it’s written in python. Complete with independent modules, database interaction, built-in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

#7 Whois

A whois Kali Linux command is a utility as a part of the information gathering used in all of the Linux-based operating systems. this tool is part of information security assessment, and one of the information gathering techniques. there are a lot of information gathering strategies. It is used to identify domain information and more. Whois.com

#8 DIG (Domain Information Gropper)

Dig: The ‘dig command‘ is used in network administration that check and lookup domain name server (DNS) It is dnssec and the part of information gathering.

dnsenum
Find Information related Domain Name servers, mail servers, exchange server, file server etc.

#9 Theharvester

Theharvester: Grab email addresses by using it search engine database, it is mostly used to collect email details of particular domain. thehaverster in Kali Linux tutorial

theharvester

#10 Creepy

Creepy: Creepy is a geolocation OSINT tool for penetration tester. Gathers geolocation related information from online sources by querying social networking platforms like Twitter, Flicker, and Facebook etc, and allows for presentation on map.

If anyone uploads images on social media with geolocation activated then you will see a full geo location of a person.
It search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.

Video Tutorial of Creepy

Free Hacking tools for Network Scanning

#11 Nmap – A Network Scanner Free tool

Nmap is a free hacking tool and most used worldwide in terms of network scanning. It is used to detect live hosts in the network, open ports of devices, running service on the same port with version detail, also used for vulnerability scanning.

It is free tool and available for windows, Linux, Free BSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.

Nmap is a powerful tool, has been used to scan huge networks of literally hundreds of thousands of machines in the same network or the network

Some Important Tutorials Here

#12 Angry IP Scanner

Angry IP Scanner is an open-source, simple and fast tool to use. It is a cross-platform network scanner.

It is widely used by network administrators, hackers, Penetration tester and just curious users around the world, including large and small enterprises, banks, and government agencies.

It is available for Linux, Windows, and Mac OS X, may be supporting other platforms as well.

It scans IP addresses and ports as well as has many other features as below:

  • Scans local networks as well as Interne
  • IP Range, Random or file in any format
  • Exports results into many formats
  • Extensible with many data fetchers
  • Provides command-line interface
  • Over 29 million downloads
  • Free and open-source
  • Works on Windows, Mac and Linux
  • Installation not required

#13 Advanced IP Scanner

Advanced IP scanner is one of the realible, free and popular scanners for analyzing Local network in a minute. User can see the available network devices and can access the shared folder.

It provides remote control over computers using RDP and Radmin, and can even switch off computers.

It is available in a portable mode, you can have this tool in your pen drive.

#14 IP Scanner

It is free tool powered by Lansweeper. It is used to scanning network and provide all conected devices in the network.

Extra feature is scheduling a network scan or run o n demand whenever you want.

Features are:

  • scan IP ranges automatically or on demand
  • re-discover an entire subnet with just one click
  • exclude devices from the results based on type or IP address
  • import your entire network setup via a CSV file
  • and do so much more!

#15 Hping3

ICMP Scanning by using Hping3

It is available in Kali Linux by default it is one of DOS attack software, DDOS stand for distributed denial of service attack. you can launch and stop the DOS attack, whenever you want. In this illustration, hping3 will act as an ordinary ping utility, sending ICMP-reverberation und getting ICMP-reply

Tutorial Article: 10 hping3 examples for scanning network in Kali Linux

#16 NetDiscover

netdiscover main

Netdiscover is an ultimate scanning tool used to get the internal IP address and MAC address of live hosts in the network. Netdiscover is a pre-installed tool in Kali Linux, if you are using Kali Linux then you don’t need to install netdiscover. No doubt nmap is the best tool for scanning network but Netdiscover is also a good tool for finding an Internal IP address and MAC address. So this tool continuously exits on the Kali Linux repository before it was in the backtrack repository as well.

Must Read: 10 best open port checker Or Scanner

Vulnerability Assesment tools

#17 OpenVAS

OpenVAS does not default in Kali Linux if you want to use, you must install it first. It is available on the Kali Linux repository so you can install directly from the terminal using apt-get utility.

OpenVAS Documentation

The OpenVAS scanner is a comprehensive vulnerability assessment system that can detect security issues in all manner of servers and network devices.

Results will be delivered to your email address for analysis; allowing you to start re-mediating any risks your systems face from external threats.

Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, we wanted to give a quick overview on how to get it up and running.

#19 Nikto – Web Scanner

Nikto is very short in name, but work is great.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

See All features of Nikto: https://cirt.net/Nikto2
Nikto Tutorial:

#20 Nexpose – Community Addition

Nexpose community vulnerability tool is developed by Rapid7 which is an open source tool. It is widely used for vulnerability scanning and a wide range of network intrusion checks. The following are the key features of Nexpose Community tool.

  • The tool is quite detailed in its scanning where it takes into account the age of the vulnerability such as malware kit employed, the advantages taken by the kit, etc.
  • The tool can be easily combined with a Metaspoilt framework.
  • The tool is capable to scan the new devices in order to detect the vulnerabilities and evaluate the network.
  • It can monitor the vulnerabilities exposures real time and can familiarize itself to the latest hazards very efficiently.
  • The tool categorizes the risks post scanning for vulnerability into low, medium, or high scale.

Download Nexpose: Nexpose Comunity Adition

#21 Retina CS Community

Retina CS is an open source free vulnerability scanner tool. It is a web-based console. It is used for Identify network vulnerabilities (including zero-day), configuration issues, & missing patches across operating systems, applications, devices, and virtual environments.

Features:

  • The tool is good for network security administrators, help to saves both time and money required for network security management.
  • It can perform automated vulnerability scans for workstations, web servers, web applications, and databases very swiftly.
  • It can provide an assessment of cross-platform vulnerability.
  • It has features to provide patching, configuration compliance, compliance reporting, etc.
  • The tool supports virtual environments such as virtual app scanning, vCenter integration, etc.

Download: Retina CS Community Tool

Web Application Analyzing Tools

#22 WPscan

wpscan

Wpscan a small tool written in ruby and preinstalled in Kali Linux, if you are using another Linux distribution, then install wpscan first.

Wpscan is used to scan the wordpress website for known vulnerabilities within WordPress core files, plugin, and themes. you can enumerate users for a weak password, users and security misconfiguration.

WPscan Tutorial: WpScan

#23 HTTrack – Website Copier

Httrack graphical

HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility.

It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site’s relative link-structure. Simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system.

WinHTTrack is the Windows (from Windows 2000 to Windows 10 and above) release of HTTrack, and WebHTTrack the Linux/Unix/BSD release.

See the download page. HTTrack Download
How to use httrack website copier
How to use httrack website copier graphically

#24 Arachani Web Scanner

Arachni scanner

If you are Kali Linux user, then you shouldn’t worry about arachani web scanner is available for Kali Linux. Just run following command to install

#apt-get install arachni

The Arachni scanner is an escalated tool that runs from a web interface much likened to that of Tenable’s Nessus. Notwithstanding, dissimilar to Nessus, Arachni can just perform a scan against one host on one port at a time. On the off chance that there are different web services running on a host and not serviced from the port, then repeated scan will must launch separately. For example, http://www.xyz-company.com/ is facilitating a web application security services on port 80 and phpmyadmin on port 443 (HTTPS), the Arachni scanner will must be run twice. It’s not a blaze and overlook kind of system. Arachni likewise has an exceptionally configurable structure. The plugins and settings for Arachni take into account accuracy checking, and all plugins are enabled by default. Reporting is a snap and could be designed in numerous diverse sorts of output

Tutorial : How to use Arachni scanner for Web Application vulnerability in Kali Linux

#25 sqlmap – Database Enumerator

Sqlmap is default in Kali Linux, Use and enjoy to get important information from database server.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Features :

  • Supported databases are MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, HSQLDB.
  • Six sql injetion techniques support: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
  • Direct connect to the database and enumerate data without DBMS credentials.
  • It can dump databse tables.
  • It support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.

Free Hacking tools for Password Cracking

#26 John The Ripper

john the ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS.

John, better known as John the Ripper, is a tool to find weak passwords of users in a server. John can map a dictionary or some search pattern as well as a password file to check for passwords. John supports different cracking modes and understands many ciphertext formats, like several DES variants, MD5 and blowfish. It can also be used to extract AFS and Windows NT passwords.

Documentation : https://www.openwall.com/john/doc/

#27 Hashcat

According to official website Hashcat is the world’s fastest CPU-based password recovery tool.

While it’s not as fast as its GPU counterpart oclHashcat, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some unknown reason, both of them did not support multi-threading. That was the only reason to write Hashcat: To make use of the multiple cores of modern CPUs.

Granted, that was not 100% correct. John the Ripper already supported MPI using a patch, but at that time it worked only for Brute-Force attack. There was no solution available to crack plain MD5 which supports MPI using rule-based attacks.

Must Read: Hashcat Tutorial – Bruteforce Mask Attack

#28 Cain and Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Cain and Able Tutorial:

#29 Hydra-THC

According to official website of thc-hydra, One of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system and different online services

There are already several login hacking tools available, however the online services Either support more than one protocol to attack or support panellized Connects.

THC-Hydra Tutorial: Dictionary attack tool thc-hydra tutorial for beginner

#30 FcrackZip

fcrackzip searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.

Have you ever mis-typed a password for unzip? Unzip reacted pretty fast with ´incorrect password´, without decrypting the whole file. While the encryption algorithm used by zip is relatively secure, PK made cracking easy by providing hooks for very fast password-checking, directly in the zip file. Understanding these is crucial to zip password cracking.

Tutorial: Fcrackzip Windows to crack zip password [Tutorial]

Must Read: Top 10 Password cracker software for Windows 10

Free hacking tools for Wi-Fi

#31 Aircrack-ng

Aircrack-ng is not a tool, but it is a complete set of tools including used to audit wireless network security.

It focuses on different areas of WiFi security:

  • Monitoring: Packet capture and export of data to text files for further processing by third party tools
  • Attacking: Replay attacks, deauthentication, fake access points and others via packet injection
  • Testing: Checking WiFi cards and driver capabilities (capture and injection)
  • Cracking: WEP and WPA PSK (WPA 1 and 2)

All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2

Aircrack-ng Documentation: https://www.aircrack-ng.org/doku.php#documentation

#32 Fern Wifi Cracker

Fern Wifi Cracker is GUI (Graphical User Interface) based tool. It is easy to use. If you are not command lover person then this is a best tool for you to crack wifi including WEP/WPA/WPA2.

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.

Features:

  • WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack
  • WPA/WPA2 Cracking with Dictionary or WPS based attacks
  • Automatic saving of key in database on successful crack
  • Automatic Access Point Attack System
  • Session Hijacking (Passive and Ethernet Modes)
  • Access Point MAC Address Geo Location Tracking
  • Internal MITM Engine
  • Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
  • Update Support

Best Tutorial : Fern WiFi Password Auditing Tool

#33 Fluxion

Fluxion is a wifi Security analysis tool security study than can be used WPA and WPA2 hacking or other wifi attacks using the MITM (Man In the Middle Attack) techniques. It is the future of wifi hacking and a combination of technical and social engineering techniques that force user to send WiFi password to attacker in plan text. In short words, It’s a social engineering framework using following process

Complete Tutorial: Fluxion – WPA WPA2 hacking in minutes [2019]

Exploitation Tools

#34 Metasploit Framework

If you are planning to learn hacking, you must learn how to use metasploit framework.

Metasploit is as important as milk for body.

It is the collection of small tool or scripts used for scanning, enumeration, vulnerability scanning, exploitation, password cracking, maintaining access and more.

You can say one framework collection of tool

Metasploit framework Version v5.0.2-dev has

  • 1852 exploits
  • 1046 auxiliary
  • 325 post
  • 541 payloads
  • 44 encoders
  • 10 nops
  • 2 evasion

Metasploit is easy to learn and use for Hacking or penetration testing. Command line interface makes it more strong and powerful.

You can write your own exploits and use inside metasploit. It is absolutely Free.

Metasploit Tutorial Links:

  1. 6 Metasploit Modules – You should know
  2. MSFvenom replacement of MSFpayload and msfencode – Full guide
  3. 6 Techniques to analyze the vulnerability scan report in Metasploit
  4. How to use Metasploit for vulnerability scanning
  5. How to use metasploit pro in Kali Linux
  6. Creating Persistent Backdoor By Metasploit in Kali Linux
  7. Creating Trojan Horse (Encoded)By Using Msfpayload

Metasploit Unleashed by Offensive Security

Metasploit Minute by Hak5 Team

Free Metasploit Course by Cybrary

#35 Armitage

Do Easy and fast hacking with Armitage It is graphical interface of Metasploit framework. It has user friendly interface. Everything in one click.

One click for scanning network.

One Click for run vulnerability scanning, possibilities of exploitation those weakness.

One Click for creating backdoor and more.

Really it is very awesome exploitation framework you must try and use it.

Armitage Tutorial: Manual Page

#36 BeEF – Exploit Browser

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.

BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Beef Youtube Channel: https://www.youtube.com/user/TheBeefproject

Blog : https://blog.beefproject.com/

#37 SET – Social Engineering Toolkit

It is time to exploit human, Yes human can be exploited through the computer. Just send a link to him/her, He/she will give you personal information (some time username and password) try it now.

This is menu based exploitation framework, It means choose the option from given menu, choose again and again. Hurrrr you launched attack.

It is very usefull for hacking social media accounts like Facebook, twitter, LinkedIn etc.

Do you want hack Gmail account use it.

Hacker can hack facebook account in 1 Minute

Hacker can hack facebook account within 1 Minute

Posted by Cyrage on Thursday, April 19, 2018

Tutorial Blog

#38 Macchanger

macchanger is a GNU/Linux utility for viewing/manipulating the MAC address for network interfaces.

MAC address is a physical address of NIC (Network Interface Card).

Every device in the network has two type of address, One is IP address another MAC address. IP address can be changed easily, but MAC address can’t.

Macchanger is used to change the MAC Address of devices. It is available only for Linux.

It comes in Kali Linux by default.

More: Learn about macchanger or MAC spoofing in Windows 10 & Linux

#39 ArpSpoof

arpspoof redirects packets from a target host (or all hosts) on the LAN intended for another host on the LAN by forging ARP replies. This is an extremely effective way of sniffing traffic on a switch

Kernel IP forwarding (or a userland program which accomplishes the same, e.g. fragrouter(8)) must be turned on ahead of time

Arp spoofing / poisoing attack with ettercap tutorial in Kali Linux

#40 Ettercap – MITM AttacK

Man In The Middle attack is very famous attack performed by hacker. In this attack hacker sit between you and server, and monitor all the network traffic between you and servers on the internet.

Hacker can see what are you browsing, what text you are filling on which website. If you are entering username and password, it can be seen. So be careful about this attack.

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis

kali linux man in the middle attack tutorial step by step

#41 Wireshark

Wireshark is a shark of network monitoring / capturing each every packet traveling over wire or wireless medium.

Using wireshark is enough for a network administrator / Network security researcher to monitor network activity.

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998

Features:

  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

Tutorial for Beginners: Using Wireshark

Download Wireshark: https://www.wireshark.org/#download

Wireshark Tutorial: Wiki

#42 Burp Suite Community

Burp Suite is the leading software for web security testing…

Thousands of organizations use Burp Suite to find security exposures before it’s too late. By using cutting-edge scanning technology, you can identify the very latest vulnerabilities. Our researchers frequently uncover brand new vulnerability classes that Burp is the first to report

Burp Suite constantly raises the bar of what security testing is able to achieve.

Download Burpsuite Community edition : Download Here

Tutorial of Burp Suite: Web Security

#43 Owasp ZAP Prox

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

Official Website Owasp ZAP

#44 Dardis – Report Writing

When you are working as a Penetration tester/ Ethical hacker / Security Researcher then You must submit report to the organization about issues or vulnerabilities.

So you must know to to write report and send to organization.

It comes with kali linux by default if you are not user of Kali Linux then you can download from Here

SysAdmin- Download CentOS ISO image for free

1 Download CentOS ISO image Free

Linux tutorial for Beginners – LAB Setup

  1. Download CentOS
  2. Minimal Installation on VirtualBox

How to Download ISO image of CentOS  for free

Today, This is my first post on the system administrator guide. In this tutorial, I will show you how you can download centos ISO image from the official website. There are three types of the ISO image available on the official website of Centos 7. 

  1. DVD ISO image
  2. Everything ISO image
  3. Minimal ISO image

Choose one of them. I will download ISO image DVD. Read the next post I will show you how to tell perform the minimal installation on VirtualBox.

Video Tutorial: Download ISO image of CentOS 7

How to download CentOS

How to download CentOS

Posted by Q Hacker on Wednesday, February 15, 2017

SysAdmin: Minimal install CentOS on Virtualbox

2 Minimal installation of Centos 7

Linux tutorial for Beginners – LAB Setup

  1. Download CentOS
  2. Minimal Installation on VirtualBox

Minimal install CentOS  on Virtualbox Step by Step

Hello friends in last post SysAdmin- Download CentOS ISO image for free you found how you can download centos 7 ISO image. In this post SysAdmin: Minimal install CentOS  on Virtualbox I will show you how you can perform the minimal install  CentOS  on virtualbox.

You need to complete following tasks to complete installation

  1. Install virtualbox on Windows machine
  2. Create a virtual machine for centos 7 operating system
  3. Then install the centos 7 on virtual machine

Video Tutorial Minimal installation of CentOS 7 on Virtualbox

SysAdmin: Minimal install CentOS on Virtualbox

Minimal install CentOS on Virtualbox Step by Step

Posted by Q Hacker on Thursday, February 16, 2017

How to create a file in Linux – View, Edit by Terminal Command

how to create a file in linux

 

How to create a file in Linux terminal

In this post, you will learn about how to create a file in Linux by using commands in terminal. use Linux vi editor commands for Create, View and Edit files in Linux operating system. Linux is not like windows operating system and mostly it operated by commands. There are some most used commands to create, view and edit text files.

  • Touch command
  • Cat command
  • Vi editor
  • vim editor

linux vi editor commands for create, view and edit files

linux vi editor commands for create, view and edit files

Posted by Q Hacker on Thursday, February 16, 2017

 

Linux tutorial for Beginners – Understand and use essential tools

  1. Create and edit text files
  2. Create, delete, copy, and move files and directories
  3. read, and use system documentation including man, info, files

Create, delete, remove and Copy directory linux

5 Create, delete, copy, and move files and directories in CentSO 7

 

Create, delete, remove and Copy directory Linux

Hello friends, Welcome to our RHCSA video tutorial. You will learn the following important topics on Linux on how

  • Create a new directory/folder.
  • How to delete the folder in Linux.
  • Copy directory Linux.
  • Remove the directory in Linux 
  • Rename directory/folder in Linux.

Create, delete, copy, and move files and directories

Create, delete, copy, and move #files and #directories

Posted by Q Hacker on Friday, February 17, 2017

Linux tutorial for Beginners – Understand and use essential tools

  1. Create and edit text files
  2. Create, delete, copy, and move files and directories
  3. read, and use system documentation including man, info, files

 

 

Info, Help & Man command in Linux [Full Guide on System Documentation]

6 read, and use system documentation including man, info, and files in cent os 7

 

SysAdmin 6: Info, Help & Man command in Linux

Most of tools and utilities in Linux have own documentation, this documents can be displayed by using info command in Linux, or man command in Linux. Help command in Linux also provides a short help documentation about the related command (tools).

In this video, we will cover how you can Read, and use system documentation including man, info, in Linux. 

 

Read, and use system documentation including man, info, in Linux

Read, and use system documentation including man, info, in Linux

Posted by Q Hacker on Friday, February 17, 2017

Linux tutorial for Beginners – Understand and use essential tools

  1. Create and edit text files
  2. Create, delete, copy, and move files and directories
  3. read, and use system documentation including man, info, files

 

Boot, Reboot and Linux shutdown command in Terminal – Tutorial

Boot, reboot, and shut down a system normally

 

Boot, Reboot and Linux shutdown command

In the last video, we have covered how to Info, Help & Man command in Linux [Full Guide on System Documentation]

And today we are going to cover how to boot and reboot Linux shutdown command in Terminal by using a command line. The user can do the same thing in the graphical interface but in this, we will use a different command to a control system.

Linux poweroff is also known as halt Linux system. If you want to poweroff Server/system you can’t power off, first you must use Linux shutdown command to shutdown system/Server then you can power off.

If you facing some issue and want to reboot Linux system, you can use commands mentioned in the video. If you are unable to reboot Linux system you should choose Linux force reboot option by the following command:

#reboot -f

 

SysAdmin7: #Boot and #reboot #linux server command in Terminal

SysAdmin7: Boot and reboot linux server command in Terminal

Posted by Q Hacker on Friday, February 17, 2017

Linux tutorial for Beginners – Operate Running System

  1. Boot, reboot, and shut down a system normally
  2. Interrupt the boot process in order to gain access to a system
  3. Identify CPU memory intensive processes, adjust process priority with renice, and kill processes

 

How to install Kali Linux on VirtualBox – Full guide step by step

How to install kali linux on virtualbox

Module 2:- LAB SETUP

  1. You must know Kali Linux requirements before install on System
  2. How to install Kali Linux on VirtualBox – Full guide step by step
  3. How to install virtualbox guest additions in Kali Linux 2.0
  4. 10 steps for Setting Up metasploitable 2 VM – guide

Hello and Welcome on my blog,

I am happy to see you on my blog, after reading this full blog you will be able to learn “How to install Kali Linux on virtualbox” but one important thing is left, “do you know how create virtual machine for Kali Linux”? if not go further information at  Virtual Machine for Kali Linux

Method 1:

One Click install Kali Linux on VirtualBox

I am happy to share with you “one click install Kali Linux on Virtualbox”. Kali Linux new version 2017.1 has been released with new features. If you have older version installed, you can update in newer version How to update and upgrade Kali Linux to 2019.1 if you are not using before, you can install it on virtual box and start exploring it.

Perquisites: 

  1. Installed Virtualbox
  2. Kali Linux Virtualbox Image. https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/

kali-linux-virtualbox-image

Now we are one click away to install Kali Linux on Virtualbox, after downloading the VirtualBox image double click on Kali Linux 2019.1 -x-x.ova file. Virtualbox will be open with a new window called appliance settings.

Click on Import, and virtual machine settings will be imported. don’t go for coffee it will not take a long time.
import-appliance-settings

So Kali Linux is ready to use on virtualbox.

But on the other hand if you have downloaded ISO image then move to the next step and install it.

Video Tutorial:

One Click install Kali Linux on VirtualBox

If you not interested to know the installation process of kali linux then here is One Click install Kali Linux on VirtualBox. Kali is ready explore it

Posted by Cyrage on Thursday, April 27, 2017

Method 2:

How to install Kali Linux on VirtualBox

Kali Linux Virtual Machine Requirements:

1. Installed Virtual box  on your system.

2. Kali Linux 2 Virtual Machine

3. Kali Linux ISO image File

Before starting to install you need to a little bit setting in you virtual machine first.

Step 1 Insert Virtual Installation CD/DVD of  Kali Linux:

1. Go in settings of Kali Linux Virtual Machine.

2. Go in Storage > Controller: IDE > Select Empty

3. Click on CD icon in right side of CD/DVD drive: >choose a Virtual CD/DVD disk file >Click on it then new window will be popup.

4. Give the path of Kali Linux DVD image After adding virtual DVD in your Virtual Machine, It will ready to boot with Kali Linux live DVD.

How to install Kali Linux on virtual Box_image1
Step 2: Start your Virtual Machine and boot with DVD by clicking on start option available in top menu of Virtual box. After it you will be on the first screen of virtual machine boot with DVD.

Step 3: Now here you have many choice for selection so select install or Graphical install (both are some only difference of graphic interface) my recommendation is select Graphical install. After pressing Enter installation will be start.

How to install Kali Linux on virtual Box_image2
Step 4: Select you Language and Click Continue.

Step 5: Select your Country And click Continue.

Step 6: Select Keyboard type by default it will remain American English and click on Continue after it will take little bit time to installing component in you system.

Step 7: This screen ask you provide host name (which will show in network means your computer name . you can put any name whatever you want either set Kali.

How to install Kali Linux on virtual Box_image3
Step 8: Here provide any domain name whatever you want like neosec.in

How to install Kali Linux on virtual Box_image4
Step 9: Setup Root Password Any whatever you want or set toor which by default. Click Continue.

How to install Kali Linux on virtual Box_image5
Step 10: Setup your time Zone (which time zone belongs to you)

Step 11: Most important part of installation to setup partition if you are new user and going to install Kali Linux in Virtual machine so Select first option Guided : Use entire disk:

How to install Kali Linux on virtual Box_image6
Note: if you are going to make you system system duel boot don’t select entire disk option by this your complete hard disk will be used by the Kali Linux system & you will lose your all data so be careful.

Step 12: your hard disk will show here select and Click on Continue.

Step 13: Select all files in one partition & Continue because this tutorial for new user and you are.

Step 14: Select Finish partition and write changes to disk & Continue.

How to install Kali Linux on virtual Box_image7
Step 15: Select Yes and Continue. Your installation will be start and it will take a little bit time wait

How to install Kali Linux on virtual Box_image8
Step 16: setting up network mirror Select No we will configure network mirror later.

Step 17: Select yes and Continue.

Step 18: Finish installation and Continue.

Video Tutorial: How to install Kali Linux on virtualbox

How to install kali linux on virtualbox – guide

Here Video tutorial on how to install kali linux on virtualbox if you cant understand properly please visit: http://cyberpedia.in/how-to-install-kali-linux-on-virtual-box/

Posted by Q Hacker on Tuesday, February 14, 2017

Going to finish installation and system will restart with Kali Linux Operating System.

wpscan Kali Linux Tutorial to Know WordPress Vulnerabilities

wpscan check versioin

Millions of Websites are running on WordPress CMS today, Is your website one of them? If Yes, Do you know about vulnerabilities exist on your website?

Think Again!! Is your WordPress website is hackable?

Check Again! Your WordPress website for vulnerabilities.

Today’s topic is wpscan Kali Linux Tutorial to Scan WordPress Website for Known Vulnerability. Yes, we are going to find out vulnerable WordPress core files, Plugins, and themes.

Wpscan a small tool written in ruby and preinstalled in Kali Linux, if you are using another Linux distribution, then install wpscan first.
I was checking my client’s website without any potential purpose, suddenly one question arises in my mind lets check the security. I had installed Kali Linux on a VirtualBox So I had started wpscan to scan the website for getting details about plugin and themes.

Trust me I found lots off aggressive detection, for example, open files, files access directly in browser, usernames and more.

Wpscan Kali Linux Tutorial

Wpscan is used to scan the wordpress website for known vulnerabilities within WordPress core files, plugin, and themes. you can enumerate users for a weak password, users and security misconfiguration.

I am going to tell you all the steps on how to use wpscan in Kali Linux.

In Kali Linux just open terminal and write following syntax to run wpscan

#wpscan

One of the following options is required: URL, update, help, hh, version, or use –help option.

So I used following command to check for available options in wpscan,

#wpscan –help

For Check the version

#wpscan –version

Next step to update wpscan, The database used by wpscan is wpvulndb.com maintains by the team and ever-growing list of vulnerabilities.

#wpscan –update

Scan complete website by giving url followed by –url option

#wpscan –url https://www.yourwebsite.com

If you want to scan website for checking vulnerable Plugin add the –enumerate vp argument

#wpscan –url https://www.yourwebsite.com –enumerate vp

Check the result carefully and you will find lots of information about plugins, if any vulnerable plugin exists, you will see red exclamation icon and relate information.

Do you find any vulnerable plugin?

If Yes.
Update the plugin as soon as possible, if you cannot update, plugins should be replaced or removed permanently.

Scan vulnerable Themes

Similar as plugin scan you need to add –enumerate vt argument to check your website for vulnerable themes.

#wpscan –url https://www.yourwebsite.com –enumerate vt

If you get results with red exclamation icons, it means your theme is vulnerable. You will find url and more information.

Do you have a vulnerable theme?
YES
Update / Replace /Remove whatever you can.

WordPress User Enumeration by Wpscan

A small question for you:
“What if hackers know your WordPress website’s username?”
Will he hack your website?
What impact on your website?

Reply in the comment box.

By the way, it is easy to getting username list and their permissions by using a simple argument –enumerate u

#wpscan –url https://www.yourwebsite.com –enumerate u

If you are using Website firewall you will get error and wpscan will stop.

Brute Force Attack on WordPress website by using Wpscan

Password guessing in old technique to get the right password, and very hard if you are doing manually.

It is easy!

If you are using tool and a word-list.

At the end of tutorial, I am going to say a single phrase.
Don’t use your knowledge unethically.

If you have any questions tell me in the comment box.

Cheers!