📰 Originally published on SecurityElites — the canonical, fully-updated version of this article.
_
Search “Kali Linux commands cheat sheet” right now and see what Google shows you. A 2019 Medium article. A 2020 GitHub gist. A 2021 blog post that lists 40 commands and calls it comprehensive. The #1 result for one of the highest-traffic keywords in cybersecurity is five years out of date. That changes today.
This is the Kali Linux commands cheat sheet built for 2026 — 200+ commands across 10 categories, every single one with a real working example and a plain-English explanation of what it does and when to use it. Not a raw command dump. Not an auto-generated list. Every entry written by someone who uses these commands in real penetration tests and ethical hacking engagements.
Bookmark this page. Screenshot the sections you use most. Download the PDF brief at the end. Come back when you forget a flag.
200+
Total commands covered
10
Categories covered
2026
Current — not 2019
100%
Free — always
📥 Free PDF Cheat Sheet — Printer-Friendly
All 200+ commands formatted for print. No login required. No email capture. Instant download.
📋 10 Categories — Jump to Any Section
🖥️ System & Navigation
🌐 Networking Commands
📡 Nmap — Network Scanning
🕷️ Web App Testing
🔑 Password Cracking
⚡ Exploitation — Metasploit
📶 Wireless Security
🔍 Forensics & Analysis
🔓 Post-Exploitation
🛠️ Utility & File Commands
⚠️ Legal Reminder: All commands on this page are for use on systems you own or have explicit written authorisation to test. Use them in your home lab, on TryHackMe, Hack The Box, or any authorised penetration testing engagement. Unauthorised use of offensive security tools is illegal in virtually every jurisdiction regardless of intent.
🖥️
System & Navigation Commands
The commands you run before running any others — every Kali session starts here
SYSTEM INFO & SESSION SETUP
└─$ whoami # Who am I running as? (root or kali)
└─$ id # Full user ID, group ID, supplementary groups
└─$ hostname # Machine hostname
└─$ uname -a # Full kernel version and architecture
└─$ cat /etc/os-release # Kali version and release info
└─$ uptime # How long the system has been running
└─$ df -h # Disk space — human readable
└─$ free -h # RAM usage — human readable
└─$ sudo apt update && sudo apt upgrade -y # Update all tools
└─$ history # All previously run commands
└─$ history -c # Clear command history (OpSec)
FILE SYSTEM NAVIGATION
└─$ pwd # Print working directory
└─$ ls -la # List all files including hidden, with permissions
└─$ cd /opt/tools # Change to /opt/tools directory
└─$ find / -name “*.txt” 2>/dev/null # Find all .txt files, suppress errors
└─$ find / -perm -4000 2>/dev/null # Find all SUID binaries (priv esc)
└─$ grep -r “password” /etc/ # Recursively search for “password” in /etc
└─$ cat /etc/passwd # List all system users
└─$ cat /etc/shadow # Password hashes (root only)
└─$ chmod +x script.sh # Make a script executable
└─$ tar czf archive.tar.gz /dir/ # Compress a directory
🌐
Networking Commands
Understand and manipulate network interfaces, connections, and routing
INTERFACE & CONNECTION
└─$ ip a # All interfaces with IPs (modern replacement for ifconfig)
└─$ ip route # Routing table — find your gateway IP
└─$ ip neigh # ARP table — devices on the local network
└─$ ss -tulnp # All open ports and listening services
└─$ netstat -antp # Active connections with PID (older systems)
└─$ ping -c 4 8.8.8.8 # Ping Google DNS 4 times
└─$ traceroute target.com # Trace hops to target
└─$ dig target.com # DNS lookup — A, MX, NS records
└─$ dig target.com ANY # All DNS records for target
└─$ host target.com # Quick DNS resolution
└─$ whois target.com # Domain registration info and contacts
└─$ curl -I https://target.com # Fetch HTTP headers only
└─$ wget -q https://target.com/file # Download file quietly
NETCAT (THE SWISS ARMY KNIFE)
└─$ nc -lvnp 4444 # Start listener on port 4444
└─$ nc -v 192.168.1.10 22 # Connect to SSH port — banner grab
└─$ nc -w 3 10.0.0.1 4444 < file.txt # Send file via netcat
└─$ nc -lvnp 4444 > received.txt # Receive file via netcat
└─$ nc -zvn -w1 192.168.1.1 20-100 # Quick port scan range
📡
Nmap — Network Scanning & Enumeration
The #1 tool in penetration testing — full tutorial: Kali Linux Day 1
securityelites.com
NMAP COMMAND REFERENCE 2026 — ALL SCAN TYPES
BASIC SCANS
nmap 192.168.1.1
Default: top 1000 TCP ports
nmap -sV 192.168.1.1
Service version detection
nmap -O 192.168.1.1
OS fingerprinting (sudo)
nmap -A 192.168.1.1
Aggressive: -sV -O -sC traceroute
PORT SPECIFICATION
nmap -p 80
Single port
nmap -p 1-1000
Port range
nmap -p-
ALL 65535 ports
nmap –top-ports 100
100 most common ports
SCAN TYPES
nmap -sS
SYN scan (default, stealthy)
nmap -sU –top-ports 100
UDP top 100 ports
nmap -sn 192.168.1.0/24
Ping sweep — find live hosts
nmap -Pn 192.168.1.1
Skip ping — treat as up
OUTPUT & NSE
nmap -oA scan_results
Save all output formats
nmap -sC -sV
Default scripts + versions
nmap –script vuln
Run vulnerability scripts
nmap -T4
Faster timing (T0-T5)
Professional scan combo: nmap -sV -sC -O -p- -T4 -oA full_scan [TARGET] — runs on authorised targets only
Nmap Command Reference 2026 — All scan types, port specifications, output formats, and NSE scripts in one visual card. The “professional scan combo” at the bottom is what penetration testers run on every authorised engagement. Full Nmap deep-dive: Kali Linux Day 1.
🕷️
Web Application Testing Commands
Gobuster, ffuf, nikto, sqlmap, and more — for authorised web security testing
📖 Read the complete guide on SecurityElites
This article continues with deeper technical detail, screenshots, code samples, and an interactive lab walk-through. Read the full article on SecurityElites →
This article was originally written and published by the SecurityElites team. For more cybersecurity tutorials, ethical hacking guides, and CTF walk-throughs, visit SecurityElites.
Top comments (0)