50 Basic Linux Commands you Need to Know on Kali Linux
Even if Kali Linux includes powerful tools, that can often be used via the GUI (graphical user interface), knowing some basic Linux commands is highly recommended to do a bit more with your system and targets. That’s exactly the goal of this article, where I’ll give you 50 of the most useful Linux commands you need to know.
I worked about 20 years as a Linux system administrator, and these were the commands I used every day. So, if there are only 50 Linux commands you can remember, start with these. It will save you time regularly.
I sorted them by category, so you don’t necessarily have to read from start to end, you can use the table of content below to quickly get to what you are looking for.
Your essential Linux handbook
Want to level up your Linux skills? Here is the perfect solution to become efficient on Linux. 20% off today!
Download now
Files management
Join the Complete Ethical Hacking Course Bundle and step into the world of cybersecurity.
Learn to think like a hacker and protect systems with this comprehensive course.
Download your exclusive free PDF containing the most useful Linux commands to elevate your skills!
- cd <path>: Changes directory, go to the specified folder in the files tree.
cd /home/pat
. - ls: Lists the files and directories in the current or specified folder.
ls ls /home/pat
ls -latr /home/pat - mkdir <folder>: Creates a new subfolder in the current or specified folder.
mkdir myfolder
mkdir /home/pat/myfolder - cp <file> <destination>: Copies a file or a directory to another location (to copy a complete directory, you need to add the -r parameter for “recursive”).
cp test.txt /home/pat/Documents/
cp /home/pat/test.txt /home/pat/Documents/
cp -r /home/pat/test/ /home/pat/Documents/ - mv <source> <destination>: Moves a file or a directory to another location.
mv /home/pat/test.txt /home/Documents/
mv /home/pat/test/ /home/Documents/ - cat <file>: Displays all the content of the specified file.
cat /home/pat/README.txt
- more <file>: Displays the content of the specified file, page per page (enter or space to continue, q to quit).
more /var/log/syslog
- tail <file>: Tail allows you to display the end of a file, it’s useful to check new entries in a log file.
tail /var/log/syslog
You can specify the number of lines to display with -n.tail -n20 /var/log/syslog
And finally, my favorite is the option -f to display new lines in real-time.tail -f /var/log/syslog
- head <file>: It’s the same as tail but displays the beginning of a file.
head /home/pat/file.txt
head -n20 /home/pat/file.txt - grep <string>: Grep is a powerful tool to search string in a text. You can use it to search for something in a file or to filter the output of another command or script.
Basic usage:grep dhcp /var/log/syslog
As I said, you can use it with a file or a script output:cat /var/log/syslog | grep dhcp
/home/pat/myscript.sh | grep error
ls -latr | grep php
And finally, there are many options to use with grep, like regular expressions or options to display lines before (-B), after (-A) or around (-C) the search string.
You can also use -v to display everything except the input string.grep 'dhcp|dns' /var/log/syslog
grep -A2 -B4 'Fatal error' /var/log/apache/error.log
grep -v 'Notice' /var/log/apache/error.log
If you like this tool, I recommend reading the man page to know exactly what you can do with it.man grep
- nano <file>: Nano is text editor.
It allows you to edit a file, and save your changes with (CTRL + O, Enter, CTRL + X).nano /home/pat/myscript.sh
You’ll find all actions available at the bottom of the screen.
- rm <file>: Deletes a file. For a folder, add option -rf (recursive and force)
rm monscript.sh
rm -rf /home/pat/scripts/
Be careful if you are using sudo with this command. Using it on system folders will delete everything without any warning message, and can break your system in a few seconds. - tar -c: You can use tar to store files into an archive. It’s often used with gzip to compress files.
tar -cvfz archive.tar.gz /home/pat/Documents/mydirectory
-c: create an archive
-v: verbose
-f: filename of the archive follow
-z: compress files with gzip - tar -x: It’s the same command, but to extract files.
tar -xvfz archive.tar.gz
-x: extract an archive - find: As the name suggests, find is useful to locate files on your computer.
find /home/pat -iname *.tar.gz
There are many options to help you find the good file (size, last modification date, …).
- pwd: Pwd lets you see in which directory you are.
pwd
- tree: Another great tool to analyze your current location in the file tree. It will show you the entire lower tree (see the example below).
tree
Note: you may need to install this one depending on your distribution:sudo apt install tree
Network commands
You may need these commands just after the Kali Linux installation, if you only have access to the system via a terminal (SSH, for example). It can also be useful for pentesting, when connected to a network you don’t know anything about.
Configuration
- ip: Displays your current network configuration, mainly your IP address if connected.
ip a
- ping <ip>: Sends a ping packet to another IP on the network to check if the host is alive.
ping 192.168.1.1
- ifup <interface>: Enables the specified interface.
sudo ifup eth0
- ifdown <interface>: Disables the specified interface. It can be useful to disable Wi-Fi if you are already connected by cable, for example.
sudo ifdown wlan0
File transfer and remote connection
- wget <url>: This command allows you to download a file from the Internet.
wget https://wordpress.org/latest.zip
- ssh <user>@<ip>: SSH is a network protocol that provides you a way to connect securely to a remote computer.
ssh root@192.168.1.201
- scp <file> <user>@<ip>:<path>: scp can transfer a file to a remote computer over SSH.
scp test.txt root@192.168.1.201:/root/
- rsync <file> <user>@<ip>:<path>: rsync does almost the same thing, but with a delta comparison algorithm and some optimizations to transfer files faster.
rsync test.txt root@192.168.1.201:/root/
rsync -auzr /home/pat/Documents/* /home/pat/backups/Documents/As you can see, you can also use rsync for local file synchronization.
System updates
- apt update: Downloads the last repository version for each one you have in your configuration (/etc/apt/sources.list).
sudo apt update
- apt upgrade: Updates all installed packages if needed.
sudo apt upgrade
Packages management
- apt install <package>: Installs the specified package(s).
sudo apt install phpmyadmin
sudo apt install vim htop - apt remove <package>: Removes a previously selected package.
sudo apt remove vim
- apt search <search>: Searches for a package name in the packages list (repository).
sudo apt search myadmin
sudo apt search php - dpkg -l: Lists all installed packages on your system. You can use grep to find a specific package.
dpkg -l
dpkg -l | grep myadmin
System management
Download your exclusive free PDF containing the most useful Linux commands to elevate your skills!
- reboot: As the name says, this command will restart the computer immediately.
sudo reboot
- shutdown -h now: This is to stop the computer immediately.
sudo shutdown -h now
You can replace “now” by a specific time (shutdown -h 12:05).
- service <servicename> <action>: This command allows you to start or stop services.
service apache2 start
service apache2 stop
Sometimes there are other options, depending on the service, for example:service apache2 reload
service apache2 restart
Don’t type any action to see all those available:service apache2
For information, you can also use systemctl to do the same thing, on Debian-based distributions, you still have the choice. - update-rc.d <service> <action>: On Kali Linux, this command allows you to manage the service start or stop on the system boot.
To start a service on boot:sudo update-rc.d ssh enable
To disable start of the service:sudo update-rc.d -f ssh remove
The -f option is here to force the symbolic link deletion. This command is only for service. To start other scripts or commands on boot, you have to edit the /etc/rc.local file.sudo nano /etc/rc.local
- ps: This command displays all running process on your computer.
The basic command is this one to display everything:ps aux
You can also display the processes started by a specific user:ps -u pat
This will give you a list like this:
The process ID (PID) can be useful for other commands, to stop it, for example (next command). - kill <pid>: The kill command allows you to terminate a process. You’ll need the process ID to do this (see the previous command).
kill 12345
Sometimes you may need to use the -9 option to force all related commands to stop. For example, if you run 20 commands in a script and kill it, it’ll continue to the next line, not exit the program, except if you use the -9 option.kill -9 12345
You can also use killall to stop all occurrences of a program.killall php
This command will stop all PHP scripts.
Be aware that this command will immediately stop the process asked, no matter what was going on. It isn’t a clean stop. You don’t know what the script is doing so it can damage data or corrupt files.This should be used as a last step, and if possible on the non-critical process.
- htop: This tool is an alternative to top. It’s more user-friendly than top, with colors and dynamic load bars.
htop
- df: Displays the partition list, with the disk space used and available for each one.
df
df -h-h option is for the human-readable format.
Misc
Join the Complete Ethical Hacking Course Bundle and step into the world of cybersecurity.
Learn to think like a hacker and protect systems with this comprehensive course.
- history: Linux store any command you type in an archive file. History is the command to use to display this list.
history
You can also clear all the history.history -c
Or clear one specific entry.history -d 12
- crontab: Cron is a tool to schedule tasks on a Linux computer. Crontab is the file where you enter lines for each task to run.
crontab -l
crontab -e
-l option to display lines.
I recommend using a crontab tool like this one to quickly find the correct syntax.
-e option to edit lines.
You can use sudo before to schedule tasks to run with root privileges. - screen: This tool allows you to let something run in the background even if you close your session.
screen -s <name> screen -r <name>
-s option to start a new screen with the following name.
-r option to resume a running screen with this name.
You can forget the name if you want, an ID will be generated, use screen -r to find it and screen -r <ID> to resume it.
With only one screen running, screen -r will resume it directly.
Warrior commands
- awk: awk is almost a programming language in itself. It allows you to search string and transform them to display it differently.
So it’ll be difficult to summarize all the possibilities in a few lines, but I’ll try to give you some examples to understand it.
The basic syntax of awk is this one:awk -F":" '{print $1}' /etc/passwd
/etc/passwd is the file to parse. The field separator is “:” so we use it in the -F option.
Then in the program string, we ask to display only the first column.
So this command will display only a list of usernames.
This is the simple way to use it if you want to know more, I recommend reading a dedicated tutorial like this one. - sed: sed allows you to do similar things to awk. This command will transform text to what you want.
As for awk, it’s a complex command to master, and I’ll only introduce it here.
The basic syntax looks like this:sed <option> <script> <file>
So it’s very close to awk on this.
Let’s see an example:sed '/^#/d' /etc/apache2/apache2.conf
In each configuration file, you’ll find a lot of comments to explain what each line is.
This command will display the apache configuration file without comments.
We use a regular expression to delete lines starting with #.
You have to redirect the output to another file to save it.sed '/^#/d' /etc/apache2/apache2.conf > /etc/apache2/apache2-nocomment.conf
Like for awk, this is just a glimpse of what sed can do.
If you want to know more, there is also a good sed tutorial on the same website. - cut: cut is the last way to transform text that I’ll introduce. It’s less powerful but it’s simpler to use, so if cut can do it, you’ll probably prefer to use it rather than awk or sed.
As the name suggests, cut allows you to extract part of a text or file.
The basic syntax is:cut <options> <file>
echo <string> | cut <options>
The first one is for a file, and the second one to cut a string directly.
A basic example now:echo "abcdefghi" | cut -c 2-4
This will display only “bcd”.
-c option is for the character, so basically, it’ll extract character 2 to 4.
Here are other options with a file:cut -d : -f 1 /etc/passwd
This will do the same thing as the first example of the awk command.
/etc/password is a file with “:” use as a delimiter.
-d option is to give the delimiter character (“:”).
-f option is to indicate the column to extract (f stands for the field).
So, this will display only the first column and you’ll get a list of usernames.
- wc: wc stands for Word Count, it allows you to count everything in a file or stream.
There are three main options: -l for lines, -w for words and -m for characters.
There is also the -c option to get the file size.
Wc without option will give you all of this.wc .bash_history
668 1977 17979 .bash_history
The first column is line count, the second is word count, and the last is the file size in bytes.
Here are some examples of options:wc -l .bash_history
ls -latr | wc -l
wc -w myfile.txt - lsof: lsof stands for “List open files”.
This command displays all files open on your Linux system.
This can be useful to know why you can’t edit a file, or which file lock the unmount process.lsof
- watch: If you are waiting for something, in a file or directory, the watch command can help you to monitor what happens. This will execute the same command every two seconds.
watch date
watch ls -latr
watch cat output.txt
You can also change the refresh rate with the -n option.watch -n10 date
This will display the current date every ten seconds. - netstat: Netstat is a powerful tool to monitor what your Linux server is doing with the network. For example, you can see every port open and every traffic flow.
But netstat is a complex tool that i can’t explain in detail in a few lines.
I will only introduce some basic usages to display all listening connections you can use:netstat -l
-p option will add the process id (PID).netstat -lp
-c option allows you to refresh data continuously.netstat -lpc
You can find all options in the man page of netstat. - dmesg: This command is useful to understand your Linux system boot problems.
It will show you every event that happened in the start sequence.
Here you could see errors with drivers or services and understand why something doesn’t work the way you want.dmesg
You will get a column with the time elapsed since the beginning of the boot and a text explaining what happened.
There are also normal messages when everything is fine.
Conclusion
history | awk '{CMD[$2]++;count++;}END { for (a in CMD)print CMD[a] " " CMD[a]/count*100 "% " a;}' | grep -v "./" | column -c3 -s " " -t | sort -nr | nl | head -n10
- How To Format USB Drives The Right Way On Kali Linux
- How To Change DNS Servers On Kali Linux (GUI & Commands)
- Mastering Netcat on Kali Linux: A beginner’s guide
Whenever you’re ready for more security, here are things you should think about:
- Break free from Gmail:
You should be able to choose what happens to your data. With Proton, only you can read your emails.
Get private email.
- Protect yourself online:
Use a high-speed Swiss VPN that safeguards your privacy. Open-source, no activity logs.
Get Proton VPN risk-free.
- Master Linux commands:
A sure method to learn (and remember) Linux commands. Useful ones only, one at a time, with clear explanations.
Download the e-book.