### Setup GVM Services and Feeds Source: https://www.kali.org/tools/gvm The `gvm-setup` script initializes the GVM environment, including starting services, creating certificates and databases, and updating vulnerability feeds. ```bash root@kali:~# gvm-setup -h This script is provided and maintained by Debian and Kali. If you find any issue in this script, please report it directly to Debian or Kali [>] Starting PostgreSQL service [>] Creating GVM's certificate files [>] Creating PostgreSQL database [i] User _gvm already exists in PostgreSQL [i] Database gvmd already exists in PostgreSQL [i] Role DBA already exists in PostgreSQL [*] Applying permissions GRANT ROLE [i] Extension uuid-ossp already exists for gvmd database [i] Extension pgcrypto already exists for gvmd database [i] Extension pg-gvm already exists for gvmd database [>] Migrating database [>] Checking for GVM admin user [*] Configure Feed Import Owner [*] Update GVM feeds Running as root. Switching to user '_gvm' and group '_gvm'. Trying to acquire lock on /var/lib/openvas/feed-update.lock Acquired lock on /var/lib/openvas/feed-update.lock ``` -------------------------------- ### gs-sftp Server and Client Example Source: https://www.kali.org/tools/gsocket Demonstrates the basic setup for a gs-sftp server and client connection using a shared secret. ```bash $ gs-sftp -s MySecret -l # Server $ gs-sftp -s MySecret # Client ``` -------------------------------- ### BloodHound Start Help Command Source: https://www.kali.org/tools/bloodhound Displays help information for the `bloodhound-start` command. This command is used to start BloodHound after setup. It prompts to run `bloodhound-setup` if it hasn't been run. ```bash root@kali:~# bloodhound-start -h ``` -------------------------------- ### Start DefectDojo Service Source: https://www.kali.org/tools/defectdojo Initiates the DefectDojo service, including database setup, user creation, and applying all pending migrations. This command ensures the database is ready and all application components are up-to-date. ```bash root@kali:~# defectdojo-start -h User _defectdojo already exists in PostgreSQL Database defectdojo already exists in PostgreSQL ALTER ROLE Waiting for database to be reachable Making migrations No changes detected in app 'dojo' Migrating Operations to perform: Apply all migrations: admin, auditlog, auth, authtoken, contenttypes, django_celery_results, dojo, sessions, sites, social_django, tagging, watson Running migrations: Applying contenttypes.0001_initial... OK Applying auth.0001_initial... OK Applying admin.0001_initial... OK Applying admin.0002_logentry_remove_auto_add... OK Applying admin.0003_logentry_add_action_flag_choices... OK Applying auditlog.0001_initial... OK Applying auditlog.0002_auto_support_long_primary_keys... OK Applying auditlog.0003_logentry_remote_addr... OK Applying auditlog.0004_logentry_detailed_object_repr... OK Applying auditlog.0005_logentry_additional_data_verbose_name... OK Applying auditlog.0006_object_pk_index... OK Applying auditlog.0007_object_pk_type... OK Applying auditlog.0008_action_index... OK Applying auditlog.0009_alter_logentry_additional_data... OK Applying auditlog.0010_alter_logentry_timestamp... OK Applying auditlog.0011_logentry_serialized_data... OK Applying auditlog.0012_add_logentry_action_access... OK Applying auditlog.0013_alter_logentry_timestamp... OK Applying auditlog.0014_logentry_cid... OK Applying auditlog.0015_alter_logentry_changes... OK Applying auditlog.0016_logentry_remote_port... OK Applying auditlog.0017_add_actor_email... OK Applying contenttypes.0002_remove_content_type_name... OK Applying auth.0002_alter_permission_name_max_length... OK Applying auth.0003_alter_user_email_max_length... OK Applying auth.0004_alter_user_username_opts... OK Applying auth.0005_alter_user_last_login_null... OK Applying auth.0006_require_contenttypes_0002... OK Applying auth.0007_alter_validators_add_error_messages... OK Applying auth.0008_alter_user_username_max_length... OK Applying auth.0009_alter_user_last_name_max_length... OK Applying auth.0010_alter_group_name_max_length... OK Applying auth.0011_update_proxy_permissions... OK Applying auth.0012_alter_user_first_name_max_length... OK Applying authtoken.0001_initial... OK Applying authtoken.0002_auto_20160226_1747... OK Applying authtoken.0003_tokenproxy... OK Applying authtoken.0004_alter_tokenproxy_options... OK Applying django_celery_results.0001_initial... OK Applying django_celery_results.0002_add_task_name_args_kwargs... OK Applying django_celery_results.0003_auto_20181106_1101... OK Applying django_celery_results.0004_auto_20190516_0412... OK Applying django_celery_results.0005_taskresult_worker... OK Applying django_celery_results.0006_taskresult_date_created... OK Applying django_celery_results.0007_remove_taskresult_hidden... OK Applying django_celery_results.0008_chordcounter... OK Applying django_celery_results.0009_groupresult... OK Applying django_celery_results.0010_remove_duplicate_indices... OK Applying django_celery_results.0011_taskresult_periodic_task_name... OK Applying django_celery_results.0012_taskresult_date_started... OK Applying django_celery_results.0013_taskresult_django_cele_periodi_1993cf_idx... OK Applying django_celery_results.0014_alter_taskresult_status... OK Applying dojo.0001_squashed_0090_index_duplicate_finding... ``` -------------------------------- ### Local Verification with Dummy Server Source: https://www.kali.org/tools/sctpscan This example demonstrates a simple end-to-end verification on the local machine by starting a dummy SCTP server and then scanning it. ```bash sctpscan -d & sctpscan -s -l 192.168.1.24 -r 192.168.1 -p 10000 ``` -------------------------------- ### Run BloodHound Setup Script Source: https://www.kali.org/tools/bloodhound Initializes BloodHound services and configurations after installation. This script sets up PostgreSQL and Neo4j. ```bash sudo bloodhound-setup ``` -------------------------------- ### Check GVM Setup Readiness Source: https://www.kali.org/tools/gvm Use `gvm-check-setup` to verify the completeness and readiness of your GVM installation. It identifies missing components or configurations and provides specific FIX instructions. ```bash root@kali:~# gvm-check-setup -h gvm-check-setup 25.04.0 This script is provided and maintained by Debian and Kali. Test completeness and readiness of GVM-25.04.0 Step 1: Checking OpenVAS (Scanner)... OK: OpenVAS Scanner is present in version 23.45.1. OK: Notus Scanner is present in version 22.7.2. ERROR: No CA certificate file for Server found. FIX: Run 'sudo runuser -u _gvm -- gvm-manage-certs -a -f'. ERROR: Your GVM-25.04.0 installation is not yet complete! Please follow the instructions marked with FIX above and run this script again. IMPORTANT NOTE: this script is provided and maintained by Debian and Kali. If you find any issue in this script, please report it directly to Debian or Kali ``` -------------------------------- ### Multixterm Command Line Example Source: https://www.kali.org/tools/expect Starts two xterms using ssh to connect to specified hosts. The %n placeholder is replaced by the host name. ```bash multixterm -xc "ssh %n" bud dexter ``` -------------------------------- ### Responder MultiRelay Setup Source: https://www.kali.org/tools/responder Provides instructions for setting up the MultiRelay module, including necessary package installations and compilation commands for its executables. This is required before using the MultiRelay functionality. ```bash root@kali:~# responder-MultiRelay -h [!]MultiRelay/bin/ folder is empty. You need to run these commands: apt-get install gcc-mingw-w64-x86-64 x86_64-w64-mingw32-gcc ./MultiRelay/bin/Runas.c -o ./MultiRelay/bin/Runas.exe -municode -lwtsapi32 -luserenv x86_64-w64-mingw32-gcc ./MultiRelay/bin/Syssvc.c -o ./MultiRelay/bin/Syssvc.exe -municode Additionally, you can add your custom mimikatz executables (mimikatz.exe and mimikatz_x86.exe) in the MultiRelay/bin/ folder for the mimi32/mimi command. ``` -------------------------------- ### Get DNS Zone Information Source: https://www.kali.org/tools/dnswalk Attempt to get DNS zone information from the target domain. This is a basic usage example. ```bash root@kali:~# dnswalk example.com. Checking example.com. ``` -------------------------------- ### Gophish Start Command Help Source: https://www.kali.org/tools/gophish Displays help information for the 'gophish-start' command, including the Web UI URL and default credentials. ```bash root@kali:~# gophish-start -h ┏━(Message from Kali developers) ┃ ┃ [*] Web UI: https://127.0.0.1:3333 ┃ [i] You might need to refresh your browser once it opens ┃ ┃ Default credentials: ┃ user: admin ┃ password: kali-gophish ┃ ┗━ ``` -------------------------------- ### Veil Installation Prompt Source: https://www.kali.org/tools/veil This snippet shows the initial prompt when running the Veil setup script, asking for confirmation to proceed with the installation on Kali Linux. ```bash root@kali:~# veil -h ========================================================================== Veil (Setup Script) | [Updated]: 2018-05-08 ========================================================================== [Web]: https://www.veil-framework.com/ | [Twitter]: @VeilFramework ========================================================================== os = kali osversion = 2026.2 osmajversion = 2026 arch = x86_64 trueuser = kali userprimarygroup = kali userhomedir = /home/kali rootdir = /usr/share/veil veildir = /var/lib/veil outputdir = /var/lib/veil/output dependenciesdir = /var/lib/veil/setup-dependencies winedir = /var/lib/veil/wine winedrive = /var/lib/veil/wine/drive_c gempath = Z:\/var\/lib\/veil\/wine\/drive_c\/Ruby187\/bin\/gem [I] Kali Linux 2026.2 x86_64 detected... [?] Are you sure you wish to install Veil? Continue with installation? ([y]es/[s]ilent/[N]o): ``` -------------------------------- ### Option K Examples Source: https://www.kali.org/tools/httrack Demonstrates different ways to handle URLs and file names using the 'K' option. ```bash K0 foo.cgi?q=45 -> foo4B54.html?q=45 (relative URI, default) ``` ```bash K -> http://www.foobar.com/folder/foo.cgi?q=45 (--keep-links[=N]) ``` ```bash K3 -> /folder/foo.cgi?q=45 (absolute URI) ``` ```bash K4 -> foo.cgi?q=45 (original URL) ``` ```bash K5 -> http://www.foobar.com/folder/foo4B54.html?q=45 (transparent proxy URL) ``` -------------------------------- ### FastCGI Starter Help Source: https://www.kali.org/tools/apache2 Displays the usage information for fcgistarter, a tool to start a FastCGI program. ```bash root@kali:~# fcgistarter -h ``` -------------------------------- ### Interactive Mode Source: https://www.kali.org/tools/httrack Starts HTTrack in interactive mode for guided usage. ```bash httrack ``` -------------------------------- ### dd_rescue Usage Example Source: https://www.kali.org/tools/ddrescue Starts copying from a specific position in the input file and writes to the destination file starting at position 0. Shows progress and summary information. ```bash root@kali:~# dd_rescue -s 100 /var/log/messages -S 0 /tmp/ddrescue-out dd_rescue: (info): Using softbs=65536, hardbs=4096 dd_rescue: (info) expect to copy 1766kB from /var/log/messages dd_rescue: (info): ipos: 1024.1k, opos: 1024.0k, xferd: 1024.0k errs: 0, errxfer: 0.0k, succxfer: 1024.0k +curr.rate: 1122807kB/s, avg.rate: 1018906kB/s, avg.load: 0.0% >.......................-.................< 57% ETA: 0:00:00 dd_rescue: (info): read /var/log/messages (1767.0k): EOF dd_rescue: (info): Summary for /var/log/messages -> /tmp/ddrescue-out: dd_rescue: (info): ipos: 1767.0k, opos: 1767.0k, xferd: 1767.0k errs: 0, errxfer: 0.0k, succxfer: 1767.0k +curr.rate: 352945kB/s, avg.rate: 568151kB/s, avg.load: 0.0% >.......................-................-< 100% ETA: 0:00:00 ``` -------------------------------- ### dmsetup Concise Create Command Source: https://www.kali.org/tools/lvm2 Shows how to create a logical device using a concise format with dmsetup, specifying device details and table information. ```bash create --concise [] ``` -------------------------------- ### cryptdisks_start Help Source: https://www.kali.org/tools/cryptsetup Displays the usage information for the cryptdisks_start script, which wraps cryptsetup to parse and start encrypted devices based on /etc/crypttab. ```bash root@kali:~# cryptdisks_start -h Usage: /usr/sbin/cryptdisks_start [-r|--readonly] [.. ] reads /etc/crypttab and starts the mapping corresponding to ``` -------------------------------- ### Get DNS Zone Information with Recursive Option Source: https://www.kali.org/tools/dnswalk Attempt to get DNS zone information from the target domain with the recursive option enabled. This is a basic usage example. ```bash root@kali:~# dnswalk -r -d example.com. Checking example.com. ``` -------------------------------- ### DotDotPwn HTTP Scan Example Source: https://www.kali.org/tools/dotdotpwn Scan a host using the HTTP module with the GET method. This example demonstrates basic usage for identifying directory traversal vulnerabilities. ```bash root@kali:~# dotdotpwn.pl -m http -h 192.168.1.1 -M GET ################################################################################# # # # CubilFelino Chatsubo # # Security Research Lab and [(in)Security Dark] Labs # # chr1x.sectester.net chatsubo-labs.blogspot.com # # # # pr0udly present: # # # # ________ __ ________ __ __________ # # \______ \ ____ _/ |_______ \ ____ _/ |_______ \__ _ __ ____ # # | | \ / _ \\ __\| | \ / _ \\ __\| ___/\ \/ \/ // \ # # | ` \( <_> )| | | ` \( <_> )| | | | \ /| | \ # # /_______ / \____/ |__| /_______ / \____/ |__| |____| \/\_/ |___| / # # \/ \/ \/ # # - DotDotPwn v3.0 - # # The Directory Traversal Fuzzer # # http://dotdotpwn.sectester.net # # dotdotpwn@sectester.net # # # # by chr1x & nitr0us # ################################################################################# [+] Report name: Reports/192.168.1.1_05-20-2014_08-41.txt [========== TARGET INFORMATION ==========] [+] Hostname: 192.168.1.1 [+] Protocol: http [+] Port: 80 [=========== TRAVERSAL ENGINE ===========] [+] Creating Traversal patterns (mix of dots and slashes) [+] Multiplying 6 times the traversal patterns (-d switch) [+] Creating the Special Traversal patterns [+] Translating (back)slashes in the filenames [+] Adapting the filenames according to the OS type detected (generic) [+] Including Special sufixes [+] Traversal Engine DONE ! - Total traversal tests created: 19680 [=========== TESTING RESULTS ============] [+] Ready to launch 3.33 traversals per second [+] Press Enter to start the testing (You can stop it pressing Ctrl + C) ``` -------------------------------- ### Basic Connection Example Source: https://www.kali.org/tools/freerdp3 Connects to a remote desktop using a connection file and password, with fullscreen enabled. ```bash sdl-freerdp connection.rdp /p:Pwd123! /f ``` -------------------------------- ### Basic Connection Example Source: https://www.kali.org/tools/freerdp3 Connect to an RDP server using a connection file and fullscreen mode. ```bash sdl-freerdp3 connection.rdp /p:Pwd123! /f ``` -------------------------------- ### MSRPC Fuzzing Example Source: https://www.kali.org/tools/spike Fuzz MSRPC services by providing target, port, GUID, version, function number, and tries. A loop example is provided for continuous fuzzing. Refer to msrpc readme. ```bash root@kali:~# msrpcfuzz -h Argc=2 not 9 Usage: ./msrpcfuzz target port GUID Version VersionMinor(usually 0) function_number number_of_tries max_number_of_random_items Example: ./msrpcfuzz 10.25.25.15 135 e1af8308-5d1f-11c9-91a4-08002b14a0fa 3 0 2 10 3 [OBJECT UUID] use a while [ 1 ]; do ./msrpcfuzz ... ; done loop to make things continue nicely. You're using MSRPCFUZZ written by Dave Aitel in November 2001 This program protected by GPL v 2.0 This program's Version = 1.0 I hope you know what you're doing. :> Set RANDVAL=int if you don't want to use getpid() If you're doing that, set MSRPC_DO=int as well. Read the msrpc readme when you get a chance. ``` -------------------------------- ### dmsetup Info Command Source: https://www.kali.org/tools/lvm2 Illustrates retrieving detailed information about logical devices using dmsetup. ```bash info [...] ``` -------------------------------- ### Basic RecordMyDesktop Usage Source: https://www.kali.org/tools/recordmydesktop This snippet shows the basic command to start recording the desktop. It uses the default output filename 'out.ogv'. ```bash recordmydesktop ``` -------------------------------- ### Gosub Command Example Source: https://www.kali.org/tools/minicom Calls a subroutine starting at 'subroutine_label'. Control returns after a 'return' statement is encountered. ```runscript gosub subroutine_label ``` -------------------------------- ### Cryptsetup Usage Overview Source: https://www.kali.org/tools/cryptsetup Shows the basic usage syntax for the cryptsetup command, including common options and actions. ```bash Usage: cryptsetup [OPTION...] ``` -------------------------------- ### Start Kismet Server with Wireless Interface and GPSD Source: https://www.kali.org/tools/kismet Example of starting the Kismet server using a wireless interface as the capture source and enabling the external GPSD option. Includes important security warnings about running as root. ```bash root@kali:~# kismet_server -c wlan0 --use-gpsd-gps ERROR: Kismet was started as root, NOT launching external control binary. This is NOT the preferred method of starting Kismet as Kismet will continue to run as root the entire time. Please read the README file section about Installation & Security and be sure this is what you want to do. INFO: Reading from config file /etc/kismet/kismet.conf INFO: No 'dronelisten' config line and no command line drone-listen argument given, Kismet drone server will not be enabled. INFO: Created alert tracker... INFO: Creating device tracker... INFO: Registered 80211 PHY as id ``` -------------------------------- ### dmsetup Create Command Source: https://www.kali.org/tools/lvm2 Demonstrates how to create a new logical device using dmsetup, specifying device name, major/minor numbers, UUID, permissions, and table information. ```bash create [-j|--major -m|--minor ] [-U|--uid ] [-G|--gid ] [-M|--mode ] [-u|--uuid ] [--addnodeonresume|--addnodeoncreate] [--readahead {[+]|auto|none}] [-n|--notable|--table {|}] ``` -------------------------------- ### Run BloodHound Application Source: https://www.kali.org/tools/bloodhound Starts the BloodHound application after initial setup and configuration. Default credentials are 'admin' for both username and password. ```bash sudo bloodhound ``` -------------------------------- ### Cryptsetup Help Command Source: https://www.kali.org/tools/cryptsetup Displays the help message for the cryptsetup utility, listing available actions and options. ```bash root@kali:~# cryptsetup --help ``` -------------------------------- ### zerofree Usage Example Source: https://www.kali.org/tools/zerofree Demonstrates the basic usage and help output of the zerofree command. It shows an example of an invalid option and the correct usage syntax. ```bash root@kali:~# zerofree -h zerofree: invalid option -- 'h' usage: zerofree [-n] [-v] [-f fillval] filesystem ``` -------------------------------- ### Rebind Attack Example Source: https://www.kali.org/tools/rebind Demonstrates how to initiate a rebind attack using the rebind tool. Specify the network interface and target domain to start the attack. ```bash root@kali:~# rebind -i eth0 -d kali.local [+] Starting DNS server on port 53 [+] Starting attack Web server on port 80 [+] Starting callback Web server on port 81 [+] Starting proxy server on 192.168.1.202:664 [+] Services started and running! > dns [+] 192.168.1.202 kali.local. [+] 192.168.1.202 www.kali.local. [+] 192.168.1.202 ns1.kali.local. [+] 192.168.1.202 ns2.kali.local. ``` -------------------------------- ### dmsetup Dependencies Command Source: https://www.kali.org/tools/lvm2 Demonstrates listing the dependencies of logical devices using dmsetup, with options for output formatting. ```bash deps [-o ] [...] ``` -------------------------------- ### Display Help for sdl-freerdp3 Source: https://www.kali.org/tools/freerdp3 Run the sdl-freerdp3 command with the --help flag to display all available options and their descriptions. This is useful for understanding the full range of configurations possible. ```bash root@kali:~# sdl-freerdp3 --help ``` -------------------------------- ### Hamster Sidejack Usage Example Source: https://www.kali.org/tools/hamster-sidejack Demonstrates the basic command-line execution of the hamster tool and its initial output, indicating proxy setup and listening port. ```bash root@kali:~# hamster --- HAMPSTER 2.0 side-jacking tool --- Set browser to use proxy http://127.0.0.1:1234 DEBUG: set_ports_option(1234) DEBUG: mg_open_listening_port(1234) Proxy: listening on 127.0.0.1:1234 begining thread ``` -------------------------------- ### Check Dradis Start Command Help Source: https://www.kali.org/tools/dradis Displays help information for the `dradis-start` command. ```bash root@kali:~# dradis-start -h ┏━(Message from Kali developers) ┃ ``` -------------------------------- ### Display xfreerdp3 Help Source: https://www.kali.org/tools/freerdp3 Use the --help flag to display all available command-line options and their descriptions for xfreerdp3. ```bash root@kali:~# xfreerdp3 --help ``` -------------------------------- ### iSMTP Usage Example: User Enumeration Source: https://www.kali.org/tools/ismtp Tests a list of IPs from a file and enumerates usernames from a dictionary file using VRFY. Requires the 'ismtp' tool to be installed. ```bash root@kali:~# ismtp -f smtp-ips.txt -e /usr/share/wordlists/metasploit/unix_users.txt --------------------------------------------------------------------- iSMTP v1.6 - SMTP Server Tester, Alton Johnson (alton.jx@gmail.com) --------------------------------------------------------------------- Testing SMTP server [user enumeration]: 192.168.1.25:25 Emails provided for testing: 109 Performing SMTP VRFY test... [-] 4Dgifts ------------- [ invalid ] [-] EZsetup ------------- [ invalid ] [+] ROOT ---------------- [ success ] [+] adm ----------------- [ success ] ``` -------------------------------- ### Search for PDF files on kali.org Source: https://www.kali.org/tools/goofile This example demonstrates how to search for all PDF files hosted on the kali.org domain using Goofile. Ensure Goofile is installed and accessible in your PATH. ```bash root@kali:~# goofile -d kali.org -f pdf ------------------------------------- |Goofile v1.5 | |Coded by Thomas (G13) Richards | |www.g13net.com | |code.google.com/p/goofile | ------------------------------------- Searching in kali.org for pdf ======================================== Files found: ==================== docs.kali.org/pdf/kali-book-fr.pdf docs.kali.org/pdf/kali-book-es.pdf docs.kali.org/pdf/kali-book-id.pdf docs.kali.org/pdf/kali-book-de.pdf docs.kali.org/pdf/kali-book-it.pdf docs.kali.org/pdf/kali-book-ar.pdf docs.kali.org/pdf/kali-book-ja.pdf docs.kali.org/pdf/kali-book-nl.pdf docs.kali.org/pdf/kali-book-ru.pdf docs.kali.org/pdf/kali-book-en.pdf docs.kali.org/pdf/kali-book-pt-br.pdf docs.kali.org/pdf/kali-book-zh-hans.pdf docs.kali.org/pdf/kali-book-sw.pdf docs.kali.org/pdf/articles/kali-linux-live-usb-install-en.pdf ==================== ``` -------------------------------- ### WebSploit Framework Usage Example Source: https://www.kali.org/tools/websploit Demonstrates how to use the websploit framework to scan for directories on a target web server. It shows module selection, target setting, and running the scan. ```bash root@kali:~# websploit WARNING: No route found for IPv6 destination :: (no default route?) __ __ _ _ _ _ \ \ / / | | | | (_) | \ \ /\ / /__| |__ ___ _ __ | | ___ _| _| \ \/ \/ / _ \ '_ \/ __| '_ \| |/ _ \| | __| \ /\ / __/ |_) \__ \ |_) | | (_) | | |_ \/ \/ \___|_.__/|___/ .__/|_|\___/|_|\__| | | |_| --=[WebSploit FrameWork +---**---==[Version :2.0.5 BETA +---**---==[Codename :We're Not Crying Wolf +---**---==[Available Modules : 19 --=[Update Date : [r2.0.5-000 2.3.2014] wsf > use web/dir_scanner wsf:Dir_Scanner > set TARGET http://192.168.1.202 TARGET => 192.168.1.202 wsf:Dir_Scanner > run [*] Your Target : 192.168.1.202 [*]Loading Path List ... Please Wait ... [index] ... [400 Bad Request] [images] ... [400 Bad Request] [download] ... [400 Bad Request] [2006] ... [400 Bad Request] [news] ... [400 Bad Request] [crack] ... [400 Bad Request] ``` -------------------------------- ### Specify Configuration File and Compression Threads Source: https://www.kali.org/tools/guymager Example demonstrating how to load a custom configuration file and set the number of threads for parallel compression. This can optimize imaging performance on multi-core systems. ```bash guymager cfg=my.cfg CompressionThreads=4 ``` -------------------------------- ### wfuzz Basic Usage Example Source: https://www.kali.org/tools/wfuzz Demonstrates how to use wfuzz with color output, a file-based wordlist, and to hide 404 responses when fuzzing a URL. ```bash root@kali:~# wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/common.txt --hc 404 http://192.168.1.202/FUZZ ******************************************************** * Wfuzz 2.2.11 - The Web Fuzzer * ******************************************************** Target: http://192.168.1.202/FUZZ Payload type: file,/usr/share/wfuzz/wordlist/general/common.txt Total requests: 950 ================================================================== ID Response Lines Word Chars Request ================================================================== 00429: C=200 4 L 25 W 177 Ch " - index" 00466: C=301 9 L 28 W 319 Ch " - javascript" ``` -------------------------------- ### sbd Server Listen Example Source: https://www.kali.org/tools/sbd Starts sbd in listen mode on a specific port, executing bash upon connection and enabling verbose output without name resolution. ```bash root@kali:~# sbd -l -p 4444 -e bash -v -n listening on port 4444 ``` -------------------------------- ### rarun2 Usage and Configuration Example Source: https://www.kali.org/tools/radare2 Shows the basic usage of rarun2 and provides a commented example of various directives for configuring execution environments, including program arguments, environment variables, and system settings. ```bash root@kali:~# rarun2 -h Usage: rarun2 -v|-t|script.rr2 [directive ..] program=/bin/ls arg1=/bin # arg2=hello # arg3="hello\nworld" # arg4=:048490184058104849 # arg5=:!ragg2 -p n50 -d 10:0x8048123 # arg6=@arg.txt # arg7=@300@ABCD # 300 chars filled with ABCD pattern # system=r2 - # daemon=false # aslr=no setenv=FOO=BAR # unsetenv=FOO # clearenv=true # envfile=environ.txt timeout=3 # timeoutsig=SIGTERM # or 15 # connect=localhost:8080 # listen=8080 # pty=false # fork=true # bits=32 # pid=0 # pidfile=/tmp/foo.pid # #sleep=0 # #maxfd=0 # #execve=false # #maxproc=0 # #maxstack=0 # #core=false # #stdio=blah.txt # #stderr=foo.txt # #stderrout=false # stdout=foo.txt # stdin=input.txt # or !program to redirect input from another program # input=input.txt # chdir=/ # chroot=/mnt/chroot # libpath=$PWD:/tmp/lib # r2preload=yes # preload=/lib/libfoo.so # you can load more than one lib by using this directive many times # setuid=2000 # seteuid=2000 # setgid=2001 # setegid=2001 # nice=5 ``` -------------------------------- ### UHD Images Downloader Usage Example Source: https://www.kali.org/tools/uhd Shows the command-line interface and options for the uhd_images_downloader. It details parameters for selecting image types, specifying installation and file locations, listing targets, and controlling download behavior. ```bash usage: uhd_images_downloader [-h] [-t TYPES] [-i INSTALL_LOCATION] [-m MANIFEST_LOCATION] [-I INVENTORY_LOCATION] [-l] [--url-only] [--buffer-size BUFFER_SIZE] [--download-limit DOWNLOAD_LIMIT] [--http-proxy HTTP_PROXY] [-b BASE_URL] [-k] [-T] [-y] [-n] [--refetch] [-V] [-q] [-v] Download image files required for USRPs. Usage: The `uhd_images_downloader` should work, "out of the box", with no command line arguments. Assuming your computer has an internet connection to [files.ettus.com], simply run the utility every time you update UHD, and the installed images for your devices should always be up to date. Images will be downloaded on a per-target basis. That is, there are image packages for a desired device and configuration. Users can specify which image packages they would plan to use. To see a list of available targets, run `uhd_images_downloader --list-targets`. The left column of the printout will be a list of available image archives. From there, you can construct a regular expression which matches to the targets you wish to download. For example, in order to download all image packages related to the X300 product line, users may run `uhd_images_downloader --types x3.*`. The `uhd_images_downloader` uses a manifest to look-up the URLs of image packages to download. Downloaded images are recorded in an inventory file that lives in the images install location. This allows the downloader to skip images that were previously downloaded, and haven't changed since. Manifests are built into the downloader, but can also be accessed at uhd/images/manifest.txt. Inventory files are JSON files called `inventory.json`, by default. It is possible to specify the inventory file in command line arguments, but we don't recommend using this functionality unless you're really sure you need it. options: -h, --help show this help message and exit -t, --types TYPES RegEx to select image sets from the manifest file. (default: None) -i, --install-location INSTALL_LOCATION Set custom install location for images (default: None) -m, --manifest-location MANIFEST_LOCATION Set custom location for the manifest file (default: None) -I, --inventory-location INVENTORY_LOCATION Set custom location for the inventory file (default: None) -l, --list-targets Print targets in the manifest file to stdout, and exit. To get relative paths only, specify an empty base URL (-b ''). (default: False) --url-only With -l, only print the URLs, nothing else. (default: False) --buffer-size BUFFER_SIZE Set download buffer size (default: 8192) --download-limit DOWNLOAD_LIMIT Set threshold for download limits. Any download larger than this will require approval, either interactively, or by providing --yes. (default: 1073741824) --http-proxy HTTP_PROXY Specify HTTP(S) proxy in the format http[s]://user:pass@1.2.3.4:port If this this option is not given, the environment variables HTTP_PROXY/HTTPS_PROXY can also be used to specify a proxy. (default: None) -b, --base-url BASE_URL Set base URL for images download location. Defaults to $UHD_IMAGES_URL if set, or https://files.ettus.com/binaries/cache/ otherwise. (default: None) -k, --keep Keep the downloaded images archives in the image directory (default: False) -T, --test Verify the downloaded archives before extracting them (default: False) -y, --yes Answer all questions with 'yes' (for scripting purposes). (default: False) -n, --dry-run Print selected target without actually downloading them. (default: False) --refetch Ignore the inventory file and download all images. (default: False) -V, --version show program's version number and exit -q, --quiet Decrease verbosity level (default: 0) -v, --verbose Increase verbosity level (default: 0) ``` -------------------------------- ### BloodHound Setup Help Command Source: https://www.kali.org/tools/bloodhound Displays help information for the `bloodhound-setup` command, which is used to initialize BloodHound services and databases. ```bash root@kali:~# bloodhound-setup -h ``` -------------------------------- ### Python Documentation Tool (pydoc) Help Source: https://www.kali.org/tools/what-is-python Displays the help information for the pydoc command, which is used to generate and view Python documentation. It explains how to get documentation for names, search by keyword, and start an HTTP server for browsing. ```bash root@kali:~# pydoc -h pydoc - the Python documentation tool pydoc ... Show text documentation on something. may be the name of a Python keyword, topic, function, module, or package, or a dotted reference to a class or function within a module or module in a package. If contains a '/', it is used as the path to a Python source file to document. If name is 'keywords', 'topics', or 'modules', a listing of these things is displayed. pydoc -k Search for a keyword in the synopsis lines of all available modules. pydoc -n Start an HTTP server with the given hostname (default: localhost). pydoc -p Start an HTTP server on the given port on the local machine. Port number 0 can be used to get an arbitrary unused port. pydoc -b Start an HTTP server on an arbitrary unused port and open a web browser to interactively browse documentation. This option can be used in combination with -n and/or -p. pydoc -w ... Write out the HTML documentation for a module to a file in the current directory. If contains a '/', it is treated as a filename; if it names a directory, documentation is written for all the contents. ``` -------------------------------- ### mssqlpwner Usage Example Source: https://www.kali.org/tools/mssqlpwner A general usage example of the mssqlpwner tool, showing the required target argument and the available modules. This demonstrates the basic structure for invoking the tool. ```bash usage: mssqlpwner [-h] [-port PORT] [-timeout TIMEOUT] [-db DB] [-windows-auth] [-no-state] [-debug] [-hashes LMHASH:NTHASH] [-no-pass] [-k] [-aesKey hex key] [-dc-ip ip address] [-link-name LINK_NAME] [-max-link-depth MAX_LINK_DEPTH] [-max-impersonation-depth MAX_IMPERSONATION_DEPTH] [-chain-id CHAIN_ID] [-auto-yes] target {enumerate,set-chain,rev2self,get-rev2self-queries,get-chain-list,get-link-server-list,get-adsi-provider-list,set-link-server,exec,ntlm-relay,custom-asm,inject-custom-asm,direct-query,retrieve-password,interactive,brute} ... ``` -------------------------------- ### SprayHound Example Usage Source: https://www.kali.org/tools/sprayhound Provides examples of how to run sprayhound with different configurations, including specifying the domain and password, or a user list and domain. ```bash sprayhound -d adsec.local -p Winter2020 ``` ```bash sprayhound -U userlist.txt -d adsec.local ``` -------------------------------- ### Get Network Information with IP and Subnet Mask Source: https://www.kali.org/tools/whatmask This example demonstrates how to use whatmask with an IP address and subnet mask to retrieve detailed network information, including the network address, broadcast address, and usable IP ranges. Ensure no spaces are between the IP and the slash followed by the mask. ```bash myhost> whatmask 192.168.165.23/19 ------------------------------------------------ TCP/IP NETWORK INFORMATION ------------------------------------------------ IP Entered = ..................: 192.168.165.23 CIDR = ........................: /19 Netmask = .....................: 255.255.224.0 Netmask (hex) = ...............: 0xffffe000 Wildcard Bits = ...............: 0.0.31.255 ``` -------------------------------- ### Display integritysetup Help Source: https://www.kali.org/tools/cryptsetup Shows the available options and usage for the integritysetup command. This is useful for understanding the full range of configurations. ```bash root@kali:~# integritysetup --help ``` -------------------------------- ### Install Paros Source: https://www.kali.org/tools/paros Command to install the Paros package on Kali Linux. Ensure you have Java installed as it is a dependency. ```bash sudo apt install paros ```