Complete Roadmap to Learning Kali Linux and Penetration Testing (From Zero to Professional)
Based on a daily 2-hour practice plan + free, practical resources
🔥 Phase 1 — Learn Linux and Basic Concepts
Time: ~1.5 months
Goal: Become comfortable with the terminal, core Linux commands, and filesystem structure.
Tasks:
- Install a beginner-friendly Linux distribution (Ubuntu or Linux Mint) on VirtualBox or VMware.
- Learn and practice essential commands:
-
ls,cd,pwd,mkdir,rmdir,cp,mv,rm,cat,nano,chmod,chown,touch,grep,find,ps,top,ifconfig/ip,ping,netstat - Understand Linux filesystem layout:
-
/(root)
-/home(user directories)
-/etc(configuration files)
-/var(logs)
-/usr(user programs) - Practice file operations and permissions.
Recommended resources:
- Linux Journey
- OverTheWire: Bandit
🔥 Phase 2 — Networking Fundamentals (Essential for Pentesting)
Time: 1 month
Goal: Understand how networks work to know what to inspect during penetration tests.
Key concepts:
- IP and MAC addresses
- Ports and services
- TCP vs UDP
- Subnet masks and gateways
- Basic network tools:
ping,traceroute,netcat
Exercises:
- Check your IP with
ifconfigorip a - Test
pingandtracerouteto remote hosts - Create a simple connection using
netcat
Recommended resource:
- Cisco NetAcad — Introduction to Networking
🔥 Phase 3 — Install Kali and Learn Core Tools
Time: 1 month
Goal: Install Kali Linux and get hands-on with fundamental security tools.
Steps:
- Download official Kali from kali.org
- Install on VirtualBox or VMware
- Make a snapshot after a clean install
- Familiarize yourself with key tools:
- Nmap — port and service scanning
- Wireshark — network packet analysis
- Burp Suite — web security testing
- Metasploit — exploiting and payloads
- Hydra — password attacks
- Nikto — web vulnerability scanning
Exercises:
- Scan a local vulnerable VM (e.g., Metasploitable) with Nmap
- Inspect network traffic with Wireshark
- Intercept and analyze a web request with Burp Suite
🔥 Phase 4 — Learn Scripting
Time: 1.5–2 months
Goal: Write and modify scripts for automation, reconnaissance, and analysis.
Languages & topics:
- Bash scripting: shebangs, variables, loops, conditionals, file operations
- Python: basic syntax, modules like
os,subprocess,requests, andsocketfor building simple tools
Exercises:
- Write a script to parse and filter a log file
- Build a simple port scanner in Python
Recommended resources:
- Bash scripting guides
- Python for Beginners (W3Schools / official docs)
🔥 Phase 5 — Hands-On Penetration Testing Practice
Time: 3–6 months
Goal: Execute full penetration testing workflows in a lab environment.
Workflow:
- Build a home lab on VirtualBox/VMware:
- Kali Linux (attacker)
- Vulnerable targets (Metasploitable, intentionally vulnerable VMs) - Reconnaissance and discovery: - Use Nmap to enumerate open ports and services
- Vulnerability discovery: - Use Nikto, Gobuster or Dirb to find directories and possible weaknesses
- Exploitation: - Use Metasploit and manual exploits where applicable
- Post-exploitation: - Privilege escalation, persistence (within lab)
- Cleanup and reporting: - Clean traces in the lab and write a professional test report
Practice platforms:
- TryHackMe (Beginner → Intermediate)
- Hack The Box (easy → medium)
- VulnHub (downloadable vulnerable VMs)
🎯 Post-Roadmap Goals
After completing these phases, you’ll be ready to pursue certifications and professional roles such as:
- OSCP
- CEH
- PNPT
You’ll also be positioned to work as a freelance penetration tester or within Red Team operations.
⚡ Suggested Daily Routine (2 hours/day)
- 30 minutes: study a tutorial, read an article, or watch a guide
- 90 minutes: practical lab work on VMs or online platforms
🌟 Summary
If you follow this roadmap consistently:
- Expect ~8–12 months to reach a professional level (with focused, practical work).
- Prioritize hands-on practice over passive study.
With steady effort and real-world practice, you can become a skilled penetration tester and enter the cybersecurity job market.