WSL 2 + Kali Linux: Simple Setup for Web Pentesting (Nmap, Nuclei, DirBuster)

Many people want to learn web pentesting but don't want the hassle of dual-booting Linux or dealing with heavy VMs. On Windows 11, WSL 2 +…

abdullah

~2 min read · February 16, 2026 (Updated: February 16, 2026) · Free: Yes

Many people want to learn web pentesting but don't want the hassle of dual-booting Linux or dealing with heavy VMs. On Windows 11, WSL 2 + Kali Linux is a practical solution: lightweight, fast, and perfectly sufficient for daily web pentesting (scanning, enumeration, and basic exploitation).

This guide walks you through the complete setup:

Verify WSL 2 is ready
Install Kali Linux (or other distro) on WSL
Install Nmap, Nuclei, and DirBuster
Workflow tips for smooth web pentesting

All commands are copy-paste ready for your terminal.

1. Verify WSL 2 is Active

Before installing, check if your system is ready. Open PowerShell and run:

wsl --status

If you see Default Version: 2, your machine is ready. If you're not at this stage yet, ensure:

Windows Subsystem for Linux and Virtual Machine Platform features are enabled via "Turn Windows features on or off".
Virtualization is enabled in BIOS (Intel VT-x / AMD-V).

2. Install Kali Linux on WSL

Open PowerShell (regular mode is fine), then follow these steps:

List available distros:

wsl --list --online

Install Kali Linux:

wsl --install -d kali-linux

Wait for completion, then launch Kali via the Start Menu or by running:

wsl -d kali-linux

Note: On the first run, you will be asked to create a Linux username (lowercase, no spaces) and password.

3. Initial Kali Setup: Update System

Once inside the Kali shell, always update the package list first to prevent errors:

sudo apt update && sudo apt upgrade -y

Nmap is essential for port scanning and service detection.

Installation:

sudo apt install -y nmap

Quick web target scan example:

nmap -sC -sV target.com

5. Install Nuclei

Nuclei is a template-based vulnerability scanner perfect for web pentesting and bug bounties.

Method 1: Via Apt (Easiest)

sudo apt update && sudo apt install -y nuclei

Method 2: Update Templates & Run After installing, always update the templates:

nuclei -update-templates

Basic scan:

echo https://target.com | nuclei -t cves/ -o result.txt

6. Install DirBuster

DirBuster brute-forces hidden directories and files on web servers.

Installation:

sudo apt update && sudo apt install -y dirbuster

Wordlists Location: Kali includes DirBuster wordlists by default here:

ls -lh /usr/share/dirbuster/wordlists/

Modern CLI Alternative (Recommended for WSL): If you prefer a faster, terminal-based tool (instead of the DirBuster GUI), install ffuf:

sudo apt install -y ffuf
ffuf -u https://target.com/FUZZ -w /usr/share/wordlists/dirb/common.txt

7. Web Pentest Workflow Tips for WSL

To make your experience smoother, remember these integration tips:

Access Windows Files from Kali

Your Windows C: drive is automatically mounted at /mnt/c/.

Windows Path: C:\pentest\project1
Kali Path: /mnt/c/pentest/project1

Save Scan Results to Windows

You can output your results directly to your Windows folders for easy reporting:

nmap -sC -sV target.com -oN /mnt/c/pentest/project1/nmap.txt
nuclei -l urls.txt -o /mnt/c/pentest/project1/nuclei.txt

8. Troubleshooting

apt install fails: Always run sudo apt update first.
Permission errors: Remember to use sudo for installations.

Conclusion

This setup gives you a production-ready web pentesting environment that's always available with one command: wsl -d kali-linux. It's the perfect balance between Windows usability and Linux power.

#wsl-2 #pentesting