We are pleased to announce the immediate availability of Kali Linux 2017.3, which includes all patches, fixes, updates, and improvements since our last release. In this release, the kernel has been updated to 4.13.10 and it includes some notable improvements:
In addition to the new kernel and all of the updates and fixes we pull from Debian, we have also updated our packages for Reaver, PixieWPS, Burp Suite, Cuckoo, The Social Engineering Toolkit, and more. Take a look at the Kali Changelog to see what else has been updated in this release, or read on to see what else is new.
Since our last release in September, we’ve added four new tools to the distribution, most of which focus on the always-lucrative Open-source information gathering. These new tools are not included in the default installation but after an ‘apt update’, you can check out and install the ones that interest you. We, of course, think they’re all interesting and hope you do as well.
InSpy
InSpy is a small but useful utility that performs enumeration on LinkedIn and can find people based on job title, company, or email address:
root@kali:~# apt update && apt -y install inspy
root@kali:~# inspy --empspy /usr/share/inspy/wordlists/title-list-large.txt google InSpy 2.0.3 2017-11-14 14:04:47 53 Employees identified
2017-11-14 14:04:47 Birkan Cara Product Manager at Google
2017-11-14 14:04:47 Fuller Galipeau Google
2017-11-14 14:04:47 Catalina Alicia Esrat Account Executive at Google
2017-11-14 14:04:47 Coplan Pustell Recruiter at Google
2017-11-14 14:04:47 Kristin Suzanne Lead Recruiter at Google
2017-11-14 14:04:47 Baquero Jahan Executive Director at Google
2017-11-14 14:04:47 Jacquelline Bryan VP, Google and President of Google.org
2017-11-14 14:04:47 Icacan M. de Lange Executive Assistant at Google
...
CherryTree
The oft-requested CherryTree has now been added to Kali for all of your note-taking needs. CherryTree is very easy to use and will be familiar to you if you’ve used any of the “big-name” note organization applications:
root@kali:~# apt update && apt -y install cherrytree
Sublist3r
Sublist3r is a great application that enables you to enumerate subdomains across multiple sources at once. It has integrated the venerable SubBrute, allowing you to also brute force subdomains using a wordlist:
root@kali:~# apt update && apt -y install sublist3r
root@kali:~# sublist3r -d google.com -p 80 -e Bing ____ _ _ _ _ _____ / ___| _ _| |__ | (_)___| |_|___ / _ __ ___ | | | | '_ | | / __| __| |_ | '__| ___) | |_| | |_) | | __ |_ ___) | | |____/ __,_|_.__/|_|_|___/__|____/|_| # Coded By Ahmed Aboul-Ela - @aboul3la [-] Enumerating subdomains now for google.com
[-] Searching now in Bing..
[-] Total Unique Subdomains Found: 46
[-] Start port scan now for the following ports: 80
ads.google.com - Found open ports: 80 adwords.google.com - Found open ports: 80
analytics.google.com - Found open ports: 80
accounts.google.com - Found open ports: 80
aboutme.google.com - Found open ports: 80 adssettings.google.com - Found open ports: 80
console.cloud.google.com - Found open ports: 80
...
OSRFramework
Another excellent OSINT tool that has been added to the repos is OSRFramework, a collection of scripts that can enumerate users, domains, and more across over 200 separate services:
root@kali:~# apt update && apt -y install osrframework
root@kali:~# searchfy.py -q "dookie2000ca" ___ ____ ____ _____ _ / _ / ___|| _ | ___| __ __ _ _ __ ___ _____ _____ _ __| | __
| | | ___ | |_) | |_ | '__/ _` | '_ ` _ / _ / / / _ | '__| |/ /
| |_| |___) | _ <| _|| | | (_| | | | | | | __/ V V / (_) | | | < ___/|____/|_| __| |_| __,_|_| |_| |_|___| _/_/ ___/|_| |_|_ Version: OSRFramework 0.17.2 Created by: Felix Brezo and Yaiza Rubio, (i3visio) searchfy.py Copyright (C) F. Brezo and Y. Rubio (i3visio) 2014-2017 This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. For additional info,
visit https://www.gnu.org/licenses/agpl-3.0.txt 2017-11-14 14:54:52.535108 Starting search in different platform(s)... Relax! Press <Ctrl + C> to stop... 2017-11-14 14:55:04.310148 A summary of the results obtained are listed in the following table: Sheet Name: Profiles recovered (2017-11-14_14h55m).
+---------------------------------+---------------+------------------+
| i3visio_uri | i3visio_alias | i3visio_platform |
+=================================+===============+==================+
| http://github.com/dookie2000ca | dookie2000ca | GitHub |
+---------------------------------+---------------+------------------+
| http://twitter.com/dookie2000ca | dookie2000ca | Twitter |
+---------------------------------+---------------+------------------+ 2017-11-14 14:55:04.327954 You can find all the information collected in the following files: ./profiles.csv 2017-11-14 14:55:04.328012 Finishing execution... Total time used: 0:00:11.792904
Average seconds/query: 11.792904 seconds Did something go wrong? Is a platform reporting false positives? Do you need to
integrate a new one and you don't know how to start? Then, you can always place
an issue in the GitHub project: https://github.com/i3visio/osrframework/issues
Note that otherwise, we won't know about it!
One of our favourite applications in Kali has always been Maltego, the incredible Open-source information gathering tool from Paterva, and the equally incredible Casefile. These two applications had always been separate entities (get it?) but as of late September, they are now combined into one amalgamated application that still allows you to run Maltego Community Edition and Casefile, but now it also works for those of you with Maltego Classic or Maltego XL licenses. As always, the tools perform wonderfully and look great doing it.
Get the Goods
As usual, we have updated our standard ISO images, VMware and VirtualBox virtual machines, ARM images, and cloud instances, all of which can be found via the Kali Downloads page.
If you find any bugs, please open a ticket on our bug tracker. We keep an eye on social media but there is no substitute for a well-written bug report and many bugs that get reported to us end up getting fixed in Debian, which then benefits all of its derivatives.