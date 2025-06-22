Kali Linux 2025.2 brings powerful new tools for experienced penetration testers

Offensive Security realigns Kali’s interface with MITRE ATT&CK - finally, structure meets hacking function

New BloodHound tools hint at deeper Azure and Active Directory targeting than ever before

The newest update to Kali Linux, version 2025.2, introduces over a dozen new tools alongside enhancements to user experience and platform support.

Offensive Security, the developers behind the Debian-based distribution, announced its general availability with a clear focus on aligning the system with the MITRE ATT&CK framework.

The restructured Kali Menu is now tailored to make tool discovery more intuitive, but whether this structural change leads to meaningful workflow improvement remains to be seen.

Included in the new release are 13 additional tools, many of which are specialized for advanced offensive operations.

Tools like azurehound for Azure directory data collection and bloodhound-ce-python, a Python ingestor for BloodHound CE, appear to target complex enterprise environments.

Meanwhile, binwalk3 expands firmware analysis capabilities, and bopscrk enables custom wordlist creation based on intelligent algorithms.

Some additions, such as crlfuzz, which is “a fast tool to scan CRLF vulnerability written in Go,” and donut-shellcode, which lets users “generate position-independent shellcode from memory and run it,” suggest the release continues to cater to skilled practitioners.

Kali Linux 2025.2 also adds chisel-common-binaries and ligolo-ng-common-binaries, both of which offer prebuilt binaries aimed at tunneling and pivoting, activities common in red teaming.

In terms of enumeration and lateral movement, tools like ldeep, described as “an in-depth LDAP enumeration utility,” and rubeus, focused on “raw Kerberos interaction and abuses,” contribute further.

While these tools may appeal to ethical hackers, the level of expertise required to operate them effectively can act as a limiting factor for beginners.

Among the most visible quality-of-life improvements is the integration of the new GNOME VPN IP extension, which allows direct viewing of the VPN IP address from the panel.

Though this feature is convenient, it is not spectacular, and it best remains a fringe addition.

This new update also supports GNOME 48 and KDE Plasma 6.3 desktop environments.

Raspberry Pi users now have a new update that combines some Raspberry Pi OS images, eliminating the need for a separate image for the Raspberry Pi 5.

This update also introduces Kali NetHunter CARsenal, a dedicated suite for automotive security analysis.

While it remains one of the best Linux distros for ethical hacking, some users may still prefer Linux alternatives that lean more toward security or integrate more seamlessly with network monitoring tools.

Via 9to5linux