Kali Linux 2017.3 Release
We are pleased to announce the immediate availability of Kali Linux 2017.3, which includes all patches, fixes, updates, and improvements since our last release. In this release, the kernel has been updated to 4.13.10 and it includes some notable improvements:
- CIFS now uses SMB 3.0 by default
- EXT4 directories can now contain 2 billion entries instead of the old 10 million limit
- TLS support is now built into the kernel itself
In addition to the new kernel and all of the updates and fixes we pull from Debian, we have also updated our packages for Reaver, PixieWPS, Burp Suite, Cuckoo, The Social Engineering Toolkit, and more. Take a look at the Kali Changelog to see what else has been updated in this release, or read on to see what else is new.
New Tool Additions
Since our last release in September, we’ve added four new tools to the distribution, most of which focus on the always-lucrative open source information gathering. These new tools are not included in the default installation but after an ‘apt update’, you can check out and install the ones that interest you. We, of course, think they’re all interesting and hope you do as well.
InSpy is a small but useful utility that performs enumeration on LinkedIn and can find people based on job title, company, or email address.
root@kali:~# inspy –empspy /usr/share/inspy/wordlists/title-list-large.txt google
2017-11-14 14:04:47 53 Employees identified
2017-11-14 14:04:47 Birkan Cara Product Manager at Google
2017-11-14 14:04:47 Fuller Galipeau Google
2017-11-14 14:04:47 Catalina Alicia Esrat Account Executive at Google
2017-11-14 14:04:47 Coplan Pustell Recruiter at Google
2017-11-14 14:04:47 Kristin Suzanne Lead Recruiter at Google
2017-11-14 14:04:47 Baquero Jahan Executive Director at Google
2017-11-14 14:04:47 Jacquelline Bryan VP, Google and President of Google.org
2017-11-14 14:04:47 Icacan M. de Lange Executive Assistant at Google
The oft-requested CherryTree has now been added to Kali for all of your note-taking needs. CherryTree is very easy to use and will be familiar to you if you’ve used any of the “big-name” note organization applications.
Sublist3r is a great application that enables you to enumerate subdomains across multiple sources at once. It has integrated the venerable SubBrute, allowing you to also brute force subdomains using a wordlist.
root@kali:~# sublist3r -d google.com -p 80 -e Bing
____ _ _ _ _ _____
/ ___| _ _| |__ | (_)___| |_|___ / _ __
\___ \| | | | ‘_ \| | / __| __| |_ \| ‘__|
___) | |_| | |_) | | \__ \ |_ ___) | |
# Coded By Ahmed Aboul-Ela – @aboul3la[-] Enumerating subdomains now for google.com
[-] Searching now in Bing..
[-] Total Unique Subdomains Found: 46
[-] Start port scan now for the following ports: 80
ads.google.com – Found open ports: 80
adwords.google.com – Found open ports: 80
analytics.google.com – Found open ports: 80
accounts.google.com – Found open ports: 80
aboutme.google.com – Found open ports: 80
adssettings.google.com – Found open ports: 80
console.cloud.google.com – Found open ports: 80
Another excellent OSINT tool that has been added to the repos is OSRFramework, a collection of scripts that can enumerate users, domains, and more across over 200 separate services.
root@kali:~# searchfy.py -q “dookie2000ca”
___ ____ ____ _____ _
/ _ \/ ___|| _ \| ___| __ __ _ _ __ ___ _____ _____ _ __| | __
| | | \___ \| |_) | |_ | ‘__/ _` | ‘_ ` _ \ / _ \ \ /\ / / _ \| ‘__| |/ /
| |_| |___) | _ <| _|| | | (_| | | | | | | __/\ V V / (_) | | | <
\___/|____/|_| \_\_| |_| \__,_|_| |_| |_|\___| \_/\_/ \___/|_| |_|\_
Version: OSRFramework 0.17.2
Created by: Felix Brezo and Yaiza Rubio, (i3visio)
searchfy.py Copyright (C) F. Brezo and Y. Rubio (i3visio) 2014-2017
This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. For additional info,
2017-11-14 14:54:52.535108 Starting search in different platform(s)… Relax!
Press <Ctrl + C> to stop…
2017-11-14 14:55:04.310148 A summary of the results obtained are listed in the following table:
Sheet Name: Profiles recovered (2017-11-14_14h55m).
| i3visio_uri | i3visio_alias | i3visio_platform |
| http://github.com/dookie2000ca | dookie2000ca | Github |
| http://twitter.com/dookie2000ca | dookie2000ca | Twitter |
2017-11-14 14:55:04.327954 You can find all the information collected in the following files:
2017-11-14 14:55:04.328012 Finishing execution…
Total time used: 0:00:11.792904
Average seconds/query: 11.792904 seconds
Did something go wrong? Is a platform reporting false positives? Do you need to
integrate a new one and you don’t know how to start? Then, you can always place
an issue in the Github project:
Note that otherwise, we won’t know about it!
Massive Maltego Metamorphosis
One of our favourite applications in Kali has always been Maltego, the incredible open-source information gathering tool from Paterva, and the equally incredible Casefile. These two applications had always been separate entities (get it?) but as of late September, they are now combined into one amalgamated application that still allows you to run Maltego Community Edition and Casefile, but now it also works for those of you with Maltego Classic or Maltego XL licenses. As always, the tools perform wonderfully and look great doing it.
Get the Goods
As usual, we have updated our standard ISO images, VMware and VirtualBox virtual machines, ARM images, and cloud instances, all of which can be found via the Kali Downloads page.
If you find any bugs, please open a ticket on our bug tracker. We keep an eye on social media but there is no substitute for a well-written bug report and many bugs that get reported to us end up getting fixed in Debian, which then benefits all of its derivatives.