Kali Linux 2025.2 Has Arrived: New Tools and Features for Security Experts

The release of the new distribution designed for cybersecurity professionals and penetration testers, **Kali Linux 2025.2**, has been announced. This project is built upon the Debian package base and is specifically intended for vulnerability assessments, security audits, residual data evaluations, and identifying attack impacts.

All the original developments for this distribution are shared under the GPL license and can be accessed via a public [Git repository](http://git.kali.org/gitweb/). ISO images are [available for download](https://cdimage.kali.org/kali-2025.2/) for this version. The project supports architectures such as x86_64, ARM (including armhf and armel, Raspberry Pi, Banana Pi, ARM Chromebook, and Odroid), and offers desktop environments like Xfce, KDE, and GNOME.

Kali Linux includes a comprehensive set of tools catering to computer security experts, covering various functions from web application testing and wireless penetration to reading data from RFID identification chips.

Included with Kali Linux are a collection of exploits and around 400 specialized security assessment utilities (with 13 new tools and numerous enhancements added in this release), incorporating tools such as Aircrack, Maltego, SAINT, Kismet, Bluebugger, Btcrack, Btscanner, Nmap, and p0f. Additionally, it comes equipped with password-cracking tools (Multihash CUDA Brute Forcer) and WPA key recovery tools (Pyrit) that utilize NVIDIA and AMD GPUs for acceleration.

Kali Linux 2025.2 features the Linux kernel version 6.12 and the GNOME 48 desktop environment. The distribution includes tools such as:

— [azurehound](https://www.kali.org/tools/azurehound/): a data collector in the Microsoft Azure environment for visualization with the BloodHound package.
— [binwalk3](https://www.kali.org/tools/binwalk3/): a toolkit for firmware analysis.
— [bloodhound-ce-python](https://www.kali.org/tools/bloodhound-ce-python/): a Python-based data collector for BloodHound.
— [bopscrk](https://www.kali.org/tools/bopscrk/): a dictionary generator for password cracking.
— [chisel-common-binaries](https://www.kali.org/tools/chisel-common-binaries/): precompiled binaries for Chisel.
— [crlfuzz](https://www.kali.org/tools/crlfuzz/): a utility for checking vulnerabilities related to injecting newline or carriage return characters into HTTP headers and request parameters.
— [donut-shellcode](https://www.kali.org/tools/donut-shellcode/): a tool for generating universal shellcode from in-memory content.
— [gitxray](https://www.kali.org/tools/gitxray/): a repository data collector for GitHub along with its contributors.
— [ldeep](https://www.kali.org/tools/ldeep/): a utility for LDAP content enumeration.
— [ligolo-ng-common-binaries](https://www.kali.org/tools/ligolo-ng-common-binaries/): precompiled binaries for Ligolo-ng.
— [rubeus](https://www.kali.org/tools/rubeus/): a utility for low-level Kerberos operations.
— [sharphound](https://www.kali.org/tools/sharphound/): a data collector for BloodHound CE.
— [tinja](https://www.kali.org/tools/tinja/): a tool for testing web pages for template injection vulnerabilities.

According to [OpenNET](https://www.opennet.ru/opennews/art.shtml?num=63411), the key [changes](https://bugs.kali.org/changelog_page.php) and improvements in Kali Linux 2025.2 include:

— A complete redesign of the application menu, aligning its structure with the MITRE ATT&CK knowledge base.
— A new indicator in the GNOME session displaying the current VPN connection IP address, previously available only in the Xfce session.
— An upgrade of the KDE desktop environment to Plasma version 6.3.
— Transition from the outdated [BloodHound Legacy](https://github.com/SpecterOps/BloodHound-Legacy), which hadn’t been updated since 2023, to [BloodHound Community Edition](https://github.com/SpecterOps/BloodHound), used for mapping relationships in Active Directory or Azure domain controller networks.
— Inclusion of the [Xclip](https://www.kali.org/tools/xclip/) utility across all graphical sessions for quick clipboard access from the terminal.
— Updates to the Android mobile environment known as [NetHunter](http://nethunter.com/), featuring tools for conducting vulnerability assessments in mobile systems. NetHunter enables tests for mobile-specific attacks, such as simulating USB device operations (like BadUSB and HID Keyboard emulating a network USB adapter for MITM attacks, or a USB keyboard for character injection) and creating fake access points (MANA Evil Access Point). It installs as a chroot image within the Android platform, hosting a specially adapted version of Kali Linux.
— New capabilities for conducting Wi-Fi attacks, packet injection, and WPA2 connection parameter capturing, utilizing smartwatches based on bcm43 436b0 chips, such as the TicWatch Pro 3.
— An updated toolset for [CARsenal](https://www.kali.org/docs/nethunter/nethunter-canarsenal/), formerly CAN Arsenal, for attacking vehicle information systems. Kernel variants for smartphones like Xiaomi Redmi 4/4X (A13), Xiaomi Redmi Note 11 (A15), Realme C15 (A10), Samsung Galaxy S10 (A14, A15/exynos9820), and Samsung Galaxy S9 have also been updated.
— Raspberry Pi builds have been unified and transitioned to the Linux kernel 6.12.