We are pleased to announce the immediate availability of Kali Linux 2017.3, which includes all patches, fixes, updates, and improvements since our last release. In this release, the kernel has been updated to 4.13.10 and it includes some notable improvements:

In addition to the new kernel and all of the updates and fixes we pull from Debian, we have also updated our packages for Reaver, PixieWPS, Burp Suite, Cuckoo, The Social Engineering Toolkit, and more. Take a look at the Kali Changelog to see what else has been updated in this release, or read on to see what else is new.

New Tool Additions

Since our last release in September, we’ve added four new tools to the distribution, most of which focus on the always-lucrative open source information gathering. These new tools are not included in the default installation but after an ‘apt update’, you can check out and install the ones that interest you. We, of course, think they’re all interesting and hope you do as well.

InSpy

InSpy is a small but useful utility that performs enumeration on LinkedIn and can find people based on job title, company, or email address.

root@kali:~# apt update && apt -y install inspy

root@kali:~# inspy --empspy /usr/share/inspy/wordlists/title-list-large.txt google



InSpy 2.0.3



2017-11-14 14:04:47 53 Employees identified

2017-11-14 14:04:47 Birkan Cara Product Manager at Google

2017-11-14 14:04:47 Fuller Galipeau Google

2017-11-14 14:04:47 Catalina Alicia Esrat Account Executive at Google

2017-11-14 14:04:47 Coplan Pustell Recruiter at Google

2017-11-14 14:04:47 Kristin Suzanne Lead Recruiter at Google

2017-11-14 14:04:47 Baquero Jahan Executive Director at Google

2017-11-14 14:04:47 Jacquelline Bryan VP, Google and President of Google.org

2017-11-14 14:04:47 Icacan M. de Lange Executive Assistant at Google

...

CherryTree

The oft-requested CherryTree has now been added to Kali for all of your note-taking needs. CherryTree is very easy to use and will be familiar to you if you’ve used any of the “big-name” note organization applications.

root@kali:~# apt update && apt -y install cherrytree

Sublist3r

Sublist3r is a great application that enables you to enumerate subdomains across multiple sources at once. It has integrated the venerable SubBrute, allowing you to also brute force subdomains using a wordlist.

root@kali:~# apt update && apt -y install sublist3r

root@kali:~# sublist3r -d google.com -p 80 -e Bing



____ _ _ _ _ _____

/ ___| _ _| |__ | (_)___| |_|___ / _ __

\___ \| | | | '_ \| | / __| __| |_ \| '__|

___) | |_| | |_) | | \__ \ |_ ___) | |

|____/ \__,_|_.__/|_|_|___/\__|____/|_|



# Coded By Ahmed Aboul-Ela - @aboul3la



[-] Enumerating subdomains now for google.com

[-] Searching now in Bing..

[-] Total Unique Subdomains Found: 46

[-] Start port scan now for the following ports: 80

ads.google.com - Found open ports: 80

adwords.google.com - Found open ports: 80

analytics.google.com - Found open ports: 80

accounts.google.com - Found open ports: 80

aboutme.google.com - Found open ports: 80

adssettings.google.com - Found open ports: 80

console.cloud.google.com - Found open ports: 80

...

OSRFramework

Another excellent OSINT tool that has been added to the repos is OSRFramework, a collection of scripts that can enumerate users, domains, and more across over 200 separate services.

root@kali:~# apt update && apt -y install osrframework

root@kali:~# searchfy.py -q "dookie2000ca"



___ ____ ____ _____ _

/ _ \/ ___|| _ \| ___| __ __ _ _ __ ___ _____ _____ _ __| | __

| | | \___ \| |_) | |_ | '__/ _` | '_ ` _ \ / _ \ \ /\ / / _ \| '__| |/ /

| |_| |___) | _ <| _|| | | (_| | | | | | | __/\ V V / (_) | | | <

\___/|____/|_| \_\_| |_| \__,_|_| |_| |_|\___| \_/\_/ \___/|_| |_|\_



Version: OSRFramework 0.17.2

Created by: Felix Brezo and Yaiza Rubio, (i3visio)







searchfy.py Copyright (C) F. Brezo and Y. Rubio (i3visio) 2014-2017



This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you

are welcome to redistribute it under certain conditions. For additional info,

visit https://www.gnu.org/licenses/agpl-3.0.txt



2017-11-14 14:54:52.535108 Starting search in different platform(s)... Relax!



Press <Ctrl + C> to stop...



2017-11-14 14:55:04.310148 A summary of the results obtained are listed in the following table:



Sheet Name: Profiles recovered (2017-11-14_14h55m).

+---------------------------------+---------------+------------------+

| i3visio_uri | i3visio_alias | i3visio_platform |

+=================================+===============+==================+

| http://github.com/dookie2000ca | dookie2000ca | Github |

+---------------------------------+---------------+------------------+

| http://twitter.com/dookie2000ca | dookie2000ca | Twitter |

+---------------------------------+---------------+------------------+



2017-11-14 14:55:04.327954 You can find all the information collected in the following files:

./profiles.csv



2017-11-14 14:55:04.328012 Finishing execution...



Total time used: 0:00:11.792904

Average seconds/query: 11.792904 seconds



Did something go wrong? Is a platform reporting false positives? Do you need to

integrate a new one and you don't know how to start? Then, you can always place

an issue in the Github project:

https://github.com/i3visio/osrframework/issues

Note that otherwise, we won't know about it!

Massive Maltego Metamorphosis

One of our favourite applications in Kali has always been Maltego, the incredible open-source information gathering tool from Paterva, and the equally incredible Casefile. These two applications had always been separate entities (get it?) but as of late September, they are now combined into one amalgamated application that still allows you to run Maltego Community Edition and Casefile, but now it also works for those of you with Maltego Classic or Maltego XL licenses. As always, the tools perform wonderfully and look great doing it.

Get the Goods

As usual, we have updated our standard ISO images, VMware and VirtualBox virtual machines, ARM images, and cloud instances, all of which can be found via the Kali Downloads page.

If you find any bugs, please open a ticket on our bug tracker. We keep an eye on social media but there is no substitute for a well-written bug report and many bugs that get reported to us end up getting fixed in Debian, which then benefits all of its derivatives.