Kali Linux 2025.3 Released: Ten New Pentesting Tools and Major Virtualization Upgrades

The developers of Kali Linux have unveiled their latest release—2025.3, which broadens the distribution’s capabilities and introduces ten new tools for penetration testing. The update enhances deployment processes in virtualized environments, restores wireless driver support for Raspberry Pi, reworks several plugins, and discontinues support for the obsolete ARMel architecture.

The team has completely rebuilt the virtual image creation pipeline, updating integration with HashiCorp Packer and Vagrant. Scripts now follow the version two standard, ensuring consistency across template generation. Preseed configuration files for automated installation have been unified, while Vagrant scenarios now apply additional settings immediately after launch, sparing users from repetitive tasks when setting up labs.

A significant enhancement is the return of Nexmon support for Broadcom and Cypress chipsets, including Raspberry Pi 5. This patch enables monitor mode and packet injection on devices where such features are absent in standard drivers. At the same time, ARMel support has been dropped, aligning with Debian’s decision to end maintenance following the trixie release. The freed resources are being redirected toward preparing future support for RISC-V.

For Xfce users, the VPN IP panel has been refined, now allowing interface selection for monitoring and providing one-click copying of the exact connection address required.

The repository welcomes ten new tools, including both graphical and console interfaces for Caido (web security auditing), Detect It Easy for file type recognition, Gemini CLI with built-in AI agent integration, and krbrelayx for Kerberos attacks. Also added are ligolo-mp for traffic proxying, llm-tools-nmap for LLM-driven network scans, patchleaks for patch analysis, and vwifi-dkms for creating virtual Wi-Fi networks.

The mobile branch, Kali NetHunter, has received major updates. Device support now includes native monitoring with frame injection in both 2.4 and 5 GHz bands. Porting to the Samsung Galaxy S10 delivered a Broadcom firmware package, a specialized kernel, and a stable ARM64 build of the Hijacker utility.

The automotive module, CARsenal, has undergone package updates and gained new features, which require re-running the installation script for activation.

In sum, Kali Linux 2025.3 brings together a redesigned virtualization infrastructure, refreshed wireless drivers, and a host of new utilities—making the distribution even more versatile and indispensable for security testing professionals.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy