Kali Linux 2017.3 Release - The Best Penetration Testing Distribution



Kali Linux 2017.3 released, which includes all patches, fixes, updates, and improvements since our last release. In this release, the kernel has been updated to 4.13.10 and it includes some notable improvements:
In addition to the new kernel and all of the updates and fixes we pull from Debian, we have also updated our packages for Reaver, PixieWPS, Burp Suite, Cuckoo, The Social Engineering Toolkit, and more. Take a look at the Kali Changelog to see what else has been updated in this release, or read on to see what else is new.

New Tool Additions

Since our last release in September, we’ve added four new tools to the distribution, most of which focus on the always-lucrative open source information gathering. These new tools are not included in the default installation but after an ‘apt update’, you can check out and install the ones that interest you. We, of course, think they’re all interesting and hope you do as well.

InSpy

InSpy is a small but useful utility that performs enumeration on LinkedIn and can find people based on job title, company, or email address.
root@kali:~# apt update && apt -y install inspy
root@kali:~# inspy --empspy /usr/share/inspy/wordlists/title-list-large.txt google

InSpy 2.0.3

2017-11-14 14:04:47 53 Employees identified
2017-11-14 14:04:47 Birkan Cara Product Manager at Google
2017-11-14 14:04:47 Fuller Galipeau Google
2017-11-14 14:04:47 Catalina Alicia Esrat Account Executive at Google
2017-11-14 14:04:47 Coplan Pustell Recruiter at Google
2017-11-14 14:04:47 Kristin Suzanne Lead Recruiter at Google
2017-11-14 14:04:47 Baquero Jahan Executive Director at Google
2017-11-14 14:04:47 Jacquelline Bryan VP, Google and President of Google.org
2017-11-14 14:04:47 Icacan M. de Lange Executive Assistant at Google
...

CherryTree

The oft-requested CherryTree has now been added to Kali for all of your note-taking needs. CherryTree is very easy to use and will be familiar to you if you’ve used any of the “big-name” note organization applications.
root@kali:~# apt update && apt -y install cherrytree


Sublist3r

Sublist3r is a great application that enables you to enumerate subdomains across multiple sources at once. It has integrated the venerable SubBrute, allowing you to also brute force subdomains using a wordlist.
root@kali:~# apt update && apt -y install sublist3r
root@kali:~# sublist3r -d google.com -p 80 -e Bing

____ _ _ _ _ _____
/ ___| _ _| |__ | (_)___| |_|___ / _ __
\___ \| | | | '_ \| | / __| __| |_ \| '__|
___) | |_| | |_) | | \__ \ |_ ___) | |
|____/ \__,_|_.__/|_|_|___/\__|____/|_|

# Coded By Ahmed Aboul-Ela - @aboul3la

[-] Enumerating subdomains now for google.com
[-] Searching now in Bing..
[-] Total Unique Subdomains Found: 46
[-] Start port scan now for the following ports: 80
ads.google.com - Found open ports: 80
adwords.google.com - Found open ports: 80
analytics.google.com - Found open ports: 80
accounts.google.com - Found open ports: 80
aboutme.google.com - Found open ports: 80
adssettings.google.com - Found open ports: 80
console.cloud.google.com - Found open ports: 80
...

OSRFramework

Another excellent OSINT tool that has been added to the repos is OSRFramework, a collection of scripts that can enumerate users, domains, and more across over 200 separate services.
root@kali:~# apt update && apt -y install osrframework
root@kali:~# searchfy.py -q "dookie2000ca"

___ ____ ____ _____ _
/ _ \/ ___|| _ \| ___| __ __ _ _ __ ___ _____ _____ _ __| | __
| | | \___ \| |_) | |_ | '__/ _` | '_ ` _ \ / _ \ \ /\ / / _ \| '__| |/ /
| |_| |___) | _ <| _|| | | (_| | | | | | | __/\ V V / (_) | | | <
\___/|____/|_| \_\_| |_| \__,_|_| |_| |_|\___| \_/\_/ \___/|_| |_|\_

Version: OSRFramework 0.17.2
Created by: Felix Brezo and Yaiza Rubio, (i3visio)



searchfy.py Copyright (C) F. Brezo and Y. Rubio (i3visio) 2014-2017

This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. For additional info,
visit https://www.gnu.org/licenses/agpl-3.0.txt

2017-11-14 14:54:52.535108 Starting search in different platform(s)... Relax!

Press to stop...

2017-11-14 14:55:04.310148 A summary of the results obtained are listed in the following table:

Sheet Name: Profiles recovered (2017-11-14_14h55m).
+---------------------------------+---------------+------------------+
| i3visio_uri | i3visio_alias | i3visio_platform |
+=================================+===============+==================+
| http://github.com/dookie2000ca | dookie2000ca | Github |
+---------------------------------+---------------+------------------+
| http://twitter.com/dookie2000ca | dookie2000ca | Twitter |
+---------------------------------+---------------+------------------+

2017-11-14 14:55:04.327954 You can find all the information collected in the following files:
./profiles.csv

2017-11-14 14:55:04.328012 Finishing execution...

Total time used: 0:00:11.792904
Average seconds/query: 11.792904 seconds

Did something go wrong? Is a platform reporting false positives? Do you need to
integrate a new one and you don't know how to start? Then, you can always place
an issue in the Github project:
https://github.com/i3visio/osrframework/issues
Note that otherwise, we won't know about it!

Massive Maltego Metamorphosis

One of our favourite applications in Kali has always been Maltego, the incredible open-source information gathering tool from Paterva, and the equally incredible Casefile. These two applications had always been separate entities (get it?) but as of late September, they are now combined into one amalgamated application that still allows you to run Maltego Community Edition and Casefile, but now it also works for those of you with Maltego Classic or Maltego XL licenses. As always, the tools perform wonderfully and look great doing it.





Source: www.kitploit.com
Kali Linux 2017.3 Release - The Best Penetration Testing Distribution Kali Linux 2017.3 Release - The Best Penetration Testing Distribution Reviewed by Anonymous on 12:59 PM Rating: 5