Tools on GitHub that have made it into Kali 2017.2

Chandrapal Badshah
Hack with GitHub
Published in
4 min readSep 22, 2017

Kali Linux 2017.2 was released on September 20, 2017. This release is a roll-up of all updates and fixes since our 2017.1 release in April. More than a dozen Open Source tools present on GitHub have been added to this release.

This article showcases the tools that have been added to the latest release along with their descriptions. For more details on the release, have a look at the official release page .

New Tools

The newly added tools are:

apt2

[ https://github.com/MooseDojo/apt2 ]

An Automated Penetration Testing Toolkit.

This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information.

b374k

[ https://github.com/b374k/b374k ]

This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc. All actions take place within a web browser.

BloodHound

[ https://github.com/BloodHoundAD/BloodHound ]

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths.

BruteSpray

[ https://github.com/x90skysn3k/brutespray ]

BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.

changeme

[ https://github.com/ztgrace/changeme ]

A default credential scanner. changeme is designed to be simple to add new credentials without having to write any code or modules.

CrackMapExec

[ https://github.com/byt3bl33d3r/CrackMapExec ]

CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments!
From enumerating logged on users and spidering SMB shares to executing psexec style attacks and auto-injecting Mimikatz into memory using Powershell!

CredDump7

[ https://github.com/moyix/creddump ]

Python tool to extract various credentials and secrets from Windows registry hives. It essentially performs all the functions that bkhive/samdump2, cachedump, and lsadump2 do, but in a platform-independent way.

Crowbar

[ https://github.com/galkan/crowbar ]

Brute-forcing tool that can be used during penetration tests. It is developed to brute force some protocols in a different manner according to other popular brute forcing tools.

hURL

[ https://github.com/fnord0/hURL ]

A useful little hexadecimal and URL encoder/decoder

Hyperion

[ https://github.com/nullsecuritynet/tools/tree/master/binary/hyperion ]

Hyperion is a runtime encrypter for 32-bit portable executables.

InSpy

[ https://github.com/gojhonny/InSpy ]

A python based LinkedIn enumeration tool.

OSRFramework

[ https://github.com/i3visio/osrframework ]

OSRFramework is a GNU AGPLv3+ set of libraries developed by i3visio to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction and many others.

Phishery

[ https://github.com/ryhanson/phishery ]

A simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document.

RedSnarf

[ https://github.com/nccgroup/redsnarf ]

A pen-testing / red-teaming tool for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques.

SSH-Audit

[ https://github.com/arthepsy/ssh-audit ]

A tool for SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

wig

[ https://github.com/jekyc/wig ]

WebApp Information Gatherer is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications.

Updated Tools

On top of all the new packages, this release also includes numerous package updates.

The updated tools are :

Other interesting packages:

Lots of Python packages are also added.

For more details on the changes, have a look at the official change log page .

It’s never too late to write code.
If you wish to create a security tool, do it now.
Who knows, it might be included in a future release of Kali.

Call to Action

If you liked this article, click 👏 👏 👏 and share so that other people will see it here on Medium.

Want to get daily updates on latest security tools developed on GitHub, then follow us on Twitter, Facebook and GitHub.

--

--

Chandrapal Badshah
Hack with GitHub

Security monk ! On the way to attain nirvana in security !