Kali Linux 2025.3 Released (Vagrant & Nexmon) Introducing 10 New Hacking Tools!

Offensive Security (OffSec) has officially released Kali Linux 2025.3! Bringing you another round of updates, new features and 10 new hacking tools – pushing Kali further. This is the third update to this Debian-based distribution for ethical hacking and penetration testing in 2025.

The ever popular and fan favourite Kali Linux is designed specifically for penetration testing and security auditing. Its compatibility with various hardware makes it a versatile tool for cybersecurity professionals to assess and strengthen system security. Renowned for its powerful capabilities, Kali Linux has earned a strong reputation in the cybersecurity field and is the prefered tool for penetration testing.

• Penetration Testing: Identifying vulnerabilities in systems and networks.
• Security Auditing: Assessing the security posture of systems and networks.
• Digital Forensics: Investigating cyber incidents and collecting evidence.
• Reverse Engineering: Analyzing software and hardware.

One of the headline features is Nexmon support—a “patched” firmware for specific wireless chipsets. This enhancement enables both monitor mode and injection mode on the Raspberry Pi’s built-in Wi-Fi, greatly expanding its wireless capabilities.

“In Kali 2025.1, we revamped our Raspberry Pi kernel packaging and introduced a major version upgrade. With this release, Nexmon support returns, now extending to the Raspberry Pi 5 as well. Other devices beyond Raspberry Pi can also leverage Nexmon support,”

Kali Linux 2025.3 introduces ten new tools, including:

• Caido & Caido-cli: A web security auditing toolkit
• Detect It Easy (DiE): A file type identification utility
• Gemini CLI: An open-source AI agent bringing Gemini to the command line
• ligolo-mp: A multiplayer pivoting solution
• vwifi-dkms: A utility for creating “dummy” Wi-Fi networks for connection testing

Additional tools include:

• krbrelayx: For Kerberos relaying and unconstrained delegation attacks
• llm-tools-nmap: Integrates nmap network scanning with LLMs
• mcp-kali-server: Provides MCP configuration to connect AI agents with Kali
• patchleaks: Detects security patches and provides quick analysis for validation or exploitation

• A new Xfce panel plugin lets users quickly view and copy their VPN connection’s IP address.
• Kali NetHunter gains enhanced wireless injection and improved CARsenal features.
• Support for the ARMel architecture (Acorn RISC Machine, Little-Endian) has been dropped.

The summary of the changelog since the 2025.2 release from June is as follows:

• Packer & Vagrant – HashiCorp’s products have had a refresh
• Nexmon Support – Monitor mode and injection for Raspberry Pi’s in-built Wi-Fi
• 10 New Tools – As always, various new packages added (as well as updates)

Kali has been using two HashiCorp products, which go hand-in-hand with each other:

• Packer – Creating VMs for multiple platforms from a single source configuration
• Vagrant – Building and managing VM environments

Until now, they have been using the Packer build-script to generate their Vagrant VMs. This has been working well but they wanted to streamline the platform building process more, which prompted them to revisit how they generate Vagrant VMs. Whilst it is possible to automate Packer, it was not ideal for their infrastructure setup and workflow (e.g. trying to build Hyper-V images on Linux).

This caused OffSec to refresh a few items:

• Kali pre-seed examples – Packer uses pre-seed to automate the Kali installer – they made sure they are all consistent.
• Kali Packer build-scripts – they were using v1 of the standards. Now upgraded to v2.
• Kali VM build-scripts – Vagrant images are VMs which a few tweaks done to them. They added these modification to their existing VM build-scripts.

For more information read their log post -> Kali Vagrant Rebuilt: Out With Packer, In With DebOS

Nexmon is a “patched” firmware, for certain wireless chips, to extend their functionally to allow:

• Monitor mode – able to sniff packets
• Injection mode – frame injection allows for custom raw packets to be sent, outside of the “standard” stack ordering

Both are really useful when it comes to information security! For the record, it is possible to-do both of the features above without Nexmon, as it depends on the device’s chipset and drivers.

Now, Nexmon supported wireless chips are Broadcom & Cypress, which are in a various devices, including the Raspberry Pi’s in-built Wi-Fi! In Kali 2025.1, OffSec changed how they package their Raspberry Pi kernel, as well as bump to a new major version. Now Nexmon support is back as well as supporting Raspberry Pi 5! Other devices can also use Nexmon, its not limited to Raspberry Pis.

To find out more, please see OffSec’s previous blog post -> The Raspberry Pi’s Wi-Fi Glow-Up

OffSec are now dropping support for ARMel (Acorn RISC Machine, Little-Endian). They are following Debian’s footsteps in this decision: Debian “trixie” 13 is the last release with ARMel support, and Debian testing (which Kali is based on) doesn’t provide ARMel packages anymore.

Luckily, the amount of devices which use this architecture is very limited:

• Raspberry Pi 1 (Original)
• Raspberry Pi Zero W
• ODROID-W, which already is End-Of-Life.

OffSec notes that they cannot justify the amount of resources, both human power as well as hardware, required to support such a limited amount of legacy hardware. They would much rather put the time into RISC-V…

In Kali 2024.1, OffSec introduced a new Xfce panel plugin that allows users to quickly check and copy the current IP address of their VPN connection. Until now, it was only possible to view the IP of the first VPN, but if you were using multiple connections or wanted to check a different interface, there was no way to switch it. To improve the usability of this plugin, they have now added the option to choose which network interface the plugin monitors.

To configure it, right-click the VPN-IP plugin and open the preferences dialog, where you can set the new interface at the end of the “Command” parameter. If you don’t see the VPN-IP plugin, you can find it in the panel preferences by searching for the “Generic Monitor” plugin in the “Items” tab.

It would not be a Kali release if there were not any new tools added! A quick run down of the 10 tools which have been added to the network repositories:

• Caido – The client side of caido (the graphical/desktop aka the main interface) – a web security auditing toolkit
• Caido-cli – The server section of caido – a web security auditing toolkit
• Detect It Easy (DiE) – File type identification
• Gemini CLI – An open-source AI agent that brings the power of Gemini directly into your terminal
• krbrelayx – Kerberos relaying and unconstrained delegation abuse toolkit
• ligolo-mp – Multiplayer pivoting solution
• llm-tools-nmap – Enables LLMs to perform network discovery and security scanning tasks using the nmap
• mcp-kali-server – MCP configuration to connect AI agent to Kali
• patchleaks – Spots the security fix and provides detailed description so you can validate – or weaponize – it fast
• vwifi-dkms – Setup “dummy” Wi-Fi networks, establishing connections, and disconnecting from them

There have also been numerous packages updates and new libraries as well.

As a heads up, OffSec are looking at altering the tools which get installed by default in Kali 2025.4, via the kali-linux-default metapackage.

Kali NetHunter team and the community has been busy working away on Kali on mobile devices, with Kali NetHunter, app and terminal!

OffSec are happy to announce that they finally have a new budget friendly device since Nexus 5, which supports internal monitor mode with injection on both 2.4Ghz and 5Ghz. After an awesome collaboration, the Kali NetHunter Samsung Galaxy S10 is born. The Nexmon team patched the broadcom firmware, @V0lk3n ported the Kali NetHunter kernel, and @yesimxev released Hijacker arm64 version to avoid app crashes. The install guide is available here for Nexmon and Kali NetHunter.

Kali NetHunter Car Hacking, CARsenal, continues to expand with a lot of change and new features by @V0lk3n!

You will need to run the setup again, to apply all the new changes and install any new packages.

Even if it’s a “Car Hacking” toolset, we discourage you from trying this on your daily driver. Use it on a controlled environment. Either OffSec or the Kali team will not take responsibility for your actions, especially if you break your car.

• Main – Settings has been moved to menu bar and all service commands can be edited by long pressing oranges buttons. New RFCOMM Connect service.
• Tools – Settings has been moved to menu bar. When configuring your settings, tools buttons will be updated with it, and all tools commands can be edited by long pressing oranges buttons.
• CAN-USB – Settings as been moved to menu bar. When configuring your settings, Run button will be updated with it.
• Caring Caribou – All modules and sub-modules as been added to Caribou, excepted doip which should come in 2025.4 update and DCM which is replaced by UDS. All module spinner have been merged into modules and submodules spinner. Settings parameters is now displayed depending of the module/submodule chosen.
• ICSim rewrite – ICSim is renamed to Simulator, and UDSim has been added to it – enjoy more simulation for learning and testing purpose! Also a new feature to hide/display the controls view and to make ICSim/UDSim a float-able window has been added! Keep the simulator in front of your eyes while running tools from CARsenal or NetHunter Terminal!
• New MSF tab – A new MSF tab has been added, providing automotive modules for Metasploit-Framework. Setup a hardware bridge, connect to it and run post modules!
• About dialog – About dialog page and it’s credit has been updated.

• UI – User Interface has been updated
• Bug Fix – A lot of bug fix and no more outdated libraries used!
• CARsenal Refactoring – Refactoring process of CAN Arsenal to CARsenal is now complete.
• Documentation – Complete rewrite of CARsenal documentation for 2025.3 content (no change for the kernel documentation part).
• New Kernel Supporting CAN – OnePlus6 for LineageOS 22.2 (Android 15). Note that it was made for OnePlus6 and not it’s 6T variant. This will be updated soon as well to support it.

Expect to see for 2025.4 more UI update, better MSF screen terminal, Simulator update and more! We are also planning to make series of videos demonstrating CARsenal.

Kernel modules install with Magisk is now supported and are included in the released install images. It is still in experimental state. Credits to @yesimxev and @cyberknight777.

Thanks largely to @kimocode who made a lot of code updates improving UI, stability and more! Bellow is a list of changes:

• Boot animation is now fixed
• Improved/Added API 21 to API 34+
• Made busybox_nh available in Android (SU) shell
• Made the bootkali” and “killkali” scripts available in Android (SU) shell
• Removed the non-working ‘Deauth’ tab (fragment)
• Replaced many deprecated libraries
• Replaced the deprecated ‘AsyncTask’ with ‘Executer’ which improves threading and background tasks making the application for stable and improve performance
• Updated all libraries in use to latest
• Updated BusyBox binaries
• Updated Gradle / JAVA
• Updated the “Audio” fragment
• Updated the “GPS” fragment
• Updated the kernel “Modules” fragment
• Updated vulnerable database list (WPS)
• WP3: Fix templates not showing in the Spinner

Let’s combine a Kali NetHunter phone, RTL-SDR, and a car radio. The result? Airspace visualizer in your car, bringing the wardriving vibes, especially with the radar design.

Finally, Bad Bluetooth Attack on his smartwatch, to take over a Samsung tablet.

Other than Nexmon, which we have already covered, Kali ARM has also had a few other improvements:

• OffSec have fixed an issue with the Kernels not always getting updated.
• For their Raspberry Pi images, they are now recommending to use the 64-bit (arm64) image rather than 32-bit (armhf).
• The Raspberry Pi 64-bit (arm64) image will also do Raspberry Pi 5! There is no longer a dedicated image just for this device.
• The Raspberry Pi 2 doesn’t support 64-bit (arm64), so if you are still rocking it, grab the 32-bit (armhf).

OffSec’s Kali documentation has had various updates to existing pages as well as new pages:

You can download Kali HERE

Existing Installs: If you already have an existing Kali Linux installation, remember you can always do a quick update