Pentest Linux Kali 2025.4 with New Desktops, Wayland, and Halloween Mode

Kali Linux, developed for pentesting – i.e., vulnerability searching –, has been released by its developers in version 2025.4. They have paid particular attention to the desktop environments. Additionally, there's a Halloween mode as a playful feature and three new tools.

In the version announcement, the Kali developers write that all three primary desktop environments are up-to-date. Gnome is now on board in version 49 and comes with new, fresher themes. They have replaced the Totem video player with the new Showtime app, and the app grid sorts Kali tools into folders for more intuitive access. The keyboard shortcut Ctrl+Alt+T or Win+T directly opens a terminal. Furthermore, Kali Linux 2025.4 brings the KDE Plasma desktop in the current version 6.5. The XFCE desktop now also supports color schemes. Across all desktop environments, Kali Linux now defaults to Wayland – long established for KDE, and now new in Gnome. The pentest distribution has been configured in all desktops so that VM guest extensions from VirtualBox, VMware, and QEMU work with Wayland to allow clipboard sharing and window scaling, for example.

For the past Halloween, the Kali developers held a “Pumpkin Carving Contest” and added a “Halloween Mode” to “kali-undercover.” This transforms the desktop into a nice Halloween theme, with pumpkins, spiders, and ghosts on the screen background. Running kali-undercover --halloween in the terminal applies the theme.

New Tools

The developers list “bpf-linker” as a new tool, a static linker to bundle multiple BPF (Berkeley Packet Filter) objects. “evil-winrm-py” can execute commands on remote Windows machines using WinRM. “hexstrike-ai” is an MCP server that allows AI agents to launch tools autonomously. The mobile Kali Linux version “Kali NetHunter” has also been further developed by the programmers. “Snowfall” is included again, and it now runs under Android 16. Samsung's Galaxy S10, S10e, S10 Plus, and S10 5G with LineageOS 23 are supported. Also supported are the OnePlus Nord with Android 16 and the Xiaomi Mi 9 with Android 15. The terminal again runs in Kali NetHunter.

As usual, the updated versions are available for download on the download page of the Kali Linux project. There are installer images or ready-made images for virtual machines. However, the maintainers point out a change regarding the live images. The full image is simply too large at around 14 GBytes, so the version is only available via torrent – the Cloudflare size limit is 5 GBytes, a service the project uses as a CDN. However, there is also a 4.9 GByte (x86_64) and a 3.7 GByte (ARM64 Apple Silicon) image of the point release that can be obtained directly from the Kali servers.

The last Kali Linux point release, 2025.3, was released at the end of September. In it, the developers simplified the handling of virtual machines, for example using Vagrant, and added ten new tools of interest for pentesting.

(dmk)