Kali Linux 2026.2 Released — New Penetration Testing Tools and Improved ARM Support

Offensive Security has released Kali Linux 2026.2, the second major update of the year, featuring 18 new penetration testing tools focused on AI security testing, cloud attack simulation, and modern web application vulnerabilities. This release also includes a completely redesigned installer and improved hardware support.

18 New Tools in Kali 2026.2

AI Security Testing

• garak — LLM vulnerability scanner that tests for prompt injection, jailbreaks, and data leakage
• llm-fuzz — Automated fuzzer for LLM APIs to find unexpected behaviors
• promptmap — Maps prompt injection vulnerabilities in AI-powered applications

Cloud Attack Tools

• cloudbrute — Multi-cloud asset discovery and brute forcing for AWS, Azure, GCP
• pacu — AWS exploitation framework (now included by default)
• stratus-red-team — Cloud attack simulation for detection engineering
• enumerate-iam — AWS IAM privilege enumeration without triggering CloudTrail alerts

Web Application Security

• caido — Modern Burp Suite alternative with collaborative features
• katana — Fast web crawler built for offensive security
• interactsh — Out-of-band interaction server (like Burp Collaborator, self-hosted)

Updating to Kali 2026.2

# Full system upgrade
sudo apt update && sudo apt full-upgrade -y
sudo reboot

# Verify version
cat /etc/os-release

# Install all new tools
sudo apt install -y garak llm-fuzz promptmap cloudbrute pacu stratus-red-team caido katana interactsh

# Or install the full default package
sudo apt install -y kali-linux-default

Highlighted Tool: garak — LLM Security Scanner

# Install garak
pip install garak

# Scan a local Ollama model
python -m garak --model ollama --model_type llama4-scout:17b --probes all

# Scan an OpenAI-compatible API
python -m garak --model openai --model_type gpt-4 --probes prompt_injection,jailbreak,data_leak

# Generate a security report
python -m garak --model ollama --model_type llama4-scout:17b --report_prefix my_llm_audit

New Installer and Desktop Improvements

• Completely rewritten installer with better partition management and encryption setup
• LUKS2 full-disk encryption now enabled with one click during installation
• XFCE 4.20.1 with improved multi-monitor support
• New “Kali Purple” theme for defensive security and SOC use cases
• ARM64 image for Raspberry Pi 5 now includes GPU-accelerated hashcat

Kali Purple — Defensive Security Tools

Kali 2026.2 expands the Kali Purple variant, which focuses on defensive security and SOC analyst workflows:

• Malcolm — network traffic analysis platform
• Arkime — full packet capture and analysis
• OpenCTI — Cyber threat intelligence platform
• DFIR-IRIS — Digital forensics incident response platform

# Install Kali Purple tools
sudo apt install kali-tools-purple

# Launch Malcolm
sudo ./scripts/auth_setup
sudo docker-compose up -d

The SudoFlare Takeaway

The inclusion of AI security testing tools like garak signals that LLM vulnerability assessment is becoming a core competency for penetration testers. If you are doing application security assessments in 2026, expect clients to ask about their AI/LLM attack surface. Get familiar with prompt injection, model extraction, and training data poisoning techniques before your clients start asking.