Kali Linux 2026.1 is the best kind of release: real tools, clear docs, and a nostalgia trip that actually works.
The first Kali drop of 2026 landed on March 24 with 8 new security tools, a kernel bump to 6.18, and a BackTrack mode that will make every pentester over 30 feel something. I read the full release notes so you don't have to, and honestly? This one respects your time.
The 8 new tools, ranked by how much you should care
Not all tools are created equal. Here's what actually shipped in the network repositories:
The headliners:
AdaptixC2 is an extensible post-exploitation and adversarial emulation framework written in Go. The server runs on Golang, the client uses Qt6, and it clocks in at 127MB installed. For red teams running authorized engagements, this is a legitimate alternative to existing C2 frameworks. One sudo apt install adaptixc2 and you're running. Time-to-hello-world: under two minutes if you already have Kali.
MetasploitMCP is the one that made me sit up. It's a Model Context Protocol server for Metasploit Framework, meaning you can pipe Metasploit into LLM-powered workflows via HTTP or stdio transport. Kali has been publishing blog posts about LLM integration all quarter, and this tool makes it official infrastructure. Install size is tiny (103KB), dependencies are Python packages you probably already have. This is where offensive security meets agentic AI, and the Kali team is planting their flag early.
Atomic-Operator lets you execute Atomic Red Team tests across multiple operating systems. If your purple team workflow involves validating detection coverage against the MITRE ATT&CK framework, this saves you from stitching together shell scripts.
The solid additions:
SSTImap handles automatic Server-Side Template Injection detection with an interactive interface. SSTI bugs are everywhere in modern web apps and finding them manually is tedious. This automates the boring part.
XSStrike is an advanced XSS scanner that's been popular on GitHub for years. Its inclusion in the official repos means one less git clone in your setup scripts.
WPProbe does fast WordPress plugin enumeration. WordPress powers a huge chunk of the web, and plugin vulnerabilities are still the number one attack surface. Having a dedicated, fast enumerator in the default repos is practical.
