So line 53 of katoolin.py has this hardcoded value:
cmd1 = os.system("apt-key adv --keyserver pool.sks-keyservers.net --recv-keys ED444FF07D8D0BF6")
How can we verify that ED444FF07D8D0BF6 tracks back to the authentic project?
This seems like the better way to add the repo keys:
wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.2_all.deb
apt install ./kali-archive-keyring_2018.1_all.deb
Where https://http.kali.org/kali/pool/main/k/kali-archive-keyring/ is where you go to find the latest keyring .deb.