Kali Linux is the obvious first choice of an operating system for most new hackers, which comes with a curated collection of tools organized in easy-to-use menus and a live boot option that is very easy to use. But Kali is not the only distribution aimed at pentesters, and many exciting alternatives can better suit your use case. We have already covered BlackArch Linux, now is the time to talk about Parrot Security OS.
Parrot Security OS is a Debian derived operating system for general use, pentesting and forensics. Parrot was originally released in 2013, and has today increased many different flavors aimed at different use cases.
- Parrot Home targeting desktop users, tracking the penetration test packages and presenting a nicely configured Debian environment
- Parrot Air focuses on wireless penetration testing.
- Parrot Studio is designed with multimedia creation in mind.
- Parrot Cloud targets the server's applications, giving the user access to the full suite of penetration testing tools included in Parrot Security, minus the graphic front end.
- Parrot IoT is designed to use a resource equipment such as Pine64, OrangePi and Raspberry Pi 3.
- Parrot Security is designed to deploy on a VPS. The original Parrot OS is designed with penetration testing, forensics, development and integrity in mind. The Parrot OS has quite a few targeted uses, but it does not detract from the main distribution. Parrot Security OS is a solid desktop station with general use with many security tools included to help us hack away!
Fans of Kali Linux will appreciate that Parrot is Debian-derived. Working with the operating system itself feels familiar, and there is no need to learn about package management or distribution specifications.
With the background out of the way, let's take a look at Parrot Security. I installed Parrot Security in a VirtualBox World Cup. Parrot Security works like a live ISO, but I usually want to try things installed and persistent.
Step 1: Get Parrot Security OS
The first step is to take a copy of Parrot Security ISO. You can find it on the Parrot Security page along with the ISO hacker. Once the download is complete, it is important to verify the hash. If the hocks do not match, you may have a modified copy or a damaged ISO, after which you will not use.
The hackers for the current version of Parrot Security (4.6) can be found on the Parrot website. To verify hash in Windows, open a command prompt and run certutil .
certutil -hashfile Parrot-security-4.6_amd64 SHA1
To verify hash in macOS, open a terminal and run shasum
. Sha1sum Parrot-security- 4.6_amd64 If your hash matches it is good to move on to the next step, start the operating system. If the file name is different or a newer version, be sure to replace it in the command you use above.
Sha1sum Parrot-security- 4.6_amd64
If your hash matches it is good to move on to the next step, start the operating system. If the file name is different or a newer version, be sure to replace it in the command you use above.
Step 2: Creating a Virtual Machine
Before we can boot the operating system, we need a machine to try it out. We could write the image to a thumb drive and then start a physical machine, but it is much more time consuming than just creating a VM (virtual machine). Most modern computers are more than capable of running a Linux guest, making virtualization incredibly appealing. Not only that, but your machines are also available. If something goes wrong, you can burn the World Cup and call it one day.
I will be using VirtualBox in Windows, which is free from the VirtualBox website, but these steps will work on all major platforms. You can see the process of using VirtualBox on macOS in our video above. Start VirtualBox, and you'll see VirtualBox Manager.
I currently have an instance of Parrot Security running. To start a new one, click on the "New" button at the top left of the window.
Give the machine a name, then in the drop-down menu Type select "Linux". In the drop-down menu Version select "Debian (64-bit)." If you downloaded a 32-bit version, select "Debian (32-bit)." For memory size, 2 GB should be sufficient. At most I would use half or under my machine RAM.
I chose Create a virtual hard drive now since I installed Parrot Security. If you want to try a live CD, select Do not add a virtual hard drive instead. When you are satisfied with your choices, click on "Create".
If you chose to add a virtual disk, VirtualBox would ask you to create the virtual disk. I chose a 30 GB dynamically assigned VDI. Choose what size you are comfortable using. A fixed-size disk performs a little faster than one that is dynamically assigned; However, a dynamically assigned disk uses only disk space as needed. I prefer dynamically assigned. Click on the "Create" button to continue.
You will be sent to VirtualBox Manager with your new machine available in the list
Step 3: Booting Parrot Security  Select the machine you created to test Parrot Security and then click the "Start" button in VirtualBox Manager.
VirtualBox invites you to choose the startup media for the new machine. Select the location of the Parrot Security OS image you want to start, then click "Start" to begin. When the machine starts, you see GRUB.
Parrot Security ISO is very flexible. There are many options for live boot.
- "Live Mode" is just a regular live USB boot. Your machine starts from the USB stick, and you can work with Parrot Security from there. It is a great way to get a feel for the system and also gives you a portable OS penetration test.
- "Terminal mode" is another option for live boot but without a GUI.
- "RAM Mode" loads the operating system into RAM, which lets you drag the USB stick from a host and continues to work in Parrot Security until the host restarts.
- The default option "Persistence" allows you to keep the operating system changes on your USB device.  The "Encrypted Persistence" option offers encrypted persistence, obviously.
- "Forensics" lets you start without mounting plates.
- The "Failsafe" options are for your convenience. Everyone sets core parameters to handle various common Linux startup issues. This is nice to have a live image because they allow you to try to get some fixes to common problems if the computer does not boot without having to look up the core parameters.
- The different language options are self-explanatory but are good if English is not your native language.
The Parrot Security installer is a modified Debian installer, making it familiar to most Kali Linux users. The installation is quick and easy. Live ISO offers a course-based installer, a graphical installer and a speech synthesis-based installer.
I used "Install" to install Parrot Security, but you can get a feel for it just by running live mode.
Step 4: Customizing and Navigating the Layout
At first startup, the machine starts you in a MATE desktop environment. If you choose to install, you will see a lightdm login screen. After logging in with the default data for root and toor you will be prompted to select the keyboard layout.
If you are using live mode, start directly into an MATE desktop environment. Installed and persistent versions of Parrot Security automatically detect when updates are available and encourage you to update the system.
The system is very simple, with a collection of tools known to Kali Linux users. The menu system is similar to Kali Linux and is easy to navigate. The real difference here is that Parrot Security is supposed to be a daily driver, and this is shining on this. While you can use Kali Linux as a desktop workstation, it is first a penetration test distribution. With Kali you have to build the system against being a daily use system. With Parrot Security, your tools are for penetration testing, and your daily applications are as well.
These additional features take up about 1 GB more disk space. My standard Kali installs in at ~ 11 GB. Standard Parrot Security is installed in ~ 12 GB.
Standard Parrot Security installs approximately 313 MB of RAM, which is relatively easy. Of course this is only with system-related processes that are running. For comparison, my standard installation for Kali Linux uses approximately 604 MB of RAM with only system-related processes running. It's a big difference, but with some changes, Kali can get into RAM usage.
Parrot Security comes with some reasonably good quality of life tools that can help with daily tasks. It includes the Libre Office Atom package (an excellent IDE made by the Git team), computer technology and more. You can complete many daily tasks without using a terminal, such as starting and stopping services.
Parrot Security packs some cryptography tools like Zulucrypt, a graphical tool that helps you manage your encrypted volumes. Cryptkeeper is another graphical tool that lets you manage encrypted folders and more.
Parrot Security does not stop with regular encryption – the developers have included easy-to-use tools for anonymizing Internet traffic.
The "anonymous start" tool will try to kill dangerous processes that can by anonymizing you, clearing cache files, changing iptable rules, changing your resolv.conf, disabling IPV6, and allowing outgoing only traffic through Tor. This would be some effort manually, but with the script it is just a click away. Parrot Security also contains a similar script for i2p. When enabled, there are also options to check your current IP address and change your output node.
Parrot Security is not very complicated to use, but you can find yourself a situation where you need some help. Because this is a Debian-derived distribution, support will be easy to come by with a little Google search. The developers have also provided a Parrot Security Wiki that is not very well developed. There is an ambassador program where users can directly contact Parrot Security experts in many countries with their questions. However, this program is still in its infancy. There is also a small IRC community on the Freenode network in #parrotsec.
Parrot Security is an excellent distribution for both novice and old professionals. The installation comes with approximately 550 safety-oriented tools, which gives the user more than enough to get some work done. At the end of the day, this distribution is also suitable for development or integrity-oriented users who do not want to spend much time in a terminal.
Parrot Security OS is still growing. Over the years since the first edition, this distribution has become a serious contender in my book. If anything, there is little lack of documentation, which is great for users who are comfortable Google problems that arise.
Thank you for reading and keeping up to date with more articles! You can ask questions here or on Twitter @ 0xBarrow .