3 months ago

How to Get started off with Parrot Security OS, a Modern Pentesting Distro « Null Byte :: WonderHowTo

Kali Linux can be the obvious first choice of operating system for most fresh hackers, coming bundled using a curated collection of tools organized into easy-to-navigate menus in addition to a live boot option in which can be very newbie-friendly. nevertheless Kali isn’t the only distribution targeted at pentesters, in addition to there are many exciting alternatives in which may better fit your use-case. In my previous article, I looked at BlackArch Linux. In This kind of article, I’ll talk about Parrot Security OS.

The Many Flavors of Parrot Security OS

Parrot Security OS can be a Debian-derived operating system for general use, pentesting, in addition to forensics. Initially released in 2013, Parrot has grown rapidly in addition to currently offers many different flavors targeted towards different use-cases.

  • Parrot Home, targeted towards desktop users, strips out the penetration testing packages in addition to presents a nicely configured Debian environment.
  • Parrot Air can be focused on wireless penetration testing.
  • Parrot Studio can be designed with multimedia creation in mind.
  • Parrot Cloud targets server applications, giving the user access to the full suite of penetration testing tools included in Parrot Security, nevertheless minus the graphical front end. This kind of Discharge can be designed to be deployed on a VPS in addition to function as a jump box.
  • Parrot IoT can be designed for low-resource devices such as the Pine64, OrangePi, or Raspberry Pi 3.
  • Parrot Security can be the original Parrot OS in addition to can be designed with penetration testing, forensics, development, in addition to privacy in mind. Parrot OS truly has quite a few targeted use-cases, nevertheless in which doesn’t detract through the main distribution. Parrot Security OS can be a solid general use desktop workstation with plenty of security tools included to keep us happily hacking away!

Fans of Kali Linux will definitely appreciate in which Parrot can be Debian derived. Working with the operating system itself will feel familiar, in addition to there can be no need to re-learn package management or distribution specifics.

Parrot Security OS running in VirtualBox.

With the background out of the way, let’s take a look at Parrot Security. I installed Parrot Security in a VirtualBox VM. Parrot Security does work as a live ISO, nevertheless I generally like to try things out installed in addition to persistent.

Step 1: Get Parrot Security OS

The first step can be to grab a copy of the Parrot Security ISO. the item can be found on the Parrot Security site along with the hashes for the ISO. Once the download can be complete, the item’s important to verify the hash. If the hashes do not match, up you may have a modified copy or a corrupted ISO, neither of which should be used.

The hashes for the current type (3.8) are available through Parrot’s site.

To verify the hash in Windows, open a command prompt in addition to execute certutil.

certutil -hashfile Parrot-full-3.8_amd_64 SHA1

To verify the hash in macOS, open a terminal in addition to execute shasum.

shasum Parrot-full-3.8_amd_64.ova

To verify the hash in Linux, open a terminal in addition to use sha1sum.

sha1sum Parrot-full-3.8_amd_64

If your hash matches up, you’re not bad to move on to the next step, booting the OS.

Step 2: Create a Virtual Machine

Before we can boot up the OS, we need a machine to try the item out on. We could write the image to a thumb drive, then boot on a physical machine, nevertheless in which’s much more time-consuming than simply creating a VM (virtual machine). Most modern machines are more than capable of running a Linux guest, doing virtualization incredibly appealing. Not only in which, nevertheless your machines are also disposable. If something goes wrong, you can burn the VM in addition to call the item a day.

I will be using VirtualBox in Windows, which can be free through the VirtualBox website, though these steps should work on all major platforms. Launch VirtualBox in addition to you will be presented with the VirtualBox manager.

I currently have an instance of Parrot Security running. To start a fresh one, click on the “fresh” button inside the top left of the window.

Give the machine a name, then inside the Type drop-down menu, select “Linux.” inside the type drop-down, select “Debian (64-bit).” If you downloaded a 32-bit type, choose “Debian (32-bit).” As far as memory size, 2 GB should be sufficient. At maximum, I would likely use half or under of my machine’s RAM.

I selected Create a virtual hard disk currently since I was installing Parrot Security. If you just want to try the item out using a live CD, select Do not add a virtual hard disk instead. Once you are satisfied with your selections, click on “Create.”

If you opted to add a virtual disk, VirtualBox will prompt you to create the virtual disk. I selected a 30 GB dynamically allocated VDI. Select whatever size you are comfortable with. A fixed-size disk performs a little faster than one in which can be dynamically allocated, however, a dynamically allocated disk only uses HDD space as needed. I prefer dynamically allocated. Click on the “Create” button to continue.

You will be returned to the VirtualBox manager with your fresh machine available inside the list.

Step 3: Boot Up Parrot Security

Select the machine you created to test out Parrot Security, then click the “Start” button inside the VirtualBox Manager.

VirtualBox will prompt you to select boot media for the fresh machine. Select the location of the Parrot Security OS image you wish to boot, then click “Start” to begin. When the machine starts, you will be presented with the GRUB.

More Info: What can be the GRUB Bootloader in Linux?

The Parrot Security ISO can be very flexible. There are quite a few options for live boot.

  • “Live Mode” can be just a standard live USB boot. Your machine will boot through the USB stick, in addition to you can work with Parrot Security through there. This kind of can be a not bad way to get a feel for the system, in addition to also gives you a portable penetration testing OS.
  • “Terminal mode” can be another live boot option, nevertheless without a GUI.
  • “RAM mode” loads the operating system into RAM, which allows you to pull the USB stick through a host in addition to continue to work in Parrot Security until the host can be rebooted.
  • The standard “Persistence” option allows you to retain modifications to the OS on your USB.
  • The “Encrypted Persistence” option offers encrypted persistence, obviously.
  • “Forensics” allows you to boot without mounting disks.
  • The “Failsafe” options are for convenience. Each one sets kernel parameters to deal with various common Linux boot problems. These are truly nice to have in a live image because they allow you to try a few fixes to common issues if your machine doesn’t boot up without having to look up the kernel parameters.
  • The various language options are self-explanatory nevertheless are great if English isn’t your native language.

The Parrot Security installer can be a modified Debian installer, which will make the item familiar to most Kali Linux users. Installation truly can be quick in addition to easy. The live ISO offers a Curses-based installer, a graphical installer, in addition to a speech synthesis-based installer.

I used “Install” to install Parrot Security, nevertheless you can get a feel for the item just by running the live mode.

Step 4: The structure

On first boot, the machine boots you into a MATE desktop environment. If you choose to install, you will be presented using a lightdm login screen. After logging in with the default credentials of root in addition to toor, you will be prompted to select your keyboard structure.

If you are using live mode, you will boot directly into a MATE desktop environment. Installed in addition to persistent versions of Parrot Security will automatically detect when updates are available in addition to prompt you to update the system.

The system can be laid out in a very straightforward manner, using a collection of tools in which will be familiar to Kali Linux users. The menu system can be similar to Kali Linux in addition to can be easy to navigate. The real difference here can be in which Parrot Security can be meant to be used as a daily driver, in addition to the item shines at This kind of. While you can use Kali Linux as a desktop workstation, the item’s truly a penetration-testing distribution first. With Kali, you need to build the system towards being a daily use system. Using Parrot Security, your penetration-testing tools are there, in addition to your day-to-day applications are also included.

These additional features do take up about 1 GB more disk space. My standard Kali install weighs in at ~11 GB. The standard Parrot Security install comes in at ~12 GB.

The default Parrot Security install uses about 313 MB of RAM, which can be fairly light. Of course, This kind of can be with only system-related processes running. By comparison, my default Kali Linux install uses about 604 MB of RAM with only system-related processes running. the item’s a significant difference, though, with some modifications, Kali can be brought down in RAM usage.

Parrot Security comes with some fairly nice quality of life tools in which can truly help with day-to-day tasks. the item includes the Libre Office suite, Atom (an excellent IDE made by the Git team), edb, in addition to more. Many common tasks can be completed without the use of a terminal, such as starting in addition to stopping services.

Parrot Security packs a few cryptography tools such as Zulucrypt, a graphical utility in which will help you manage your encrypted volumes. Cryptkeeper can be another graphical utility in which allows you manage encrypted folders in addition to more. These utilities make confidentiality easily accessible, even with minimal experience.

Parrot Security doesn’t stop with plain cryptography — the developers have included easy to use utilities for anonymization of internet traffic.

The “anonymous mode start” tool will attempt to kill dangerous processes in which can de-anonymize you, clear cache files, modify iptable rules, modify your resolv.conf, disable IPV6, in addition to only allow outbound traffic through Tor. This kind of would likely be quite a bit of effort manually, nevertheless with the script, the item’s just a click away. Parrot Security also includes a similar script for i2p. Once activated, there are also options to check your current IP address in addition to change your exit node.

Step 5: Getting Help

Parrot Security can be not very complicated to use, nevertheless you may find yourself in a situation where you need to get some help. Since This kind of can be a Debian-derived distribution, help will be extremely easy to come by using a little bit of Google searching. The developers have also provided a Parrot Security Wiki which can be not very well-developed. There can be an ambassador program in place where users can directly contact Parrot Security experts in many countries with their questions. However, This kind of program can be still in its infancy. There can be also a little IRC community on the Freenode network in #parrotsec.

can be Parrot OS the Pentesting Distro for You?

Parrot Security can be an excellent distribution for use by beginners in addition to old pros alike. The installation comes with around 550 security-oriented tools, giving the user more than enough to get some work done. At the end of the day though, This kind of distribution can be also not bad for development or privacy-oriented users who don’t want to spend a lot of time in a terminal.

Parrot OS running as a guest on a MacBook Air.

Parrot Security OS can be still growing. inside the four years since the initial Discharge, This kind of distribution has become a serious contender in my book. If anything, the item’s a bit lacking on documentation, which can be fine for users who are comfortable Googling issues should they arise.

Thanks for reading, in addition to stay tuned for more articles! You can ask questions here or on Twitter @0xBarrow.

Don’t Miss: How to Get started off with BlackArch, a More Up-to-Date Pentesting Distro

Cover photo by SADMIN/Null Byte
Screenshots by Barrow/Null Byte

Leave a Comment

Your email address will not be published. Required fields are marked *

1 × two =