Parrot Security OS is a specialized Linux distribution designed with a focus on cybersecurity, ethical hacking, digital forensics, and online privacy. This operating system is freely available and based on Debian. The main purpose of Parrot OS is to provide tools for penetration testing, vulnerability analysis, cyber intelligence and forensic tasks. In this article, we reveal the unique features of Parrot OS, from its lightness and intuitive interface to the integration of advanced tools for ethical hacking, digital forensics, and online anonymity.
We detail how Parrot OS can be an ideal choice for cybersecurity professionals, developers, and technology enthusiasts looking for a reliable and secure operating system. In addition, the article highlights the importance of Parrot OS in ensuring data protection and user privacy in today’s digital world where information security is at the forefront. The article also focuses on Parrot OS’s built-in tools to improve cybersecurity performance. This includes looking at automated vulnerability scanners, encryption systems, and network monitoring tools.
The first public release was on April 10, 2013 as a result of Lorenzo Faletra, who continues to lead the development. Originally developed as part of Frozenbox (a community forum by the same Parrot creator), the effort has grown into a community of open source developers, professional security experts, digital rights defenders, and Linux enthusiasts from around the world.
The project is headquartered in Palermo, Italy and managed by Parrot Security CIC, a public company registered in the UK.
Because it was born as a game, and every pirate of the seven seas needs a parrot on his shoulders if he wants to board the galleons with his crew of jailbirds.
The system is designed to be familiar to the security expert and easy to use for the novice, but it doesn’t try to hide its internals like other general-purpose distributions try to do.
Parrot can be used as a daily system. It provides all the applications for everyday tasks, including a special version of the system (Parrot Home Edition) that does not include security tools.
The system has its own program repository, including all packages supported by Debian, as well as many other programs and tools that Debian cannot yet provide. All of them are available directly from the APT package manager.
In addition, Parrot supports Snap, a package distribution system that provides easy access to many other programs that GNU/Linux distributions do not always ship in their software archives.
Flatpak is a one-stop software store similar to Snap. It can be installed from the official Parrot repository.
Parrot also supports Wine, a compatibility layer for running Windows applications in GNU/Linux environments.
While we want everyone to be able to use or at least try the Parrot system, there are some important considerations regarding who we expect to use Parrot and who may have a negative experience with Parrot.
First, although Parrot offers general options, it is fundamentally structured for security and forensics operations. This section describes how Parrot differs from other typical distributions, as well as from other Pentest and Forensics distributions. Next, it will be shown what kind of experience users will have with this system.
Unlike typical distros (like Ubuntu), Parrot doesn’t try to hide any internals. This means that it includes many automated tools that make the system easier to use, but still give you a good idea of what the system has under the hood.
A good example of this is Parrot Update Reminder. It is a simple yet powerful application that prompts users to check for system updates once a week. However, instead of hiding the update process behind a progress bar, it shows the user the complete update process from the aptitude test results. Another important difference is that Parrot disables all network services pre-installed on the system by default.
This is done not only in order to reduce the amount of RAM and improve performance, but also in order to prevent the impact of services on the target network. Each network service must be manually started by the user as needed. The Pentest distribution is known for integrating only security tools, which provides easy superuser access and removes all security barriers that could affect the pentester’s workflow.
Parrot is designed to be a very comfortable environment for security professionals and researchers. It includes many basic programs that are used every day, but are usually not included in distributions for pentesting (less than one gigabyte of additional memory).
This choice was made not only to make Parrot a good system for security testing, but also to make it a great environment for writing reports, building your own tools, and communicating seamlessly with your teammates without the need for additional computers. operating systems or configurations.
Parrot’s goal is to enable any professional pentester to run a complete security test from start to report with just a Parrot ISO and an average laptop.
Parrot Security comes with special security profiles and configurations for AppArmor and other Linux security technologies and draws inspiration from the success of other projects that provide the highest level of security in the GNU/Linux scenario, such as Tails and Whonix for system sandboxing and delivering above-average security .
All that extra security comes at a price: Bad behavior is harder to accept on the Parrot. For example, it is not possible to log in as root with the entire desktop environment, or run mission-critical applications such as browsers, media players, or advanced document readers with unnecessary privileged permissions.
The user can still open root consoles, run security tools with privileged permissions, and use the system without restrictions. The only thing that has changed is that all critical user applications are now protected against very bad behavior and common exploit techniques or even zero days, and the damage caused by advanced exploits is very limited.
Digital forensics experts need an environment that does not compromise their evidence.
Parrot comes with auto-mount features disabled by default to allow forensics to perform a safe investigation. The global automount policy is configured redundantly at all levels of the system stack, from the noautomount kernel option passed by default at boot time to custom file manager settings to disable automount and plug & play features.
Don’t forget that the drives are still recognized by the system and the system will mount them unprotected if the user accidentally opens them.
The behavior without automounting is consistent and stable, but does not protect against accidental mounting. A write blocker is always recommended in any digital forensics scenario.
Experts in digital forensics
Computer science/engineering students
ParrotOS is available for download here. The OS also works on older machines, but it is recommended to familiarize yourself with the system requirements.
Parrot is available in many shapes and sizes to suit all possible equipment and user needs. Depending on your hardware configuration and the volume you have, consider the following options:
As the name suggests, this is a complete edition. Once installed, you have a ready pentesting workstation loaded with a wide variety of tools ready to use. Highly recommended for desktops and laptops with at least 4GB of RAM for smooth multitasking.
This version of Parrot is an easy installation that provides the basic tools you need to get started. It relies on the same repositories as the full edition, allowing you to choose most of the programs you want to install later. Recommended for those familiar with Pentesting distributions, but requires minimal installation.
Cloud images are custom releases of Parrot Security created for embedded devices, cloud environments, virtual machines, and other custom deployments.
This Parrot edition doesn’t include any software you didn’t choose, weighs around 379MB, and is available for any architecture (amd64, i386, arm64). The arm64 version can also be used on MacOS devices with an M1/M2 processor.
Parrot Home Edition and Parrot Security Edition are identical and the only difference between them is the pre-installed software. Parrot OS Home Edition does not include any security tools, while Parrot OS Security Edition comes with all pre-installed hacking and pentesting tools. You can use Home Edition and install only the hack tools you really need, or you can install them all at once with:
sudo apt install parrot-tools-full
Architect Edition does not include any pre-installed software. You can select and configure your ParrotOS version right before installation.
Forget everything you know about pentest circumstances. Carrying a laptop wherever you go to do your work is no longer a must. Now you can have a remote VPS loaded with Parrot OS, ready to run any task from the built-in terminal with care. There is no GUI out of the box in this release, but it is available in the repositories if needed.
Parrot was born and continues to be a fully open source project, meaning that anyone can see the code of each of its components and, if interested, modify it.
That’s why, if you like the world of open source and the Parrot project in particular, you are strongly invited to join. Here you will find a guide on how to proceed and which projects you can help with now.
No matter how technically good you are in a certain area, you will find that you can contribute in different ways depending on the Parrot sub-project. Any motivated and useful contribution is always more than welcome. Either way, someone from the team will be with you to discuss it together.
Currently, all Debian packages and tools developed by the Parrot team are hosted on GitLab and GitHub (as a fallback mirror).
Being part of an open source project means you have the opportunity to:
Meet new people: You will be able to meet many developers like you who are in love with the world of open source projects. Not only will this help you expand your network professionally, but it will also help you develop real and genuine friendships;
Learn and learn new things: The first rule of contributor is “never settle for what you already know”, it doesn’t matter if you are a beginner or a senior developer, if you start contributing to an open source project, you can learn a lot or, otherwise, you will get a chance to teach other people new things (this will significantly increase your confidence, trust us);
Make your work worth it: you will get the opportunity to test some of our packages in advance and, in the best case, your work will be embedded in Parrot Security OS.
Official ParrotOS documentation available at https://parrotsec.org/docs. It is based on the Docusaurus v2 framework and the graphics follow the style of ParrotOS. New features will always be added to make it as complete as possible. If you think you could add some important or interesting documents, feel free to clone this repository and open a merge request.
Parrot is also available for ARM platforms, with some scripts we generate the images available in this repository . In particular, it is recommended to read the iot and architect folders.
Each community is divided into the following sections:
Overall: A nice place to get to know our community for the first time. Don’t hesitate to ask for help or anything else you need, there is always someone to answer your questions or direct you to the right channel.
Support: Technical support room for ParrotOS. Here you can find questions and answers about the OS.
Ask the developers: ParrotOS developers are here to answer questions about the OS and more.
Distribution Development: News and updates on the development progress of the next version of ParrotOS, questions are always welcome.
Hacking: Have fun asking questions about hacking techniques, read user experiences, read content we’ve created, or argue about hacking and security in general.
Programming: Programming discussions are strongly encouraged in this room, and if you need help with assignments, don’t hesitate to ask.
System Administrator: This covers system administration, network, hardware and software.
OffTopic: A free chat room, memes are always welcome!
News: The official channel to get all the latest Parrot news.
We strongly encourage users to participate in discussions not only for support, but also for any security, hacking, programming (and so on) issues, to create an active and diverse community where any discussion or comparison is appreciated and welcomed.
If any user wants to join us (or has already joined) to help build and maintain our healthy and active community, we ask that you follow each community’s rules and meet certain requirements:
Be kind always. It is important to be polite and patient with users. Reserve expressions of frustration or anger for truly exceptional and extreme circumstances.
Respect everyone. The community should be healthy, even when it comes to religion, political beliefs, physical/mental disabilities and the LGBT+ community. Don’t spread hatred towards anyone or anything and guide users towards respect and acceptance.
Be a first-time guide to ParrotOS and GNU/Linux. No one is born an expert in a particular field. Don’t take anything for granted, if a user asks a question that you know very well, share your knowledge, it will be available in the future for those who find themselves in the same situation. You don’t know the answer? Please ask the user to wait for someone more experienced to read the request and respond.
Always be eager to learn new things and be open to new opportunities. Knowledge is always evolving and what you previously knew may change over time, confronting the community as much as possible.
Avoid acting impulsively or based solely on personal dislike. Everyone can have likes and dislikes, but it shouldn’t affect the community. Follow reason and reasoning, not personal emotions. If there is something negative or something that needs more attention about the team, please contact the community manager in the moderation room and explain in detail what is going on.
This is something new for the ParrotOS community, we are proud to introduce periodic challenges and events to make our common place more alive and active. So, in accordance with the above values, we have developed these activities for you:
ParrotOS Tutorial A series of tutorial videos that show you how to use ParrotOS from the very basics to the most advanced tasks. Live every two months on Discord and Youtube channel.
Learn Linux and security with ParrotOS. It’s for both beginners and advanced, we’re going to use HTB Academy every month to teach you and encourage you to practice and improve your knowledge, whether you know Linux and security or not.
The development workflow is based on the following points and always tries to involve the entire development team (and stakeholders) so that everyone is constantly updated:
Developers will write their code, do the first local test to eliminate as many bugs as possible.
Upload the first version (or an updated version via a merge request if the app is being updated) to GitLab. The team leader (or responsible person) will review the code and approve the changes.
An open beta/internal beta campaign will be launched to explore the code and find bugs/vulnerabilities.
If bugs and vulnerabilities are found, repeat the previous two steps until there are no more critical and obvious bugs.
When the code is ready to be packaged, the team leader or someone responsible will accept the final changes.