قالب وردپرس درنا توس
Home / Tips and Tricks / Getting Started with Parrot Security OS, a Modern Pentesting Distribution «Null Byte :: WonderHowTo

Getting Started with Parrot Security OS, a Modern Pentesting Distribution «Null Byte :: WonderHowTo



Kali Linux is the obvious first choice for an operating system for most new hackers. It comes with a collection of curated tools organized in easy-to-navigate menus and a live boot option that's very entry-friendly. However, Kali is not the only distribution aimed at Pentester, and many exciting alternatives may suit your use case better. We've already covered BlackArch Linux, now it's time to talk about Parrot Security OS.

The Many Variants of Parrot Security OS

Parrot Security OS is a Debian-derived operating system for general use, pentesting and forensics. Originally released in 2013, Parrot has grown rapidly and currently offers many different variants for different use cases.

  • Parrot Home which targets desktop users, removes the Penetration Test packages and presents a nicely configured Debian environment.
  • Parrot Air focuses on wireless penetration testing.
  • Parrot Studio was developed for multimedia creation.
  • Parrot Cloud targets server applications and allows the user to access Parrot Security with all Penetration Testing tools minus the graphical frontend. It was developed for deployment on a VPS and acts as a jump box.
  • Parrot IoT was developed for low-resource devices such as Pine64, OrangePi and Raspberry Pi3.
  • Parrot Security The original Parrot operating system has been developed considering penetration testing, forensics, development and privacy. Parrot OS has some targeted use cases, but these do not affect the main distribution. Parrot Security OS is a solid desktop workstation for general use with numerous security tools that make us happy when we chop off!

Fans of Kali Linux will appreciate that Parrot is derived from Debian. Working with the operating system itself is familiar and there is no need to re-learn package management or distribution specifications.

Parrot security operating system runs in VirtualBox. Picture of SADMIN / Null Byte

Let's look at Parrot Security with the background out of the way. I have installed Parrot Security in a VirtualBox VM. Although Parrot Security works as a live ISO, I generally like to try things that are installed and stable.

Step 1: Download the Parrot Security Operating System

The first step is to purchase a copy of the Parrot Security ISO. You can find it on the Parrot Security Web site along with the hashes for the ISO. Once the download is complete, the hash must be verified. If the hashes do not match, you may have a modified copy or a corrupted ISO that you should not use.

The hashes for the current release of Parrot Security (4.6) are available on Parrot's website. To verify the hash in Windows, open a command prompt and execute certutil .

  certutil -hashfile Parrot-security-4.6_amd64 SHA1 

To verify the hash in macOS, open a terminal and run shasum .

  shasum Parrot-security-4.8_amd64.ova 

To verify the hash under Linux, open a terminal and use sha1sum .

  sha1sum Parrot-security-4.6_amd64 

If your hash matches, you can go to the next step and boot the operating system. If the file name is different or a newer version, make sure that you swap it in the command used above.

Step 2: Creating a Virtual Machine

Before we can start the operating system, we need a machine to try it on. We could write the image to a thumb drive and then boot to a physical machine, but that's much more time-consuming than just creating a VM (virtual machine). Most modern computers are more than capable of running a Linux guest, which makes virtualization incredibly attractive. In addition, your machines are also disposable. If something goes wrong, you can burn and call the VM.

I'm using VirtualBox on Windows, which is free from the VirtualBox website, though these steps should work on all major platforms. You can see the process of using VirtualBox on macOS in our video above. When you start VirtualBox, the VirtualBox Manager is displayed.

An instance of Parrot Security is currently running. To start a new one, click on the "New" button in the upper left corner of the window.

Give the Machine a Name Then select "Linux" from the drop-down menu Type out. In the drop-down list select version "Debian (64-bit)". If you downloaded a 32-bit version, choose Debian (32-bit). For the memory size 2 GB should be sufficient. At most, I would use half or less of my computer's memory.

I have selected Create a Virtual Disk Now since installing Parrot Security. If you want to try it out with a live CD, select . Instead, do not add a virtual disk . When you are satisfied with your selection, click on "Create".

When you add a virtual disk, VirtualBox will prompt you to create the virtual disk. I have selected a dynamically assigned VDI with 30 GB. Select the size you want. A fixed-size hard drive is slightly faster than a dynamically allocated hard drive. However, a dynamically allocated disk uses only the required disk space. I prefer dynamically assigned. Click the "Create" button to continue.

You return to the VirtualBox Manager with your new computer included in the list.

Step 3: Start Parrot Security

Select the computer that you created to test Parrot Security, then in the VirtualBox Manager, click the Start button Parrot Security OS, a modern Pentesting distribution ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>

VirtualBox prompts you to select a boot media for the new computer. Select the location of the Parrot Security operating system image that you want to start, and then click Start to begin. When the computer starts up, GRUB is displayed.

The Parrot Security ISO is very flexible. There are several options for the live launch.

  • "Live Mode" is just a standard live USB startup. Your computer boots from the USB flash drive and you can work with Parrot Security from there. It's an excellent way to get a feel for the system and also provides you with a portable operating system for penetration testing.
  • The "Terminal Mode" is another option for live launch, but without a GUI.
  • In "RAM mode" the operating system is loaded RAM, with which you can remove the USB stick from a host and continue working in Parrot Security until the host is restarted.
  • The default persistence option allows you to preserve changes to the operating system of your USB drive. [19659041] The "Encrypted Persistence" option obviously has an encrypted persistence.
  • Forensics allows booting without the inclusion of disks.
  • The Failsafe options are for convenience. Each kernel sets the kernel parameters to solve several common Linux boot problems. These are in a live image because you can try some fixes for common problems if your computer does not start up without looking up the kernel parameters.
  • The different language options, however, are self-explanatory are great if English is not your native language.

The Parrot Security installer is a modified Debian installer that makes it familiar to most Kali Linux users. The installation is quick and easy. The live ISO features a curses-based installer, a graphical installer, and a speech synthesis-based installer.

I used "Install" to install Parrot Security, but you can get a feel for it by simply running the Live mode.

Step 4: Customizing and navigating the layout

The first time you start, the computer starts you in a MATE desktop environment. If you choose to install, a LightDM login screen appears. After logging in with the default credentials of root and toor you will be prompted to select your keyboard layout.

When you use live mode, a MATE desktop environment is launched directly. Installed and persistent versions of Parrot Security automatically detect when updates are available and prompt you to upgrade the system.

The system is very simple and has a collection of tools that are familiar to Kali Linux users. The menu system is similar to Kali Linux and is easy to navigate. The real difference is that Parrot Security is supposed to be a daily driver and that makes sense. Although you can use Kali Linux as a desktop workstation, it is initially a penetration test distribution. With Kali you have to build the system so that it is a system for everyday use. With Parrot Security your penetration testing tools are there as well as your everyday applications.

These extra features consume about 1 GB more space. My standard potash installation weighs ~ 11 GB. The default installation of Parrot Security is ~ 12 GB.

The default installation of Parrot Security requires about 313 MB of RAM relatively easily. Of course, this only happens with ongoing system-related processes. By comparison, my default installation of Kali Linux uses about 604 MB of RAM, with only system-related processes running. It's a significant difference, but with some modifications, Kali's RAM utilization can be reduced.

Parrot Security comes with some reasonably-supplied nice quality tools that can help with day-to-day tasks. It includes the Libre Office suite, Atom (an excellent Git team-created IDE), edb, and more. You can do many day-to-day tasks without using a terminal; For example, starting and stopping services.

Parrot Security includes some encryption tools such as Zulucrypt, a graphical utility that lets you manage your encrypted volumes. Cryptkeeper is another graphical utility that lets you manage encrypted folders and more. With these utilities, confidentiality is easily accessible, even with minimal experience.

Parrot Security does not stop with simple cryptography – the developers have integrated easy-to-use utilities for anonymizing Internet traffic.

The "Anonymous Mode" tool tries to stop dangerous processes that de-anonymize cache files delete, change iptable rules, change your resolv.conf, disable IPV6. and only allow outgoing traffic through gate. This would be quite a manual effort, but with the script it's just a click away. Parrot Security also includes a similar script for i2p. After activation, you can also check your current IP address and change your exit node.

Step 5: Request Help If Needed

Using Parrot Security is not very complicated, but you may be in a situation where you need help. Since this is a Debian-derived distribution, the support with a little Google search is straightforward. The developers have also provided a Parrot Security Wiki, which is not very well developed. There is an ambassador program where users can directly contact Parrot Security experts in many countries with their questions. However, this program is still in its infancy. There is also a small IRC community on the freenode network in #parrotsec.

Is Parrot OS the best distribution for you?

Parrot Security is an excellent distribution for beginners and professionals. The installation comes with around 550 safety-related tools that provide more than enough to complete a few tasks. Ultimately, however, this distribution is also suitable for developers or privacy-oriented users who do not want to spend a lot of time in a terminal.

Parrot OS runs as a guest on a MacBook Air. Image of SADMIN / Null Byte

Parrot Security OS continues to grow. In the years since its first release, this distribution has become a serious competitor in my book. If anything, there is a lack of documentation, which is great for users who are familiar with Google Googling issues.

Thank you for reading and more articles! You can ask questions here or on Twitter @ 0xBarrow .

Do Not Miss: Getting Started with BlackArch, a Newer Pentesting Distribution

Cover Picture of SADMIN / Null Byte; Screenshots of Barrow / Null Byte




Source link