Penetration testing: it’s a job field centered around breaking things – breaking software and networks, to be more specific. When it comes to accomplishing these sort of tasks, a lot of Linux-based distributions exist.
So, what’s one more? Introducing Parrot Security OS. It’s a security distribution with loads of tools to accomplish your security research. They’ve also packed in some cloud-based goodness. So, how is it? Let’s find out!
Using Parrot Security OS is probably about the same as any other Linux distribution. Like other security distributions it’s based on Debian. This makes it perfect for testing, as you won’t need to worry about your software breaking or anything like that.
You’ll be able to choose from a few of the major desktop environments: Gnome, XFCE4, KDE, Cinnamon, Mate and LXDE. Overall, it’s standard (on the surface, anyway). It loads up fast, and as far as the security tools are concerned, they’re mostly what you’d expect when you install something like this.
I say that Parrot is standard on the surface because underneath it’s “cloud oriented.” The cloud components of this distribution include a Parrot Cloud Controller, a Parrot VPS service, and even a custom installation script for a Debian VPS. Suffice it to say you won’t find that sort of thing on other security distributions.
Features include digital forensics tools and cryptographic tools such as “custom” anti-forensic tools, support for various encryption tools, etc. Everything is anonymity-focused with TOR and DNS anonymization.
Installing Parrot Security OS is a bit of a to-do and certainly not something someone who is looking to fool around with security and penetration testing should try. It’s a fairly competent distribution. The installation itself is based on similar ncurses interfaces of past Linux distributions.
That being said, there is an automated installation option. It’ll go through and get everything working on its own. However, it’s recommended that you don’t use this option, as you won’t really understand the configurations of the things you’re using.
When going through the installation itself, you’ll be asked to set up your root password, username, host-name, domain, selecting your desktop environment, and which security tools you wish to install. It’s convenient if you’re using Parrot for a special reason and only require certain software.
Once you’ve finally selected the software you’re looking to install, the installer will ask you to configure said software. For example, if you’ve selected “Parrot Standard Tools,” you’ll be asked to set up Wireshark, Mac address tools, and so on.
What makes Parrot Security OS special?
Parrot really shines where other security distributions might not. For starters, since you’re not getting a traditional live-like installation, with everything already there you’ll be more inclined to learn how things work, what you’ll need, etc.
Note: Parrot Security OS does offer a live disk but not as its main download.
Lots of pen-testing distros exist, and some even have non-live installers. However, some just stack a whole lot of tools on top – they don’t explain them, and you’re left to figure it out on your own. Parrot’s choice to have you select them and even configure some of them during the setup process is insanely useful.
Another thing of interest: Parrot doesn’t seem to be just a desktop pen-testing, security distribution. In the installation menu you have the ability to install some server tools (web server, email server, etc.).
Parrot Security OS might not be the first security distribution to exist. It’s pretty generic when you get it going, what with all the standard tools you get. With all that being said, it really gets going with the interesting “cloud concept.” Having a server edition of a penetration-testing distribution could prove fruitful, as a lot of security vulnerabilities can happen outside of the desktop space.
All and all, Parrot Security OS takes a lot of what you’d expect and combines it with some new and interesting features and ideas. If you’re into security, or maybe you’re looking to get into something like this, consider checking out this distribution. You won’t be disappointed.