Parrot Security OS is a Debian-based Linux distribution designed for ethical hacking, penetration testing, digital forensics, and privacy-focused computing. It combines lightweight resource usage with a comprehensive suite of pre-installed security tools, making it ideal for both beginners and experienced security professionals.
Visit the official Parrot Project website and download the appropriate ISO image for your system architecture (i386 or amd64):
# Verify ISO integrity
sha256sum parrot-security-6.x-x86_64.iso
| Edition | Purpose | Included Tools | Use Case |
|---|
| Security | Penetration testing & hacking | Full suite of security tools, Metasploit, Burp | Professional pentesters |
| Home | Privacy & general computing | Lighter toolset, Tor, privacy apps | Everyday users, privacy seekers |
| Architect | Advanced customization | Minimal installation base | Developers, system builders |
| Cloud | Server deployments | CLI-only, minimal resources | Cloud instances, headless servers |
| HTB | HackTheBox training | Community edition optimized for CTFs | CTF competitors, beginners |
# Recommended specifications
# vCPU: 4 cores minimum (8 preferred)
# RAM: 4GB minimum (8GB+ for tools)
# Storage: 50GB (dynamic allocation acceptable)
# Network: NAT or Bridged mode
# Video Memory: 128MB
- Create new VM, select Linux (Debian 64-bit)
- Allocate RAM and disk space as above
- Configure network settings
- Mount ISO and boot into installer
- Follow Parrot installer prompts
# Similar specs as VirtualBox
# Use SCSI disk controller
# Enable 3D graphics for desktop performance
# Configure network with bridged or NAT adapter
# Linux/macOS: Use dd or Etcher
sudo dd if=parrot-security-6.x-x86_64.iso of=/dev/sdX bs=4M status=progress
sync
# Alternative: Balena Etcher (GUI)
# Available for Windows, macOS, Linux
| Component | Minimum | Recommended |
|---|
| CPU | Dual-core 2GHz | Quad-core 2.4GHz+ |
| RAM | 2GB | 8GB+ |
| Storage | 20GB | 60GB+ SSD |
| Graphics | 256MB VRAM | 1GB+ dedicated |
| Network | Ethernet/WiFi adapter | Dual network cards |
# Update package repository and installed packages
sudo parrot-upgrade
# Or use standard apt upgrade
sudo apt update && sudo apt upgrade -y
# Full distribution upgrade
sudo apt full-upgrade -y
# Check Parrot-specific updates
sudo parrot-update
# Create new user (optional, recommended for isolation)
sudo adduser newusername
sudo usermod -aG sudo newusername
# Configure hostname
sudo hostnamectl set-hostname your-hostname
sudo hostname your-hostname
# Check network status
ip addr show
nmcli device status
# Configure static IP (if needed)
sudo nmtui # Text-based NetworkManager UI
# Add additional repositories if needed
sudo nano /etc/apt/sources.list
# Parrot repositories are pre-configured:
# deb http://deb.parrotsec.org/parrot/ parrot main contrib non-free
# deb http://deb.parrotsec.org/parrot/ parrot-security main contrib non-free
- Complete collection of penetration testing tools
- Includes Metasploit, Burp Suite Community, Wireshark
- ~5GB+ of pre-installed tools
- Perfect for dedicated pentesting systems
- Heavier resource requirements
- Lightweight with essential security tools
- Privacy-focused apps, Tor integration
- Smaller footprint (~2GB tools)
- Suitable for privacy-conscious users
- Better battery life on laptops
- Minimal base installation
- Build exactly what you need
- Advanced users only
- Fastest performance
- Requires manual tool installation
- Server/headless deployment
- CLI-only, no desktop environment
- Minimal resource usage
- Ideal for AWS/Azure/Linode instances
- Perfect for automation and scripting
- Community-focused CTF platform edition
- Optimized for HackTheBox challenges
- Balanced tool selection
- Educational focus
- Good for learning penetration testing
# Burp Suite Community Edition
burpsuite
# OWASP ZAP
zaproxy
# SQLmap (SQL injection testing)
sqlmap --help
# Nikto (web server scanner)
nikto -h target.com
# Nmap (port scanning)
nmap -sV -p- target.com
nmap -A -T4 target.com
# Wireshark (packet analysis)
wireshark
# Masscan (fast port scanning)
masscan -p1-65535 target.com --rate=1000
# Shodan CLI integration
# Aircrack-ng suite
airmon-ng start wlan0 # Monitor mode
airodump-ng wlan0mon # Capture handshakes
aireplay-ng -0 10 -a BSSID wlan0mon # Deauth attack
aircrack-ng *.cap # Crack captured handshakes
# Hashcat (GPU password cracking)
hashcat -m 2500 hash.txt wordlist.txt
# Hcxdumptool (WiFi packet capture)
hcxdumptool -i wlan0 -o capture.pcapng
# Metasploit Framework
msfconsole
# Example workflow
# > search wordpress
# > use exploit/unix/webapp/wordpress_plugin
# > set RHOSTS target.com
# > exploit
# Exploit-DB search integration
searchsploit linux kernel privilege escalation
# Hashcat (multi-GPU support)
hashcat -m 1000 hashes.txt wordlist.txt --rules
# John the Ripper
john --wordlist=wordlist.txt hashes.txt
john --show hashes.txt
# Hydra (online brute-forcing)
hydra -l admin -P passwords.txt ssh://target.com
hydra -L users.txt -P passwords.txt ftp://target.com
# Autopsy (GUI forensic framework)
autopsy
# Volatility (memory forensics)
volatility -f memory.dump imageinfo
volatility -f memory.dump --profile=Win7SP1x64 pslist
# Foremost (file recovery)
foremost -i image.dd -o output_directory
# Testdisk/Photorec (partition recovery)
testdisk image.dd
# Maltego (graphical OSINT)
maltego
# theHarvester (email, subdomain, IP gathering)
theHarvester -d target.com -l 500 -b google
# Recon-ng (web reconnaissance)
recon-ng
# > marketplace search
# > modules load reporting/csv
# WHOIS and DNS lookups
whois target.com
dig target.com
nslookup target.com
# Anonsurf (Tor-based anonymization)
sudo anonsurf start # Enable Tor routing
sudo anonsurf status # Check status
sudo anonsurf changeid # Change Tor identity
sudo anonsurf stop # Disable Tor routing
# Tor Browser (included)
torbrowser-launcher
# VPN configuration
sudo nano /etc/openvpn/client.conf
sudo systemctl start openvpn@client
# Update package lists
sudo apt update
# Install package
sudo apt install package-name
# Remove package
sudo apt remove package-name
# Search for package
apt search keyword
# Show package info
apt show package-name
# Clean package cache
sudo apt clean
sudo apt autoclean
# Full Parrot upgrade (includes Parrot-specific updates)
sudo parrot-upgrade
# Install tool groups
sudo apt install parrot-tools-full # All tools
sudo apt install parrot-tools-core # Core tools
sudo apt install parrot-tools-web # Web testing
sudo apt install parrot-tools-network # Network tools
sudo apt install parrot-tools-forensics # Forensics tools
# Add external repository
sudo add-apt-repository ppa:user/ppa-name
# Remove repository
sudo add-apt-repository --remove ppa:user/ppa-name
# List enabled repositories
apt-cache policy
# Start Tor-based anonymization
sudo anonsurf start
# All network traffic routes through Tor
# Check current status
sudo anonsurf status
# Shows your current Tor exit IP and connection
# Change Tor exit node (new identity)
sudo anonsurf changeid
# Assigns new Tor exit node, changes IP
# Stop AnonSurf
sudo anonsurf stop
# Returns to normal network routing
# Check Tor service status
sudo systemctl status tor
# View Tor configuration
sudo nano /etc/tor/torrc
# Verify DNS over Tor
curl https://checkdns.anonsurf.org
# Check current IP through Tor
curl https://ident.me
# AnonSurf automatically routes DNS through Tor
# Verify no leaks with:
nslookup google.com 127.0.0.1
# Test DNS leaks online at dnsleaktest.com
# (while AnonSurf is active)
# Alternative: Use dnscrypt-proxy
sudo apt install dnscrypt-proxy
sudo systemctl enable dnscrypt-proxy
# List available sandbox profiles
firejail --list
# Run application in sandbox
firejail firefox
firejail google-chrome
firejail vlc
# Restrict network access
firejail --net=none firefox
# Create custom profile
sudo nano /etc/firejail/custom.profile
# Add: whitelist /home/user/files
# Then: firejail --profile=/etc/firejail/custom.profile firefox
# Prevent malware from accessing home directory
firejail --private firefox
# Disable DNS
firejail --noprofile google-chrome
# Disable cameras and microphone
firejail --nodvb --notpm thunderbird
# Temporary modifications (don't persist)
firejail --overlay firefox
# Python (for scripting exploits)
python3 --version
pip3 install requests beautifulsoup4
# Ruby (Metasploit modules)
ruby --version
gem install bundler
# Node.js
node --version
npm install -g package-name
# Go (for tool compilation)
go version
go get github.com/user/project
# Bash/Shell scripting
bash --version
# Install from Parrot repositories
sudo apt install code
# Or download from Microsoft
# Available from official Parrot repos
# Launch VS Code
code
# Useful extensions for security work
# REST Client, Python, Docker, Git Graph
# Docker is pre-installed
docker --version
# Enable Docker service
sudo systemctl enable docker
sudo systemctl start docker
# Add current user to docker group
sudo usermod -aG docker $USER
# Run Docker container
docker run -it ubuntu /bin/bash
# Example: Run Metasploit in Docker
docker pull metasploitframework/metasploit-framework
docker run -it metasploitframework/metasploit-framework /bin/bash
# Parrot ships with MATE by default
# Switch desktop environments:
# Install KDE Plasma
sudo apt install parrot-desktop-kde
# Install XFCE
sudo apt install parrot-desktop-xfce
# Switch at login screen (Session menu)
# Change wallpaper
right-click desktop > Set Desktop Background
# Install themes
sudo apt install arc-theme papirus-icon-theme
# Terminal customization
# Settings > Profile > Appearance
# Configure colors for dark/light mode
# Right-click terminal > Preferences > Colors
# Configure keyboard shortcuts
Settings > Keyboard > Shortcuts
# Arrange multiple monitors
Settings > Displays
# Virtual desktop setup (MATE)
# Settings > Keyboard > Workspaces
# Autostart applications
# ~/.config/autostart/ (create .desktop files)
# CLI interface
nmcli device status # Show all devices
nmcli connection show # List connections
nmcli device show wlan0 # Detailed device info
# Create new connection
nmcli connection add type wifi \
ifname wlan0 con-name MyWiFi \
ssid "Network Name" -- wifi-sec.key-mgmt wpa-psk \
wifi-sec.psk "password"
# Connect/disconnect
nmcli connection up MyWiFi
nmcli connection down MyWiFi
# Check available networks
nmcli device wifi list
# Connect to WiFi
nmcli device wifi connect "SSID" password "password"
# Set static IP
nmcli connection modify "connection-name" ipv4.method manual
nmcli connection modify "connection-name" ipv4.addresses "192.168.1.100/24"
nmcli connection modify "connection-name" ipv4.gateway "192.168.1.1"
# Enable/disable WiFi
nmcli radio wifi on
nmcli radio wifi off
# List all interfaces
ip link show
ifconfig
# Set interface up/down
sudo ip link set eth0 up
sudo ip link set eth0 down
# Configure IP address
sudo ip addr add 192.168.1.100/24 dev eth0
sudo ip addr del 192.168.1.100/24 dev eth0
# Set default gateway
sudo ip route add default via 192.168.1.1
# Install VirtualBox Guest Additions (improve performance)
sudo apt install virtualbox-guest-dkms virtualbox-guest-x11
# Or use Linux Guests folder from VirtualBox menu
# Devices > Insert Guest Additions CD Image
# Then mount and run installer
# Reboot to apply
sudo reboot
# Configure in VirtualBox settings
# Devices > Shared Folders > Add Shared Folder
# Mount shared folder
sudo mkdir /mnt/shared
sudo mount -t vboxsf SharedFolderName /mnt/shared
# Permanent mount (add to /etc/fstab)
# SharedFolderName /mnt/shared vboxsf defaults 0 0
# Enable Devices > Shared Clipboard > Bidirectional
# Requires Guest Additions installed
# Take snapshot before major changes
# VirtualBox: Machine > Take Snapshot
# Restore from snapshot if needed
# VirtualBox: Machine > Snapshots > Restore Snapshot
# Clone entire VM for backup
# VirtualBox: Machine > Clone
| Feature | Parrot | Kali |
|---|
| Base | Debian Testing | Debian Testing |
| Resources | Lightweight | Heavier |
| Tools | Curated selection | Extensive (~400+) |
| Philosophy | Privacy + Testing | Penetration Testing |
| Editions | 5+ options | Limited editions |
| Desktop | MATE default | XFCE default |
| AnonSurf | Built-in | Not included |
| Community | Growing | Larger community |
| Learning Curve | Beginner-friendly | Moderate |
# No internet connection after AnonSurf
sudo anonsurf stop
sudo systemctl restart networking
# Package manager errors
sudo apt clean
sudo apt autoclean
sudo apt update
sudo apt install -f
# GPU acceleration not working
# Install appropriate drivers for NVIDIA/AMD
sudo apt install nvidia-driver-520 # Adjust version as needed
# Low disk space
sudo apt autoremove
df -h # Check disk usage
# Check system resources
top
htop
free -h
# Increase VM allocated resources if running virtually
# or clean up disk space:
sudo journalctl --vacuum=50M
rm -rf ~/.cache/*
# Disable unnecessary services
sudo systemctl disable bluetooth
sudo systemctl disable cups
# Enable firewall
sudo apt install ufw
sudo ufw enable
sudo ufw default deny incoming
sudo ufw allow 22/tcp # Allow SSH if needed
# Keep system updated regularly
sudo parrot-upgrade
sudo apt update && sudo apt upgrade -y
# Use AnonSurf for sensitive activities
sudo anonsurf start
# Avoid running unknown tools as root
# Use firejail for sandboxing
# Always test tools on controlled environments
# Never run penetration tests without written permission
# Use virtual machines for potentially dangerous activities
# Keep backups before major testing
# Start with command help
msfconsole -h
burpsuite --help
sqlmap --help
# Regular backups
# Snapshot VM or use external storage
# Monitor system logs
sudo journalctl -u service-name -n 50
# Clean old logs
sudo journalctl --vacuum=1M
# Remove unused packages
sudo apt autoremove
sudo apt remove --purge package-name
# Kali Linux - Most popular, extensive tool collection
# BlackArch - Minimalist, ~2000 tools, Arch-based
# Pentoo - Gentoo-based, requires compilation
# CommandoVM - Windows-based penetration testing OS
# REMnux - Reverse engineering and malware analysis focus
# Live USB: Tails OS (privacy-focused)
# Virtual environment: Proxmox, QEMU/KVM
# Container-based: Docker with security images
# Configuration management: Ansible for lab automation
