Playing with Parrot Security OS

Slashdot it! Delicious Share on Facebook Tweet! Digg!
Prin Pattawaro –

Prin Pattawaro –

Pretty Polly

The latest release of Parrot Security OS has some extremely colorful plumage, which will appeal to both hackers and lay users interested in their systems' safety.

Parrot Security OS, which recently celebrated its 4th birthday [1], comes from the Frozenbox Network, an Italian network dedicated to hacking, IT security, and programming [2]. It follows in the footsteps of already mighty security-focused OSs such as CAINE [3] and WeakerThan [4] both of which were also developed in Italy.

The OS doesn't follow an official release frequency but since 2014 has released versions on roughly a monthly basis.

Version 3.1, code-named Defcon, was released in July and is based on Debian jessie. It is available both for 32-bit and 64-bit architectures, as well as ARM and IoT images, including the Raspberry Pi and Cubieboard 4 (CC80). Visitors to the Parrot Security OS website can download either the Full or the Lite version of the ISO from a variety of mirrors. Alternatively, the ISO can be downloaded via BitTorrent.

As the names suggest, the Full version contains all the tools available via Parrot's repository and the full development environment out of the box. The Lite version is a lightweight 2GB version of the OS, allowing users to install their own penetration testing tools as needed [5].

Another very exciting version is the Parrot Cloud Edition (also known as Parrot Server Edition), which can be deployed quickly and easily for remote cloud pen tests. The system naturally doesn't come with a GUI, and most forensic tools are not present. The idea is to have a dedicated OS installed on your own VPS or remote server, complete with security tools to perform penetration tests without bringing confidential data with you. In case VPS providers don't allow installing a customized OS, a script on the Parrot Security website converts a VPS with a minimal Debian installation into a full Parrot Cloud environment [6].

For users with less specific needs, the full edition of the OS can be run in a Live environment or loaded into RAM for the sake of speed. Installation is also possible and requires a minimum of 8GB of space (16GB recommended).

The Parrot desktop has been well laid out, from the colorful eponymous bird in the centre, to the chirpy Computer Ready message when logging on. The vast array of tools has been neatly sorted into categories in the main menu (Figure 1).

Figure 1: Parrot OS categorizes the dozens of tools, making them much easier to navigate.

Parrot on the Fly

When booting from the ISO, users are given a choice to run in Live mode as well as a Forensic mode, which is non-invasive and will avoid automounts. In the interests of speed, the Advanced Options also allow the entire system to be loaded into RAM.

Despite the colorful wallpaper and slick menus, Parrot Security OS uses the LightDM display manager, so it has very minimal requirements. The website states that a minimum of 256MB of RAM is required, although it recommends twice that. Testing in a virtual machine caused kernel panic when only 256MB of RAM was assigned, but it ran perfectly on 512MB. Parrot requires no graphic acceleration at all and, at minimum, a 1GHz dual-core CPU [7].

Users for whom RAM isn't an issue may be impressed by the vast array of tweaks for the look and feel of Parrot Security OS, from Themes (Blue-Submarine is a personal favorite) to pop-up notifications. Icons and wallpapers can also be modified.

In addition to the funky interface, a number of non-security-related tools make this pen-testing distro a strong candidate for everyday use. Brasero and Rhythmbox allow for playing and burning CDs, respectively. Transmission and VLC Media Player allow downloading and playing of media files.

The full version of Parrot Security OS also boasts a large number of productivity apps; it contains the full LibreOffice suite as well as AbiWord and Gnumeric.

Persistent Parrot

Given the range of applications, serious penetration testers as well as interested users might want to install Parrot to retain their settings from one session to the next. It uses a custom hardened version of the Linux 4.5 Kernel. It's also possible to encrypt the installation drive using LUKS, as with any Debian install.

For the security conscious, installing Parrot to a drive doesn't have to undermine privacy because of the array of numerous anti-forensic tools. Of particular mention is tccf (Two Cents Cryptography Frontend), which simply serves as a more friendly GUI front end for cryptsetup and gpg to encrypt as well as delete data securely. It allows encrypting anything from a single file to an entire drive with AES/Serpent/Twofish without typing tricky commands into the terminal.

Another honorable mention goes to zuluCrypt, which not only can create encrypted volumes but open those created in TrueCrypt/VeraCrypt and support volumes using cascading encryption (e.g., Twofish-AES).

The built-in Pandora's Box module can also scrub the RAM to protect machines from a cold boot attack, as with Tails [8]. Like Kali Linux [9], it's possible to apply a nuke patch to Cryptsetup to have an alternative password that erases the headers (i.e., destroys the data). For sensitive data, version 1.10 of BleachBit is bundled with the full version of Parrot and not only shreds files and folders but automates the clearing of temporary files, caches, and so on.

Firefox 45.2, the default browser for the full installation, also comes with a Stealth RAM mode that leaves no trace on the OS, even if installed. It comes with some familiar extensions to protect private data like HTTPS Everywhere, NoScript, and WOT (Web of Trust).

Unlike many other pen-testing distros, it's possible to anonymize your connection by starting anonymous mode , which automatically runs all connections through the Tor network (Figure 2). The system also helpfully closes down any "dangerous" applications that can undermine the anonymity of the machine. Firefox also contains a link to the Hidden Wiki, which has lists of links on the dark web for those who want to delve further.

Figure 2: Anonymization mode Torifies your connection and uses FrozenDNS to prevent DNS spoofing.

Buy this article as PDF

Express-Checkout as PDF

Pages: 4

Price $0.99
(incl. VAT)

Buy Ubuntu User

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content