When I started to do courses and work through books it was always Kali this Kali that which is fair enough as it is the most widely used security OS in the Cybersecurity/Pentesting world.
After a while, I saw Hackersploit using the Parrot OS which piqued my interest and from there I set about finding out more and eventually installing it to try out and use to which I am so glad that I did.
There are other security distros like Kali, Backbox, BlackArch, Pentoo and a bunch more that I have tried but none have stuck with me like Parrot OS has, I do still have a Kali install that I keep updated and use periodically but I am finding myself using my Parrot OS more and more and my Kali less and less.
I have nothing against Kali and my machines I use are pretty good (16GB RAM, SSD, i5 Core) so performance hasn’t been an issue on either, Kali undoubtedly has more guides and tutorials like their free book ‘Kali Linux Revealed – Mastering the Penetration Testing Distribution’ but Parrot is now getting more documentation that you can find over on https://docs.parrotlinux.org/ and it is a work in progress but is being updated now which is great, I might even see about helping out any if I can.
I read a quote somewhere that said:-
“Hacking is nothing about tools, It’s all about skills..!!!”
and I couldn’t agree more, and it’s possibly why I like Parrot more now over Kali, I really hope more people give it a try and people who have used it previously come back to retry it.
Parrot OS (Parrot Security, Parrot OS) is a free and open-source GNU/Linux distribution based on Debian Testing designed for security experts, developers and privacy-aware people.
It includes a full portable arsenal for IT security and digital forensics operations, but it also includes everything you need to develop your own programs or protect your privacy while surfing the net.
The operating system ships with the MATE desktop environment preinstalled and is available in several flavours to fit your needs.
The first public release appeared on April 10th, 2013 as the result of the work of Lorenzo Faletra who continues to lead development.
Originally developed as part of Frozenbox, the effort has grown to include a community of open source developers, professional security experts, advocates of digital rights, and Linux enthusiasts from all around the globe.
The project is headquartered in Palermo, Italy and it is supported by an international team of experts and enthusiasts.
The system is designed to be familiar for the security expert and easy to use for the new entry student, but it does not try to hide its internals as other general-purpose distributions try to do.
The parrot OS can be used as a daily system, and it provides all the programs for the day to day tasks, including dedicated system flavours that don’t ship security tools.
There are a few articles on why you shout try Parrot OS so I won’t make another and will link you to a few of the good ones.
These were the reasons I prefer Parrot sec over Kali Linux, but I like and use both of them as I said Its never about which operating system or tool you are using, it all depends on your skills.
Most of the people argue that parrot has more tools than kali Linux and in parrot OS, we can set up anonymous surf easily. But what i believe and say is penetration testing is not about setting up the tools it’s all about identifying the defects in a system.
These are decent articles that cover a bunch so feel free to read them over and decide yourself if you want to try it but I hope you do.
And NOW onto the interview with Lorenzo Palinuro” Faletra 😊
When you first started Parrot Distro what was the original aim of it and did you imagine this level of popularity?
I was a kid, 14yo or something like that, so i was very inexperienced, I loved backtrack at that time, and in a true script kiddie fashion, I spent more time customizing the environment and making it my own, than actually kidding around with the distro.
One thing that I hated at that time was the waste of time to re-configure my ideal setup every time i wanted to format my computer, and of course I loved the idea of running my own Linux distribution.
Guess what? I came up creating my own “distributable” custom builds of backtrack, backbox, ubuntu and Debian (blackarch, stealthpwn, frozenbox OS etc), and that is where I taught myself how to design, develop, maintain and deliver a gnu/Linux derivative.
Parrot OS started from my final decision to take everything that worked from my previous experiments, put them on top of Debian (kali was not yet out at that moment) and start something more usable and reliable.
Of course it wasn’t reliable at that time, but it was a good starting point. then kali was out, and i was more than happy to take all their tools and finish months of work in few days.
Steal it and make it better was my personal motto at that time, because, jokes apart, I was completely alone on the project, and I was doing it for myself because of my plan to have a ready to use iso file pre-loaded with my favourite defaults.
The success of the distro was completely unexpected (probably people loved my personal taste lol).
The success of the distro was so big that i was forced to make it a professional project, and this is where the true distro development started, and where parrot stopped to be the personal toy of a kid to become a professional tool for Pentesters.
What does the future look like for parrot distro?
GNU/Linux distributions flooded with old Pentest tools are something of the past, they are still useful tools, but I don’t see them as the main characters of the arsenal of the future Pentester (long-term wise), so my plan now is to find a way to blend the project in the proper direction and follow the trend (or maybe create it?).
What I would like to avoid is to be blind to the new trends and find myself obsolete in few years without even noticing.
At the very moment I’m working hard on sandboxing and containerization technologies, and we are experimenting with docker, firejail and other tools to find a way to combine them in our distro to ship the level of security and flexibility that we expect will be the main driver of the future of our sector.
Meanwhile we are also investing a lot on docker to transform the project from just a Debian derivative to a complete framework that professionals can use to build their pentest environment on top of any distro they want.
In the future of parrot i see the next generation of Pentesters using windows, openSUSE, fedora, mac, Debian, or even parrot as their main system, and use their favourite tools through a modular and scalable framework of next-gen tools that can run on their laptop, on a cluster of servers, on their phone or anywhere else, with the parrot framework at the core of the whole magic.
If people want to help out or contribute what is the best way for them to help out?
As a one-man-band project, it was very hard in the past to contribute, but nowadays we have identified our workflow issues, and the benefits of the internal changes we decided to take are already noticeable.
Before deciding to contribute to the parrot project, people should understand what parrot is.
It is not just a software, and we don’t need “just another guy who knows some python”.
Instead, we need people who understand how Debian works internally, how to create and maintain standard-compliant Debian source packages, how to write modern pentest tools that are not just another low quality <existing tool name here> clone, or people who are familiar with development of operating system utilities (i.e. we need to develop a software store that complies to specific requirements).
Of course, people can contribute in other ways, like contributing to our community (moderation, helpdesk etc), help as beta-testers (it is way harder than it seems), or by just being professional Pentesters and
using parrot as a daily basis to give feedback directly to our team from real-world usage scenarios.
What was the thinking behind not using root as the user?
Is it a real question? what is point of running the whole desktop environment, including the browser as the most privileged user of the system we use to test a critical infrastructure, collect sensible information about the company and use it to write the report? Pro-tip: there is no fucking point.
The only reason pentest distros used to log in as root, was because it was boring to type the password every time a root shell was required.
Laziness and lack of knowledge of a Linux distro are not a justification to a bad OS design, and I think we were the first ones among the other pentest distros to ditch the root login scheme and work seriously in
system hardening and desktop sandboxing.
Sensible information is stored in every computer of every Pentesters, that information has to be protected, and we (the pentest distro developers) have a key role in providing the right tools to make the right level of security accessible to anyone.
Pentest distros are not just tools. they are at the forefront of the education of the new generations of Pentesters, and they are the most powerful “habit generators”
Our goal is to create an environment that pushes people into adopting good habits, rather than pushing people into bad ones as pentest distros did in the past (including earlier versions of parrot).
Boot the latest version of the system, take a look at the pre-installed programs, take a look at the browser bookmarks, plugins and default settings, analyse the configuration of the distro, play with its improvements we made on top of Debian, play with our docker containers etc, and you will immediately get what I mean when I talk about educating the next generation of Pentesters and push them to adopt good habits.
Lastly one of my good friends asked is there any chance of getting a robotic parrot wallpaper in a future release?
Cyberpunk culture is something i love, and we are brave enough to take in consideration this kind of choices. at the moment we are a lot into low-poly design and vaporwave graphics, but maybe robots and cyborg parrots could be the next ones 🙂
I cannot thank Lorenzo enough for answering these questions for me and again I urge you to give Parrot OS a try and who knows, like me you may end up choosing it as your main OS.
Also (you didn’t hear it from me 😉 but they are working on an LTS ( LTS is an abbreviation for “Long Term Support”) version of parrot based on Devuan (init-freedom gives many advantages and great flexibility), and they ALSO have a big collaboration with hackthebox going on 😊
Give them a follow etc over on these places.
- Parrot OS Website = https://parrotlinux.org/
- Parrot OS Facebook = https://www.facebook.com/ParrotSec/
- Parrot OS Twitter = https://twitter.com/ParrotSec
- Parrot OS YouTube = https://www.youtube.com/channel/UCj2dezzTc_Oy9eAEwBBodpw
- Lorenzo Twitter = https://twitter.com/palinurosec