Table of Contents
ToggleWhat is ParrotOS?
Parrot Security (ParrotOS, Parrot) is a Free and Open source GNU/Linux distribution based on Debian Stable designed for security experts, developers and privacy aware people.
It includes a full portable arsenal for IT security and digital forensics operations. It also includes everything you need to develop your own programs or protect your privacy while surfing the net.
Parrot is available in three main editions, Security, Home and Architect Edition, even as Virtual Machine (Virtual Box, Parallels and VMware), on Raspberry Pi and also on Docker.
The operating system ships by default with MATE Desktop Environment, but it is possible to install others DEs.
Parrot Security 6.0 “Lorikeet” with MATE Desktop
History and Team
The first public release appeared on April 10th, 2013 as the result of the work of Lorenzo Faletra who continues to lead development.
Originally developed as part of Frozenbox (a community forum by the same creator of Parrot), the effort has grown to include a community of open source developers, professional security experts, advocates of digital rights, and Linux enthusiasts from all around the globe.
The project is headquartered in Palermo, Italy and governed by Parrot Security CIC, a community interest company registered in the UK.
Why “Parrot”?
Because it was born as a game, and every pirate of the seven seas needs a parrot on his shoulders if he wants to board the galleons with his crew of jailbird filibusters.
Who is it designed for
The system is designed to be familiar for the security expert and easy to use for the new entry student, but it does not try to hide its internals as other general purpose distributions try to do.
Parrot can be used as a daily system. It provides all the programs for the day to day tasks, including a dedicated edition of the system (Parrot Home Edition) that doesn’t include security tools.
Software Management
The system has its own applications repository including all the packages supported by Debian, plus many other applications and tools Debian can’t provide yet. All of them are accessible directly from the APT package manager.
Additionally, Parrot supports Snap, a package distribution system that provides easy access to many other programs that GNU/Linux distributions don’t always ship in their software archives.
Flatpak is a universal software store similar to Snap. It can be installed from the Parrot official repository.
Also Parrot supports Wine, a compatibility layer to run Windows applications in GNU/Linux environments.
Should I use Parrot?
Why Parrot is different
Even if we would like everyone to use the Parrot System or, at least, give it a try, there are some important considerations to make about who we expect to use Parrot and who may have a bad experience from it.
First of all, even if Parrot provides general purpose flavors, its core is still tuned for Security and Forensics operations. In this section we will explain how different Parrot is compared to other general purpose distributions and how different it is from other Pentest and Forensics distributions. Then we will present some categories of people and what kind of experience they may have by using this system.
General purpose distributions
Parrot is different from a general purpose distribution (i.e. Ubuntu) because it does not try in any way to hide its internals.
Meaning that many automation tools are included in the system to make it easier to use, yet expose quite well what the system has under the hood.
A good example is the parrot update reminder: it is a simple yet powerful program that prompts the user to check for system upgrades once a week. but instead of hiding the upgrade process behind a progress bar, it shows the user the full upgrade process from the apt output.
Another important difference is that Parrot disables by default all the network services pre-installed in the system, not only to maintain a very low RAM footprint and offer better performance, but also to avoid services exposure in a target network. Every network service needs to be manually started when the user needs it.
Pentest distributions
Pentest distributions are famous for integrating only security tools, allowing easy root access and taking down all the security system barriers that may influence the workflow of a pentester.
Parrot was designed to be a very comfortable environment for security experts and researchers. It includes many basic programs for daily use which pentesting distributions usually exclude (at the cost of less than an additional gigabyte of storage). This choice was taken to make Parrot not only a good system to perform security tests, but also a good environment where you can write reports, build your own tools, and communicate seamlessly with teammates, without the need for additional computers, operating systems or configuration.
Our goal is to allow any professional pentester to make a whole security test from the beginning, to the report with just a Parrot ISO and an average laptop.
Secure distributions
Parrot Security ships with custom hardening profiles and configurations for AppArmor and other linux hardening technologies, and takes inspiration from the success of other projects that deliver the highest level of security in the GNU/Linux scenario, like Tails and Whonix to sandbox the system and deliver a layer of security above the average.
All this additional security comes with a cost: it is harder to adopt bad behaviors on Parrot. For instance it is not possible to log in as root with the whole desktop environment, or to start critical applications like browsers, media players or advanced document readers with unnecessary privileged permissions.
The user can still open root consoles, launch security tools with privileged permissions and use the system without limits. The only thing that changes is that all the critical user applications are now protected from very bad behaviors and common exploit techniques, or even zero-days, and the damages caused by advanced exploits are very limited.
Forensics distributions
Digital forensics experts need an environment that does not compromise their evidence.
Parrot comes with automount functions disabled by default, to allow forensics acquisitions to be performed in a safe way. The global automount policy is configured in a redundant way in all the layers of the system stack, from the noautomount kernel option passed by default at boot, to the specific file manager settings to disable auto mount and plug & play features.
Don’t forget that the disks are still recognized by the system, and the system will mount them without protections if the user accidentally open them.
The no-automount behavior is consistent and stable, but no protection is provided in case of accidental mounts. A write blocker is always recommended in any digital forensics scenario.
In summary, Parrot is made for:
- Security Experts
- Digital forensics experts
- Computer Science/Engineering Students
- Researchers
- Wannabe Hackers
- Software developers
What is GNU/Linux?
GNU/Linux is an operating system built over the years thanks to the contributions of many developers around the world. Few of its peculiarities will be described here.
Free Software
“Free software” is software that respects the freedom of users and their community. Broadly speaking, it means that users have the freedom to run, copy, distribute, study, modify, and improve the software. In other words, “free software” is a question of freedom, not price. To understand the concept, think of “free” as “free speech”, not “free beer.” In English, sometimes in the place of “free software” we say “libre software”, using that spanish adjective, derived from “freedom”, to show that we do not mean that the software is free.
Four are the freedoms that define “Free Software”:
- Freedom 0 : The freedom to run the program as desired, for any purpose.
- Freedom 1: The freedom to study how the program works, and change it to do what you want. Access to the source code is a necessary condition for this.
- Freedom 2: The freedom to redistribute copies.
- Freedom 3: The freedom to distribute copies of its modified versions to third parties. This allows you to offer the entire community the opportunity to benefit from the modifications. Access to the source code is a necessary condition for this.
A program is “free software” if it appropriately grants users all of these freedoms. Otherwise it is not free. It is said to be “Proprietary Software”.
By way of summary we could say that:
- “Free Software” or “Libre Software” does not necessarily mean that it is free, although in many cases it is.
- “Free Software” provides four basic freedoms: freedom to run software, freedom to modify and study your code, freedom to redistribute copies of such software, and freedom to distribute copies of modified software.
You can read this information at the following link: https://www.gnu.org/philosophy/free-sw.en.html
GNU Project
Let’s start with some history… It’s the 70’s of the 20th century, when a man named Richard Stallman started working at MIT (Massachusetts Institute of Technology). At this time it was very common to work with free software. The programmers were free to cooperate with each other and did so quite often. What’s more, even computer companies distributed their software freely. All this changed in the 1980s, and practically all software began to be distributed privately, which means that such software had owners who prohibited cooperation between users. For this reason, and in the face of what seems an injustice, Richard Stallman decides to create the GNU project in 1983. Being in 1985 when the Free Software Foundation was founded with the objective of raising funds to help program GNU.
The GNU operating system is a complete Unix-compatible free software system. The term GNU comes from “GNU is not Unix”. It is pronounced in a single syllable: Ñu. Richard Stallman wrote the initial announcement of the GNU Project in September 1983. An extended version, called the GNU Manifesto [1], was published in September 1985.
The name “GNU” was chosen because it met a few requirements. First of all, it was a recursive acronym for “GNU Is Not Unix”. Second, it was a real word. Lastly, it was fun to say (or sing) [2].
They decided to make the operating system Unix-compatible because the overall design was already tested and portable, and because the compatibility made it easy for Unix users to switch from Unix to GNU.
A Unix-like operating system includes a kernel, compilers, editors, word processors, mail software, graphical interfaces, libraries, games, and many other things. For all this, writing a complete operating system takes a lot of work.
At the beginning of 1990 the main components had already been found or programmed except for one, the kernel.
[1]. https://www.gnu.org/gnu/manifesto.html
[2]. http://www.poppyfields.net/poppy/songs/gnu.html
Linux project
Let’s jump back in history, this time to 1991.
Around that time, a Finnish computer science student named Linus Torvalds wanted to create an operating system similar to minix (which he used at university), but that would work on his new computer. with 80386 processor.
Using the GNU C compiler, Linus Torvalds soon had a first version of the Kernel (kernel) capable of running on his computer. On August 25, 1991, he announced this system on Usenet, on the comp.os.minix list. His project quickly gained followers and there were many who joined him, and began to develop for said Kernel.
Linus initially released his software under his own license, although he finally chose a GNU GPL license in 1992, in part because the C tool he had used to compile it was also GPL.
The name of Linux, for this kernel, was taken months after its publication, since Linus himself had originally wanted to call it “Freax”. In fact, in the first version of the kernel, you can see inside the makefile, how you called it this way. Finally Ari Lemmke, who was one of the people in charge of the FTP server at the Helsinki University of Technology, placed the files on the server under the “Linux” project without consulting Linus. Linus did not like this name because he found it too self-centered or selfish.
He finally agreed to the name change and a long time later in an interview, Linus himself commented that “it was simply the best name that could have been chosen.”
GNU/Linux
The FSF (GNU) was developing a kernel called Hurd (still under development). This kernel was developing more slowly than they came to think. So before the release of the Linux kernel, it was adopted within the project.
So, the correct name for the Operating System is not Linux, but GNU/Linux. Nowadays when people talk about Linux, they are really talking about GNU / Linux [1].
The kernel itself is useless. The kernel is the component that makes the software, and therefore the user, able to communicate with the hardware. But it takes more than a kernel to run a computer. It is necessary that there are certain programs in the user part. These programs may or may not be licensed under the GPL (GNU).
[1]. https://www.gnu.org/gnu/linux-and-gnu.en.html
Download ParrotOS
ParrotOS is available for download here.
The OS also runs on older machines, but it is recommended to consult the system requirements.
Which version should I choose?
Parrot comes in a lot of shapes and sizes in order to fit all possible hardware and users’ needs.
Depending on what hardware configuration and scope you have, consider these options:
Parrot 6.0 Security Edition
As the name suggests, this is the full edition. After the installation you have a complete out of the box pentesting workstation loaded with a large variety of tools ready to use. Highly recommended for PC Desktops and Laptops with at least 4GB of RAM, for a smooth experience whilst multitasking.
Parrot 6.0 Home Edition
This version of Parrot is a lightweight installation which provides the essential tools needed to start working. It relies on the same repositories as the Full Edition, letting you choose most of the programs you want to install later on. Recommended for those who are familiar with Pentesting Distros but require a minimal installation.
Parrot 6.0 Cloud Edition
Cloud images are special editions of Parrot Security made for embedded devices, cloud environments, virtual machines and other special deployments.
Parrot 6.0 Architect Edition
This edition of Parrot does not contain any software you do not choose, weighs about 379 mb and is available for any architecture (amd64, i386, arm64). The arm64 version can also be used in MacOS devices with M1/M2 processor.
Security, Home and Architect Edition, which one should I choose?
Parrot Home Edition and Parrot Security Edition are identical, and the only difference between them is the set of software that comes pre-installed.
Parrot OS Home Edition comes with no security tools, while Parrot OS Security Edition comes with all the hacking and pentest tools pre-installed.
You can use the Home Edition and install only the hacking tools you actually need, or you can install all of them at once with sudo apt install parrot-tools-full
The Architect Edition does not contain any software pre-installed. You can decide and customize your edition of ParrotOS just before the installation.
Parrot 6.0 on Docker
Forget all you know about pentesting circumstances. Carrying a laptop everywhere you go to accomplish your job is not mandatory anymore. You can now have a remote VPS loaded with Parrot OS ready to perform all sort of tasks from an embedded terminal, with discretion. This edition does not provide a GUI out of the box, but it’s available in the repositories if needed.
Community Contributions
Parrot was born and continues to be a fully open-source project, this means that anyone can see the code of each of its components and, if interested, modify it.
Which is why, if you like the world of open source and in particular the Parrot project, you are strongly invited to contribute. Here you will find a guide on how to proceed and on which projects you can currently contribute.
No matter how technically good you are in a certain area, you will see that you can contribute in various ways depending on the Parrot sub-project. Any motivated and useful contribution is always more than welcome. In any case, someone from the team will be alongside you in order to discuss it together.
At present, all Debian packages and all tools developed by the Parrot team reside on GitLab and GitHub (as a backup mirror).
Why should you be a contributor?
Be a contributor for an open-source project means that you have the chance to:
- Meet new people: you will be able to meet a lot of developers like you, who are in love with the world of the open-source projects. This will not only help you to expand your network from a professional point of view, but also to develop real and true friendship;
- Learn and teach new things: first rule of contributor is “never get stuck on what you already know”, it doesn’t matter if you’re a newbie or a senior developer, if you start contribute to an open-source project you can learn a lot of new things or, in the other way, you’ll get the chance to teach new things to other people (this will boost your confidence a lot, trust us);
- Make your work worth it: you will get the chance to test in advance some of our packages and, in the best-case scenario, your work will be built into Parrot Security OS.
Working on a Parrot sub-project
Since we mainly work on GitLab, it will be important that you have a registered GitLab account, you will need it to start contributing. Then, once you have chosen the sub-project, contact the Parrot team at the email [email protected], specifying the chosen sub-project and the part in which you want to contribute.
This list will be updated, but it is now possible to contribute to the following sub-projects:
- Website
- Documentation
- Debian Packages
- ARM Images
- Community
Website
The Parrot website, freely visible at https://parrotsec.org, was built using the NextJS framework and the React library. You are free to view and analyze the code by cloning the repository.
If you have any ideas on how to improve it or anything else, feel free to open a merge request. The maintainer ([email protected]) of this sub-project will review your request as soon as possible and coordinate to approve it.
Documentation
The official ParrotOS documentation, accessible at https://parrotsec.org/docs. It is based on the Docusaurus v2 framework and the graphics follow the ParrotOS style. New features will always be added to make it as complete as possible. If you think you can add some essential or interesting documents, feel free to clone this repository and open a merge request.
Debian Packages
Most of our 3rd party programs and most of our pre-included programs comes from Debian. We mostly wait for Debian updates. You can contribute by creating new Debian packages or by proposing new tools, strictly already packaged according to Debian standards.
To get started, you can follow this manual.
Initially the work must be started on personal repo forking the package. Once the code is correctly set to be packaged, open a merge request and Team Leader will analyze modifications before approve.
ARM Images
Parrot is also available for ARM platforms, through some scripts we generate the images available in this repository.
In particular, it is recommended to read the iot and architect folders.
Community
The community is a very important part for an operating system like Parrot, and helping each other can only be useful to increase one’s knowledge. The ParrotOS community always needs new moderators, for Discord channels, our Forum and in Telegram groups.
The contact person for the community is [email protected].
Community Structure
Each community is divided into the following sections:
- General: A welcome place to have a first approach to our community. Feel free to ask for help or whatever you need, there will always be someone who will answer your questions or direct you to the right channel.
- Support: Technical Support room for ParrotOS. Here you can find questions and answers concerning the OS.
- Ask the Devs: ParrotOS devs are here to answer questions regarding the OS and more.
- Distro Development: News and sneak peak at the progress of the next ParrotOS version development, questions are always welcome.
- Hacking: Have fun by asking questions about hacking techniques, read users’ experiences, read contents made by us or confront about what concerns Hacking and Security in general.
- Programming: In this room discussions about coding are highly encouraged, and if you need assistance on your tasks, don’t hesitate to ask.
- Sysadmin: The topic here is all about system administration, networking, hardware and software.
- OffTopic: Free conversation room, memes are always welcome!
- News: Official Channel to get all of the latest news about Parrot.
Community Manifesto
We highly encourage users to engage discussions not only for support purposes, but also for whatever concerns security, hacking, programming (and so on), build an active and varied community where any kind of discussion or comparison are valued and welcome.
If any user want to join us (or has already joined) to help building and keep healthy and active our community, we ask to follow the rules of each community and to meet certain requirements:
- Be kind, always.
It is important to maintain a consistently polite and patient demeanour with users. Reserve expressing frustration or anger for truly exceptional and extreme circumstances. - Respect Everyone.
Our community must be healthy even when it’s about religion, political belief, physical/mental disabilities and LGBT+ communities. Don’t spread hate on anything or anyone and guide users towards respect and acceptance. - Be a guide to anyone approaching this field, ParrotOS and GNU/Linux for the first time.
No one is born an expert in a specific field. Don’t take anything for granted, if a user asks a question about something that you know very well, share your knowledge, it’ll be accessible for the future to those who’ll be in the same situation. You don’t know the answer? Kindly guide the user to wait for someone more experienced to read the request and reply. - Be always enthusiastic to learn new things and be open to new possibilities.
Knowledge is constantly evolving, and something you used to know may vary over time, confront the community as much as possible. - Avoid acting impulsively or based solely on your personal dislikes.
Everyone can have likes and dislikes, but this must not affect the community. Moderate with intelligence and reasoning, not with your personal emotions. If there’s something negative or that needs more attention about the team, please ping the community manager in the moderation room and explain detailedly what’s going on.
We value users’ contributions so, for this reason, every three months we will announce the most active members, who will obtain in their profile the mention of “ParrotOS Enthusiast”. Thanks to this, we will give our community more reference points.
Parrot Community Activities
This is something new for the ParrotOS community, we are proud to introduce periodic challenges and events to make our common place more vital and involved. So, as per the above-mentioned values, we designed these activities for you:
- ParrotOS Tutorial
A Tutorial video series showing how to use ParrotOS from the very basics to the most advanced tasks. Every two months live on Discord and available on our Youtube Channel. - Learn Linux and Security with ParrotOS
This is both for newbies and the experienced ones, we’re going to monthly use HTB Academy to teach and challenge you to train and improve your knowledge, whether you know Linux and Security or not.
Development workflow
Our development workflow is based on these following points and always tries to involve the entire development team (and interested contributors), so that everyone is constantly updated:
- Devs will write their code, make a first local test in order to resolve as much bugs as possible.
- Upload the first version (or an updated version through merge request in case of an application being updated) on GitLab. The Team Leader (or someone in charge) will analyze the code and approves the modifications.
- An open beta/internal beta campaign will be launched in order to investigate the code and find bugs/vulnerabilities.
- If bugs and vulnerabilities have been discovered, repeat the two previous steps until there are not critical and evident bug anymore.
- When the code is ready to be packaged, the Team Leader or someone in charge will accept the final modifications.
How to install ParrotOS
This guide will help you install ParrotOS (latest version) on your computer step-by-step through the default official installer: Calamares.
This guide applies to both the Security and Home Edition.
Any problems or missing details, please report it to the official Parrot forum.
Insert your installation media into your computer and through your BIOS settings start Parrot. A screen will appear with several options, including some more advanced.
Select Try/Install and press Enter.
Wait for the OS to load (few seconds).
Welcome in Parrot Live
Here you can test the OS in its entirety, then you can proceed with the installation.
Click on Install Parrot:
and the installer, Calamares, will start.
Let’s start!
The next step is selecting the system’s language. Choose your language and click on Next.
Then select your Region and Zone. Click on Next.
Now, you can select the keyboard layout. There are many variations available, and you can test them where its written “Type here to test your keyboard”.
Click on Next.
Parrot Security disk partitioning
We think guided partitioning for less experienced users is recommended, 40 GB or more is enough, unless your going to want to install a lot of programs or keep larger file on your hard drive.
Here you can decide whether to enable swap or not. For more information about swap:
https://www.kernel.org/doc/html/latest/power/swsusp.html
If you want, you can also encrypt the system by adding a passphrase:
Select the options that you think will be most useful to you and click on Next.
Creating a new user account
You will be asked to create a new user, for simplicity we have chosen a user. You can enter any name in here.
Remember that it is the password to access your OS account, we recommend you to create a long and complex one.
Then, click on Next.
Completing the installation process
Finally, a summary of the choices made during the procedure:
You can decide whether to change the chosen settings, and then go back, or proceed with the installation of the system. Click on Install.
Confirm by clicking Install now
And wait for the installation to complete!
With an SSD (Sata), it will take a few minutes.
Well done! You have successfully installed Parrot OS on your computer!
Login to Parrot for the first time
Enter your Password:
Welcome to Parrot! Congrats!
Dualboot with Windows
It’s possible to install ParrotOS alongside Windows, thanks to GRUB and a correct partitioning.
NOTE
Disable Secure Boot and CSM from UEFI settings in your machine.
After following the steps for setting the Parrot Installation before partitioning, the situation will be similar to this:
There are two ways for proceeding:
Method 1: Automated Partitioning
This is more way easier. You just have to select Install alongside then select /dev/sda3 within the bar, drag the bottom bar to resize the partition in order to assign the desired amount of space for ParrotOS, then click on Next and proceed with the installation.
Method 2: Manual Partitioning
This method gives the freedom to choose for ParrotOS the desired amount of space and the number of partitions wanted.
NOTE: The Security edition needs at least 40GB of space, Home edition needs at least 20GB of space (which has been used for this guide.). No Swap partition has been set because it has been used on an SSD.
Select Manual Partitioning then click on Next.
You’ll see something similar to this:
In detail:
- /dev/sda1 is the boot partition.
- /dev/sda2 is MSR (Microsoft Reserved partition).
- /dev/sda3 is where Windows 10 exists.
- /dev/sda4 is a hidden partition which contains Windows Files for Recovery.
This is the standard partitioning for Windows, which follows this exact order. Select /dev/sda3 then click on Edit.
This window will open up:
Here is possible to shrink/resize partitions (by dragging the bar or inserting the size in MiB), set flags and mount point.
Drag the bar or set the value for getting the desired partition size (in this case the total amount of the partition size is 60GB, and we dedicated 40GB to Windows, and thereby the remaining 20GB have been assigned to ParrotOS.) then click on OK.
This is the updated situation, after shrinking the Windows partition, an unallocated space of 20GB is available. Select it, then click on Create:
These are the settings for new partition, set the file system you want (ParrotOS uses BTRFS by default), set the mount point in / (root), then click on OK:
Now, the last step: Set up the boot partition.
Select /dev/sda1 and click on Edit:
Set the mount point in /boot/efi then click on OK:
This is the final situation, proceed with the installation by clicking on Next:
Install ParrotOS with WSL
Installing ParrotOS on Windows-Subsystem-Linux(henceforth WSL)
Note about Virtualized Machines
This is not indended, or supported to be ran within a Virtualized Windows Machine.
Any bugs or issues resulting from this are most likely not going to be fixed.
TL;DR, Virtualized Windows Machine – You’re on your own.
Installing WSL
If you already have WSL installed on your machine, you can skip this section.
Open up a Powershell as administrator(Right click -> Run As Administrator), and type wsl –install, if you see help text, that means you have WSL already installed, otherwise wait for the install to finish.
Running Parrot WSL
Manual Install
Download the .zip containing the needed files from https://www.parrotsec.org/download/, and extract it to a folder.
Double click launcher.exe and the installation window will pop up.
First, enter y or n to choose to install all the security tools,, or just the base image(this can be done later). Next, enter your username & password for your user account.
Your WSL “Hard Drive” will be created as a .vdhx in the folder you create the launcher from.
All updates can be performed via a standard apt upgrade/update. However if you wish to rerun the installer, you must run wsl –unregister ParrotOS, and rerun launcher.exe
Congrats, you now have a working WSL instance!
Windows Store
Coming soon….
Known Issues
Packages requiring SystemD(i.e. Powershell Empire) are not working on default installs.
This can be fixed however, by editing /etc/wsl.conf and adding
[boot]
systemd=true
And restarting your wsl instance.
Unknown Issues
Please open an issue in The WSL Gitlab Project for any bugs you encounter.
Install ParrotOS with Manual Partitioning
Now let’s focus on the Manual partitioning of ParrotOS using Calamares installer, which may be necessary for various purposes and needs.
Like the Dualboot with Windows, this method allows you to assign the desired size of the partitions and determine how many of them to create or edit.
Let’s see two use cases:
Case 1: Partitioning a disk with existing partitions
After following the steps for setting the Parrot Installation before partitioning, select Manual Partitioning then click on Next.
You’ll see something similar to this:
The partitions in detail:
- /dev/sda1 is the partition which contains EFI boot files.
- /dev/sda2 is the partition containing the existing OS.
To make ParrotOS work in a UEFI computer, at least three working partitions are needed:
- /boot/EFI – the folder containing the efi firware necessary to boot the system.
- / – the folder containing the entire system
- /home– the User data folder
NOTE
Disable Secure Boot and CSM from UEFI settings in your machine before doing any of the above descripted operations.
In a standard BIOS partition, at least two working partitions are needed:
- /
- /home
Now, let’s change the mount point for the necessary partitions. First, select /dev/sda1 and click on Edit
This window will appear, here is possible to shrink/resize partitions (by dragging the bar or inserting the size in MiB), set flags and mount point.
Set up the partition as you can see below, then click on Ok.
Now select /dev/sda2 and click on Edit.
Drag the bar or set the value for getting the desired partition size (in this case the total amount of the partition size is about 124GB, and we dedicated about 70GB to Windows, and thereby the remaining 50GB have been assigned to ParrotOS.) then click on OK.
NOTE
Parrot Home needs at least 20GB of space, while Parrot Security needs at least 40GB of space. Home Edition will be installed in this guide.
Now select the Free Space and click on Create.
Now let’s create the / – root partition, set it up as it appears below then click on Ok:
Now, the last partition, /home. Select the remaining Free Space then click on Create:
Set up the partition as it appears below then click on Ok:
Now all the partition are properly configured, proceed with the installation by clicking on next.
After this, proceed with the final steps of the installation by clicking on Next .
Case 2: Partitioning an empty disk
After following the steps for setting the Parrot Installation before partitioning, select Manual Partitioning then click on Next.
Since the hard drive is empty, the space will appear unallocated. Let’s create a new partition table by clicking on New Partition Table
A dialogue window will appear asking the desired partition table type, keep the default value (GPT) and click Ok
Select the Free Space and click on Create
From here, it’s possible to create and edit partitions. Let’s create the first one, /boot/EFI – the folder containing the efi firware necessary to boot the system. by following three simple steps:
- Click on the Mount Point drop-down list, and set it on /boot/EFI
- Click on File System drop-down list, set it on fat32
- On the Size text field, write 200MiB, then click on OK
At this stage, the partition table will result like this:
Now select again the Free Space and click on Create, let’s create * / – the folder containing the entire system
From the partition setup window, set the partition Size to 20753MiB, the File System to btrfs and the Mount Point to /, then click on Ok
NOTE
Parrot Home needs at least 20GB of space, while Parrot Security needs at least 40GB of space. Home Edition will be installed in this guide.
Now, the partition table looks almost complete:
Finally, let’s create /home– the User data folder with the remaining Free Space. Select it and click on Create
As the setup window appears, setup File System as Btrfs and Mount Point as /home. When finished, click on Ok
Now the partitioning is completed, proceed with the installation by clicking on Next.
ParrotOS on Raspberry Pi
This version is available in all the variants offered by Parrot: Core, Home and Security editions.
Installation process
To proceed with the installation, you will need to get a microSD card of at least 8 GB (the Core edition however can also be installed on a 4 GB microSD).
NOTE
This procedure applies to any edition of Parrot on Raspberry Pi. Currently ParrotOS has been successfully tested on a Raspberry Pi 3B, 4B, 400, and 5.
Now, download the ParrotOS edition of your choice from our website.
Then, insert the micro sd into your computer, and in the meantime, download the Raspberry Pi Imager or Balena Etcher. We will need one of these two to install the system in the microSD.
Click on Choose OS and select Use custom.
Now a window will open where you can select the downloaded ParrotOS edition. It is a compressed img.xz file.
Then select your micro sd by clicking on Choose Storage.
Everything is ready, click on Write and the writing procedure on the micro sd will start. Once finished, you can insert your microSD into your Raspberry Pi. Enjoy!
For any questions and/or problems, we kindly ask you to contact us through our social channels.
Installing ParrotOS on VirtualBox
This guide will cover the following steps:
- Create a new Virtual Machine
- Create a new Virtual disk (VDI, dynamic allocation etc…)
- Modifying VirtualBox settings (allocating physical and Video memory, selecting OS Type, CPU acceleration etc.)
- Loading Parrot Security ISO
- Booting Parrot Security ISO (initial info, location, timezone etc.)
- Parrot Security disk partitioning
- Finalizing installation and running Parrot Security on VirtualBox.
Things you need to install
If the OS you are using is Windows or MacOS, here is the link to the VirtualBox installer.
On GNU/Linux it is the same, but you can install it via CLI:
sudo apt install virtualbox
Follow the same steps EXACTLY to install and run Parrot via VirtualBox in your machine.
Step 1 – Create a new Virtual Machine
Before proceeding, make sure you have successfully installed VirtualBox. On GNU/Linux you can check this by opening a terminal and typing virtualbox and/or the icon to start VirtualBox will be visible in the menu. For other operating systems there will be a similar icon to start it.
Once you’ve installed VirtualBox:
- Open it.
- Click on New to create a New Virtual Machine.
Step 1.1 – Enter a name for your Virtual Machine
Enter Parrot Security as the name. Load Parrot Security ISO (click on the arrow at your right, and search for the ISO in the download folder.) and proceed, Type and Version will be detected automatically.
Important: if your disk size is mismatched, you might have a corrupt disk. Refer to Parrot Security chapter through this documentation for size related info. You can also do a SHA1 check to ensure your disk is not corrupted.
Step 1.2 – Allocate RAM and CPU
The OS can run on machines with 512 MB of RAM and 2 cores, but at least 2 GB and 2 cores are strongly recommended for both Parrot Security and Home Editions.
Choose the best setting for your machine, check “Enable EFI” checkbox and click Next.
Step 1.3 – Create a Virtual Hard Drive
On the next screen select Create a Virtual Hard Disk Now. Set the disk size at 20 GB for Home Edition and 40 GB for Security Edition
This will create a Dinamically Allocated Disk, if you want to have the entire disk size, check “Pre-Allocated Full Size“
Click Next and proceed.
Double-check your settings in the screen similar to this and click Finish
Step 2 – Modify VirtualBox settings
So far, we’ve done the following, checklist for you:
- Created a New Virtual Machine
- Created Virtual Hard disk
- Fiddled with disk properties, type and size.
At this point you should see the following screen:
Step 2.1 – Enable shared Clipboard and Drag ’n’ Drop feature
Select General > Advanced TAB and change Shared Clipboard and Drag ’n’ Drop to Bidirectional. This will allow you to copy paste files from your HOST machine on the fly. Confirm by clicking OK.
Step 2.2 – Update number of Processors and enable PAE/NX
As we already said, 2 cores works well. With 4, 6, and so on, performance will be much better.
You should not configure virtual machines to use more CPU cores than are available physically. This includes real cores, with no hyperthreads. See processor tab on VirtualBox website.
Check the box for Enable PAE/NX.
Step 2.3 – Update Virtual Motherboard options
Select System > Motherboard, un-check Floppy (who has a floppy anymore?) and check the box to Enable I/O APIC.
Note that you can change base memory allocation in the same screen. We’ve set it to 2048 MB previously. If your machine got 8.00 GB RAM, it means that you can allocate a lot more to make Parrot Security respond faster as a virtual machine.
If you feel your Virtualized Parrot Security is slow, you should increase this Base Memory allocation.
The calculations are as follows:
- 1.00 GB = 1024 MB
- 2.00 GB = 2048 MB
- 3.00 GB = 3072 MB
- 4.00 GB = 4096 MB
and so on.
Multiply 1024 with the amount of Memory/RAM you want and put the value here.
Step 2.4 – Allocate Video memory and 3D acceleration
Select Display > Screen > set Video Memory to 128 MB. This allows for a good responsive desktop environment.
Also check the box for Enable 3D Acceleration.
If you have more than one monitor, you can change your settings here too.
Step 2.5 – Update Parrot Security ISO Loading Settings
Select Storage > Controller: IDE and highlight Empty CD icon. Now on your right, you should be able to click on the little CD icon (it should be CD/DVD Drive: IDE Secondary Master already, if not change it) and select your downloaded ISO.
Once you select your downloaded ISO (in this case, it’s Parrot Security 6.0 ISO. See the properties and information’s changes accordingly.
NOTE
if you want to test Parrot in live mode, check the “Live CD/DVD” box
Step 3 – Select Network connection type
If your computer is connected to the internet, select NAT on Network > Adapter 1. You can enable more network adapters if you feel you want to do so.
Step 3.1 – Enable USB 2.0 and 3.0 Controllers
Firstly, make sure you have installed the extension pack, or you will not be able to enable USB 2.0 and 3.0 controllers.
If you have not installed it, you can download it here
Then go to files > preferences > extensions, on the right there will be a + button where you can install the extension.
In GNU/Linux, you could also install it from the terminal with sudo apt install virtualbox-ext-pack
Once installed, it will enable VirtualBox Remote Desktop Protocol (VRDP) support and Host webcam passthrough support.
Step 4 – It’s all set up?
Finally, by clicking on your new virtual machine, this is what you should see:
You can always change the configuration the way you prefer.
Step 5 – Booting Parrot Security ISO
From VirtualBox Main Screen, click on Start and boot Parrot Security.
Step 5.1 – choose Install
From VirtualBox Main Screen, it will boot Parrot Security, click in the Virtual Machine, select Try/Install and then click Enter.
Step 5.2 – Choose the default Installer (Calamares)
Here you can test the OS in its entirety, then you can proceed with the installation.
Click on Install Parrot:
and the default installer, Calamares, will start.
Step 5.3 – Select language
In this example we have chosen American English. Click on Next.
Step 5.4 – Select location
Here we have selected America and New York zone. Click on Next.
Step 5.5 – Select keyboard layout
Select the layout that best suits your keyboard, you can also test the keyboard’s key where it says type here to test your keyboard. Click on Next.
Step 5.6 – Parrot Security disk partitioning
As this is all Virtualized, you can choose anything you want to.
We think that guided partitioning for less experienced users is recommended, 40 GB or more are enough, unless you are going to install a lot more programs or keep more files on your hard drive.
Here you can decide whether to enable swap or not. For more information about swap:
https://www.kernel.org/doc/html/latest/power/swsusp.html
If you want, you can also encrypt the system by adding a passphrase:
Step 5.7 – Creating a new user account
You will be asked to create a new user, for simplicity we have chosen a user. You can enter any name in here.
Then, click on Next
Step 6 Completing the installation process
Finally, a summary of the choices made during the procedure:
You can decide whether to change the chosen settings, and then go back, or proceed with the installation of the system. Click on Install.
Confirm by clicking Install now
And wait for the installation to complete!
With an SSD (SATA), it takes a few minutes.
Well done! You have successfully installed ParrotOS on your computer!
Step 7: Login to Parrot Security for the first time
Enter your Password:
You just installed Parrot Security! Congrats!
Introduction to Virtualbox Guest Additions
The Guest Additions are designed to be installed inside a virtual machine after the guest operating system has been installed. They consist of device drivers and system applications that optimize the guest operating system for better performance and usability.
Features of Virtualbox Guest Additions
- Mouse pointer integration
- Pressing the Host key is no longer required to “free” the mouse from being captured by the guest OS.
- Shared folders
- Shared folders between Host and Parrot.
- Better video support
- While the virtual graphics card which VirtualBox emulates for any guest operating system provides all the basic features, the custom video drivers that are installed with the Guest Additions provide you with extra high and non-standard video modes as well as accelerated video performance.
- (Generally used for changing monitor resolution)
- Seamless windows
- With this feature, the individual windows that are displayed on the desktop of the virtual machine can be mapped on the host’s desktop, as if the underlying application was actually running on the host.
- Generic host/guest communication channels
- The Guest Additions enable you to control and monitor guest execution in ways other than those mentioned above. The so-called “guest properties” provide a generic string-based mechanism to exchange data bits between a guest and a host, some of which have special meanings for controlling and monitoring the guest.
- Time synchronization
- Synchronize date and time from host to Parrot.
- Shared clipboard
- Shared clipboard from host to Parrot.
For more infomations, check the VirtualBox manual.
Guest Additions Installation(s)
Method 1 (Easiest)
- Open a terminal and update your packages list from the repository with
sudo apt update
- Install the Guest Additions from Parrot OS repository with
sudo apt install virtualbox-guest-utils
- And install the last package with
sudo apt install virtualbox-guest-x11
- When the installation is completed, you can reboot your machine with
sudo reboot
- Check if Guest Additions are correctly installed by running
sudo /usr/sbin/VBoxService -V
Method 2 (From ISO)
- On Virtual Machine menu bar, select Devices > Insert Guest Additions CD image….
- VirtualBox will not automatically find the Guest Additions, instead it will ask you to download them (Click on Download). We recommend adding an additional secondary optical drive, because once the guest additions are downloaded, they will be mounted on a second drive.
Click on “insert“. If it returns an error (maybe it can’t mount the iso you just downloaded, then turn off the virtual machine, and return to the main VirtualBox screen, go to Setting > Storage, here add another optical drive and make sure it is secondary so as not to give problems in booting the distro).
- Then go to the Guest Addition ISO folder, open a terminal and type
sudo chmod +x VBoxLinuxAdditions.run
Once done, execute
sudo ./VBoxLinuxAdditions.run
- Wait for the installation to finish. Once completed, reboot the virtual machine with
sudo reboot
How to install ParrotOS on VMware
It is possible to use the OS on VMware in all its editions (Workstation Player, Workstation Pro and also on MacOS, Fusion Player and Fusion Pro).
This guide will allow the user to create a Virtual Machine on VMware Workstation Player. Since the other editions are extensions of the free version of Workstation Player, in the setup and installation procedure, not much will change.
Follow this step by step guide, it will go from installing VMware to creating the Virtual Machine.
Step 1 – Download & install VMware Workstation
Once you have downloaded VMware from the official website, go to the folder where you downloaded it, and open a terminal. Give execution permissions with
sudo chmod +x ./VMware-Workstation-$edition-$architecture.bundle
and then, again from the terminal, start it:
sudo ./VMware-Workstation-$edition-$architecture.bundle
the installer will complete the installation operation and in the Parrot menu you will find your VMware edition ready for use.
Step 2 – Create a new Virtual Machine
Go to the File tab, and click on Create a New Virtual Machine
A new “Virtual Machine Wizard” window will open which will guide you to create the VM, select Use ISO image and enter the path of the Parrot iso you downloaded in our website, then click on Next button:
NOTE
VMware’s automatic recognizer will recognize the system as Debian 5 64-bit, this is incorrect and not a problem, it can be changed very easily in the next steps.
Select the type of operating system you are installing on your VM (then Linux, Debian 10 64-bit), so give the Virtual Machine a name:
and click on Next.
Based on the Parrot edition downloaded, it is advisable to consult the minimum system requirements, generally 20 gb for a Virtual Machine may be fine for the Home Edition, but for a more complete edition such as the Security Edition, at least 40 gb of dedicated space are recommended.
The next screen will make a summary of the technical specifications of the newly created Virtual Machine. At least 4 GB of RAM is recommended. It is possible to customize other aspects of the VM by clicking on Customize Hardware.
Step 3 – Install Parrot on your Virtual Machine
The Virtual Machine is ready to use, just start it and grub will start with the various modes to run Parrot.
From here on, follow the usual installation procedure to install Parrot on your VM.
Use ParrotOS on your Mac M1/M2 via UTM
The OS is also available to be virtualized on Apple platforms with M1/M2/M3(and its variants) CPUs. Specifically, Parrot can be used through the open source UTM software.
Once you download and install UTM, you will see this screen:
The format we provide to users has the .utm extension, so it is already compatible with UTM itself, which is why, once you download the file from our website, all you have to do is go to the folder where you downloaded Parrot and extract the .utm file.
After correctly extracting the .utm file, simply drag and drop it inside UTM.
the OS will be immediately recognized and by clicking on the Play icon you can immediately use Parrot in your system with MacOS.
Parrot Software Management
In this chapter, we will introduce the apt package manager for Parrot. A program is a series of instructions written in programming languages such as C, Go, Nim or Rust (to name a few). These instructions are stored in text files called sources. To work in our systems, they must be converted to machine language. This step is called compilation. The compilation generates one or several files, understandable by the system, called binaries.
The user does not need to compile the sources of each program as the developers are responsible for compiling and generating the respective binaries. A program can carry not only the executable but a series of files. The developers combine such software into a file called a package. Two of the most well-known are .rpm packages and .deb packages. .rpm was developed by Red Hat and .deb by Debian. Parrot uses the .deb format.
To compile programs, often 3rd party libraries and other programs are necessary. If we tried to compile a program that had dependencies with other libraries and other programs, we would install these “dependencies” before its compilation. Likewise, if we want to install a binary we will need to have installed the necessary dependencies for its correct operation.
To manage these dependencies and the package installation, package managers have been created. There are numerous package managers, some graphical and others via the command line. In this chapter, we will see one of the most famous, created by the Debian developers, and the one used by Parrot: apt.
The main functions of a package manager must be:
- Software searching
- Software installation
- Software update
- System update
- Dependency management
- Software removal
The package manager must check in a given location (it can be a local directory or a network address) for the availability of such software. The locations are called repositories. The system maintains configuration files to check repository locations.
List of Repositories
Although in Parrot it is not necessary (nor recommended) to add new repositories or modify existing ones, we will see where we can configure them. In the file system, under the path /etc/apt/sources.list.d, we find the file parrot.list. The content of this file should be:
stable repository
deb http://deb.parrot.sh/parrot lory main contrib non-free non-free-firmware #deb-src http://deb.parrot.sh/parrot lory contrib non-free non-free-firmware
With this, we make sure we have the correct repository list. In this location the Parrot developers keep the packages updated.
Package Manager
The Parrot package manager is apt. Amongst other things,this manager is responsible for installing packages, checking dependencies, and updating the system. Let’s see what we can do with it. We will see the most common options below. For more in-depth instructions, view the man pages for each of the following commands: apt, apt-cache, dpkg, etc…
Search for a package or text string:
apt search <package/text_string>
Show package information:
apt show <package>
Show package dependencies:
apt depends <package>
Show the names of all the packages installed in the system:
apt list –installed
Install a package:
apt install <package>
Uninstall a package:
apt remove <package>
Delete a package including its configuration files:
apt purge <package>
Delete automatically those packages that are not being used (be careful with this command, due to apt’s hell dependency it may delete unwanted packages):
apt autoremove
Update the repositories information:
apt update
Update a package to the last available version in the repository:
apt upgrade <package>
Update the full distribution. It will update our system to the next available version:
sudo parrot-upgrade
Clean caches, downloaded packages, etc:
apt clean && apt autoclean
These are just some examples. If more information is required, you should check the manual page (man apt).
Install Nvidia GPU Driver
Initially, Parrot uses the Nvidia nouveau open source drivers, since they support most Nvidia cards. These guarantee good stability and allow you to use your gpu without problems for everyday use.
However, it may be necessary to use other drivers that give greater compatibility with different software and make the most of your GPU. For this reason, you can install Nvidia’s official (closed source) drivers.
You have two ways to install, either via the Parrot repository or from the official Nvidia website.
NOTE
Please note the driver installation and configuration may be different for laptop or desktop computers. For example, the user could have a CPU with an iGPU (integrated GPU) and a dGPU (dedicated GPU). The user must choose which to use based on the context.
The differences will be highlighted in this document.
Every step described here has been tested, so it is highly recommended that you read everything in this document very carefully.
Install the driver via the Parrot repositories
If you don’t know your GPU model, open the terminal and type this command:
lspci | grep VGA
It will show your GPU model and its architecture. For further information use:
inxi -F
This will show your computer information, including the GPU model and also the type of driver used.
Once you have ascertained that you are using the nouveau driver and you want to use the proprietary driver instead, for reasons of driver conflict, you must first disable the nouveau driver.
sudo nano /etc/modprobe.d/blacklist-nouveau.conf
Add the following lines and save the file.
blacklist nouveau
options nouveau modeset=0
alias nouveau off
Once the file has been saved, proceed with the installation of the Nvidia driver using the following command:
sudo apt update && sudo apt install nvidia-driver
NOTE
From kernel 5.16, for compatibility problems, it may be necessary to install the drivers with the following command:
sudo apt install nvidia-driver -t lory-backports
This completes the installation, but we recommend that you check that everything went well. To do this, you can use the official utility from Nvidia called nvidia-smi.
Install it by running:
sudo apt install nvidia-smi
Start it with the following command:
nvidia-smi
In addition, the settings manager will be automatically installed together with the drivers. From here you can change parameters such as the resolution and refresh rate of your monitor.
Nvidia Driver on a computer with iGPU and dGPU
Most modern computers come with an integrated video card in the CPU (iGPU, like an Intel Graphic Card or AMD in most cases) and a dedicated video card (dGPU, Nvidia).
In this guide we’ll deal with the drivers for both video cards and show how to switch between them.
Step 1 – Install NVIDIA Drivers and CUDA Toolkit
Open a terminal window and type:
sudo apt update
sudo apt install bumblebee-nvidia primus-nvidia primus-vk-nvidia nvidia-smi nvidia-cuda-dev nvidia-cuda-toolkit
Wait for the installation to proceed. When a warning notifying nouveau driver conflicting with nvidia driver appears, click ok:
Step 2 – Blacklist Nouveau
NOTE
if you have already followed the nvidia installation via the Parrot repo you can go to step 3.
After the installation has finished, it’s time to blacklist the nouveau driver in order to make the nvidia driver work.
In the terminal, type:
sudo nano /etc/modprobe.d/blacklist-nouveau.conf
And add:
blacklist nouveau
options nouveau modeset=0
alias nouveau off
Save the file and reboot.
Step 3 – Configure Bumblebee
Now it’s time to tell bumblebee which driver should be used.
In the terminal open bumblebee.conf:
sudo nano /etc/bumblebee/bumblebee.conf
Look for the string Driver= and add nvidia, then look for the string KernelDriver= and add nvidia-current.
Save the file and reboot.
Step 4 – Testing the Drivers
Open a terminal and type:
watch nvidia-smi
In a new terminal enter the following command:
optirun hashcat -b -d 1
The result should be similar to this:
In nvidia-smi interface, hashcat should appear running using your Nvidia video card.
NOTE
Launching application with primusrun will use PRIMUS Technology, while using optirun will use VirtualGL.
Install the driver from the official Nvidia website
As mentioned at the beginning of this document, drivers can also be installed from Nvidia website.
You can download the latest driver directly from here, where there are also older drivers for old GPUs.
OR
Select the model of your GPU, the operating system (Linux 64 bit) and the branch here.
From the Nvidia website:
“Production Branch: Production Branch drivers provide ISV certification and optimal stability and performance for Unix customers. This driver is most commonly deployed at enterprises, providing support for the sustained bug fix and security updates commonly required.
New Feature Branch: New Feature Branch drivers provide early adopters and bleeding edge developers access to the latest driver features before they are integrated into the Production Branches.”
Click on download, and a file with this name will be downloaded:
NVIDIA-Linux-x86_64-<driver version>.run (about 260 mb)
To avoid conflicts with the X graphics server, we will have to use Parrot without a graphical interface (we will have to drop to Runlevel 3).
We can do this simply via systemd, with the systemctl command:
sudo systemctl set-default multi-user.target
NOTE
If by any chance you want to go back and reuse Parrot with MATE, use the following commands:
sudo systemctl set-default graphical.target
reboot
To avoid conflicts with the installation of the new driver, remember to blacklist the nouveau driver:
sudo nano /etc/modprobe.d/blacklist-nouveau.conf
Add these lines then save the file:
blacklist nouveau
options nouveau modeset=0
alias nouveau off
Run the following command to regenerate the initramfs image.
sudo update-initramfs -u
The last step is to disable nouveau drivers by rebooting the machine:
reboot
Now navigate to the folder where you downloaded the .run file and give it execute permissions:
sudo chmod +x NVIDIA-Linux-x86_64-<driver version>.run
NOTE
If you don’t remember what chmod does, it is recommended that you read the File and Directory permissions document.
After that you can start the .run file:
sudo ./NVIDIA-Linux-x86_64-<driver version>.run
The installation wizard process will start and the drivers will be installed along with all utilities (including Nvidia Driver X Settings).
Return to MATE via the command:
sudo systemctl set-default graphical.target
You will go from Runlevel 3 to Runlevel 5, and finally you will be able to use the nvidia driver.
To verify that everything went well, start nvidia-smi (already installed through .run file):
nvidia-smi
Notice that in this case the latest Nvidia (470.57.02) driver was installed.
AppArmor
AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited.
AppArmor security policies completely define what system resources individual applications can access, and with what privileges. Several default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.
Check if AppArmor is installed
AppArmor and it’s profiles should already be enabled and running on Parrot OS. To check if AppArmor is active do:
sudo aa-status –enabled; echo $?
The output should return 0. Alternatively run the following command to see the loaded AppArmor profiles:
sudo aa-status
If for any reason AppArmor is not pre-installed, continue reading below.
Install AppArmor
sudo apt install apparmor apparmor-utils auditd
apparmor = main package
apparmor-utils = utilities for controlling apparmor profiles
auditd = automatic profile generation tools
To enable AppArmor run the following commands:
sudo mkdir -p /etc/default/grub.d
echo ‘GRUB_CMDLINE_LINUX_DEFAULT=”$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor”‘ | sudo tee /etc/default/grub.d/apparmor.cfg
sudo update-grub
sudo reboot
Then run the following command to inspect the current state:
sudo aa-status
This will list all loaded AppArmor profiles for applications, processes and detail their status (enforced, complain, unconfined).
For example, to check what is enforce mode, run the following command:
ps auxZ | grep -v ‘^unconfined’
To install profile, run the following command:
sudo apt install apparmor-profiles apparmor-profiles-extra
AppArmor profiles live in /etc/apparmor.d/. You can use apparmor_parser(8) to insert them into the kernel. This is done automatically when installing packages that drop policy in /etc/apparmor.d/.
For example, to set all “extra” profiles (provided in the apparmor-profiles package) to complain mode (except deny rules that are silently enforced, security policy is not enforced and access violations are logged), do the following:
cd /usr/share/doc/apparmor-profiles/extras
cp -i *.* /etc/apparmor.d/
for f in *.*;
do aa-complain /etc/apparmor.d/$f;
done
To set these profiles to enforce mode, use aa-enforce instead of aa-complain. Beware though: many of these profiles are not up-to-date and will break functionality in enforce mode (and possibly even in complain mode); enforce them only if you’re ready to improve them upstream.
Disable AppArmor
First, you can disable individual profiles with aa-disable. But if you want to entirely disable AppArmor on your system, run:
sudo mkdir -p /etc/default/grub.d
echo ‘GRUB_CMDLINE_LINUX_DEFAULT=”$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0″‘ | sudo tee /etc/default/grub.d/apparmor.cfg
sudo update-grub
sudo reboot
Debug AppArmor
The aa-notify command, from the apparmor-notify package, is able to provide a desktop notification whenever a program causes a DENIED message in /var/log/kern.log. Grant yourself read permissions for /var/log/kern.log by joining the adm group:
sudo adduser “$USER” adm
Then aa-notify should automatically start the next time you login (using /etc/xdg/autostart/apparmor-notify.desktop). If it doesn’t, start it manually:
aa-notify -p
If you use auditd, you should start aa-notify in this way:
sudo aa-notify -p -f /var/log/audit/audit.log
Diagnose if a bug might have been caused by AppArmor
The apparmor-utils package provides many useful commands to debug AppArmor. Find out if AppArmor is enabled through cat command:
cat /sys/module/apparmor/parameters/enabled
This will return Y if true.
Find out which profiles are enabled
sudo aa-status
The command above will list all loaded AppArmor profiles for applications and processes and detail their status (enforced, complain, unconfined). And,
ps auxZ | grep -v ‘^unconfined’
will list running executables which are currently confined by an AppArmor profile. Sometimes, it’s useful to disable a profile and to test again if the bug persists:
sudo aa-disable /etc/apparmor.d/$profile
e.g. sudo aa-disable /etc/apparmor.d/usr.bin.pidgin.
You can re-enable the profile in this way:
sudo aa-enforce /etc/apparmor.d/$profile
Verify the logs
sudo tail -f /var/log/syslog | grep ‘DENIED’
or (if auditd is installed):
sudo tail -f /var/log/auditd/auditd.log | grep ‘DENIED’
The “DENIED” lines should provide more information on what concrete process or access to the file system has been denied. Output a list of processes with tcp or udp ports that do not have AppArmor profiles loaded:
sudo aa-unconfined
also possible with the –paranoid parameter.
Profiles in complain mode will send ALLOWED lines in the logs for entries that would normally be DENIED in enforce mode. You can use this to tweak configurations before turning them on in enforce mode.
Hash and key verification
Why should anyone verify keys and signatures?
Most people — even programmers — are confused about the basic concepts underlying digital signatures. Therefore, most people should read this section, even if it looks trivial at first sight.
Digital signatures can both prove authenticity and integrity to a reasonable degree of certainty. Authenticity ensures that a given file was indeed created by the person who signed it (i.e. that it was not forged by a third party). Integrity ensures that the contents of the file have not been tampered with (i.e. that a third party has not undetectably altered its contents en route).
Digital signatures cannot prove any other property (e.g. that the signed file is not malicious). There is nothing that could stop someone from signing a malicious program (and it happens from time to time in reality).
The point is that we must decide who we will trust (e.g. Linus Torvalds, Microsoft, or the Parrot Project) and assume that if a given file was signed by a trusted party, then it should not be malicious or negligently buggy. The decision of whether to trust any given party is beyond the scope of digital signatures. It’s more of a sociological and political decision.
Once we decide to trust certain parties, digital signatures are useful, because they make it possible for us to limit our trust only to those few parties we choose and not to worry about all the bad things that can happen between us and them, e.g. server compromises (parrotsec.org will surely be compromised one day, so don’t blindly trust the live version of this site), dishonest IT staff at the hosting company, dishonest staff at the ISPs, Wi-Fi attacks, etc.
By verifying all the files we download that purport to be authored by a party we’ve chosen to trust, we eliminate concerns about the bad things discussed above, since we can easily detect whether any files have been tampered with (and subsequently choose to refrain from executing, installing, or opening them).
However, for digital signatures to make any sense, we must ensure that the public keys we use for signature verification are indeed the original ones. Anybody can generate a GPG key pair that purports to belong to the “Parrot OS” but of course only the key pair that we (i.e. the Parrot Team) generated is the legitimate one. The next section explains how to verify the validity of the ParrotOS signing keys in the process of verifying a Parrot OS ISO. However, the same general principles apply to all cases in which you may wish to verify a PGP signature, such as verifying repositories, not just ISOs.
Fetch the key and Verify the repositories
Optional: Complete the steps below if unfamiliar with GnuPG or if they haven’t already been performed. This will fix eventual GPG: WARNING: unsafe ownership warnings.
1. Firstly, make sure that you have GnuPG initialize your user data folder
2. Set warning free permissions
chmod –recursive og-rwx ~/.gnupg
3. Get the ParrotOS key
wget -q -O – https://deb.parrotsec.org/parrot/misc/parrotsec.gpg | gpg –import
Warning: Checking the GPG signature timestamp makes sense. For example, if you previously saw a signature from 2018 and now see a signature from 2017, then this might be a targeted rollback (downgrade) or indefinite freeze attack.
ISO Verification
md5sum hash verification
After you obtained the ISO of your choice go here: https://download.parrot.sh/parrot/iso/6.0/signed-hashes.txt to see the signed hashes.
On the first section where it says “MD5” find the hash that matches your downloaded ISO.
For the purpose of this tutorial we will use Parrot-home-6.0_amd64.iso.
Now open a terminal window and run the following command:
md5sum Parrot-home-6.0_amd64.iso
Compare the hash (the alphanumeric string on left) that your machine calculated with the corresponding hash on the page signed-hashes.txt linked above.
An easy way to do this is to open the page “signed-hashes.txt” in your browser, then copy the hash your machine calculated from the terminal into the “Find” box in your browser (in Firefox you can open the “Find” box by pressing CTRL + F).
When both hashes match exactly then the downloaded file is almost certainly intact. If the hashes do not match, then there was a problem with either the download or a problem with the server. You should download the file again from either the same mirror, or from a different mirror if you suspect a server error. If you continuously receive an erroneous file from a server, please be kind and notify the parrot team of that mirror so we can investigate the issue.
Other hashes
The method for other hashes such as SHA256 or SHA512 is exactly the same with the above guides only instead of md5 you must use the proper hash you want. Let’s make an example:
sha512sum Parrot-home-6.0_amd64.iso
Assistive Technologies
Onscreen Keyboard
To enable the onscreen keyboard please follow these steps.
From the top panel menu:
Or from the bottom panel’s searchbar write Assistive Technologies
Then
Enable assistive technologies -> click on Preferred Applications -> select Onboard keyboard -> Run at start.
Desktop Enviroments
From version 5.0 LTS, ParrotOS is available with the default MATE Desktop Environment (DE) for all editions (Home, Security). However, other desktop environments like XFCE, KDE, etc… can be installed. Each DE has its peculiarity, but we recommend trying them out before deciding what to install (keep in mind that you can install multiple DEs on one OS).
In particular, with the Architect Edition it is possible to install almost all available DEs (such as GNOME, for example).
Being a graphical interface through which the user can interact with the operating system, the possibilities to modify the various components of the DE are many. Each of the following DE gives the possibility to be customized according to one’s tastes.
The differences between all DEs mainly concern the graphical interface, any software is equally available through the Parrot repositories regardless of the DE used.
Feel free to download the edition that is useful to you!
INSTALL A DESKTOP ENVIROMENT
It may be useful to know that the user can install more DE on their Parrot, just type in a terminal:
sudo apt update && sudo apt install parrot-desktop-<desktop environment>
then restart your computer. In the login session you can change DE by clicking on the white dot ⚪️ (it’s the “default session”) and change DE. You can now use the newly installed DE with all the tools and configurations already present previously.
TRIM on SSD
SSD Trim allows the drive to check and delete data blocks no longer needed. This means that the drive is always ready to write new data when the old ones are being deleted and that block containing the data is no longer busy.
In order to set up SSD Trim, open the terminal and follow these steps:
- Identify your drive first and check if your drive supports the Trim:
$ sudo fdisk -l
$ sudo hdparm -I /dev/sdx
NOTE
If it’s supported, the output should contain this: Data Set Management TRIM supported
- Backup your fstab to a location of your choice
$ sudo cp /etc/fstab /opt/fstab.bak
- Edit fstab
$ sudo pluma /etc/fstab
The file should result like this:
NOTE
The UUIDs listed below are only examples.
UUID=1cd2fc4f-7d99-4c7a-8ea7-6f9a2d5e5960 / ext4 errors=remount-ro 0
Attach discard, before errors=remount-ro and the final result should be this:
UUID=1cd2fc4f-7d99-4c7a-8ea7-6f9a2d5e5960 / ext4 discard,errors=remount
Docker images for ParrotOS
Docker is a powerful technology that allows users to run containers universally on any host platform.
Docker uses template images, and allows the user to start several instances of the same template, destroy them, or build new custom templates on top of them.
Parrot uses docker to allow its users to use its vast arsenal of tools on any platform supported by docker.
Available Templates
Whether you want to have a container full of tools, or several smaller containers with a tiny selection of tools, or even a clean Parrot environment to build yor custom stack on, this is the right place where to learn how to take advantage of the Parrot Docker workspace.
parrotsec/core
Core system with just the Parrot basics. You can use it as a start point to create your custom containers.
This image is multiarch, and works for amd64, arm64 and armhf architectures
launch the container:
docker run –rm -ti –network host -v $PWD/work:/work parrotsec/core
parrotsec/security
This container includes a huge collection of tools that can be used via command line from inside a docker container.
Some tools with graphical interface were excluded for obvious reasons.
This container ships with the following metapackages:
- parrot-cloud
Launch the container:
docker run –rm -ti –network host -v $PWD/work:/work parrotsec/security
Individual Parrot Tools
This is a curated selection of smaller docker containers that contain only specific tools, alone or in cherry-picked collections.
Containers with shared tools are stacked on top of each other (when possible) to minimize storage waste and maximize layers reuse.
available templates:
parrotsec/nmap
based on parrot.run/core provides the following packages:
- nmap
- ncat
- ndiff
- dnsutils
- netcat
- telnet
usage:
docker run –rm -ti parrotsec/nmap <nmap options>
examples:
docker run –rm -ti parrotsec/nmap -F 192.168.1.1
docker run –rm -ti parrotsec/nmap -Pn 89.36.210.176
parrotsec/metasploit
based on parrot.run/nmap:latest provides the following packages:
- nmap
- metasploit-framework
- postgresql
usage:
docker run –rm -ti –network host -v $PWD/msf:/root/ parrotsec/metasploi
parrotsec/set
based on parrot.run/metasploit:latest provides the following packages:
- set
usage:
docker run –rm -ti –network host -v $PWD/set:/root/.set parrotsec/set
parrotsec/beef
based on parrot.run/core provides the following packages:
- beef-xss
usage:
docker run –rm –network host -ti -v $PWD/beef:/var/lib/beef-xss parrotsec/beef
parrotsec/bettercap
based on parrot.run/nmap provides the following packages:
- bettercap
usage:
docker run –rm -ti –network host parrotsec/bettercap
parrotsec/sqlmap
based on parrot.run/nmap provides the following packages:
- sqlmap
usage:
docker run –rm -ti parrotsec/sqlmap <sqlmap options>
example:
docker run –rm -ti parrotsec/sqlmap -u parrotsec.org –wizard
Docker usages, instructions and examples
Launch a container
docker run –name pcore-1 -ti parrot.run/core
NOTE
the pcore-1 name is arbitrary and can be customized.
Stop the container
docker stop pcore-1
Resume a previously-stopped container
docker start pcore-1
Remove a container after use
docker rm pcore-1
List all the instantiated containers
docker ps -a
Start multiple containers
on terminal 1:
docker run –name pentest1 -ti parrot.run/security
on terminal 2:
docker run –name pentest2 -ti parrot.run/security
on terminal 3:
docker run –name msf-listener -ti parrot.run/metasploit
Remove all the containers
docker rm $(docker ps -qa)
Start a container and automatically remove it on exit
docker run –rm -ti parrot.run/core
Use Volumes to share files with the host:
It is a good practice to not keep persistent docker containers, but to remove them on every use and make sure to save important files on a docker volume.
The following command creates a work folder inside the current directory and mounts it in /work inside the container.
docker run –rm -ti -v $PWD/work:/work parrot.run/core
Use Volumes to share files across multiple containers
on terminal 1:
docker run –name pentest -ti -v $PWD/work:/work parrot.run/security
on terminal 2:
docker run –rm –network host -v $PWD/work:/work -ti parrot.run/security
on terminal 3:
docker run –rm -v $PWD/work:/work -ti parrot.run/metasploit
Open a port from the container to the host
Every docker container has its own network space connected to a virtual LAN.
All the traffic from within the docker container will be NATted by the host computer.
If you need to expose a port to other machines outside your local computer, use the following example:
docker run –rm -p 8080:80 -ti parrot.run/core
Note that the first port is the port that will be opened on your host, and the second one is the container port to bind to.
Here is a reference usage of the -p flag:
-p <host port>:<container port> (e.g. -p 8080:80)
-p <host port>:<container port>/<protocol> (e.g. -p 8080:80/tcp)
In case of multiple addresses on host network:
-p <address>:<host port>:<container port> (e.g. -p 192.168.1.30:8080:80)
Use network host instead of Docker NAT
Every docker container has its own network space connected to a virtual LAN.
All the traffic from within the docker container will be NATted by the host computer.
If you need to make the docker container share the same networking space of the host machine, then use the –network host flag as shown below
docker run –rm –network host -ti parrot.run/core
NOTE
- Every port opened in the container will be opened on the host as well.
- You can perform packet sniffing on the host network.
- iptables rules applied inside the container will take effect on the host as well.
How to create a Parrot USB drive
How to create a Bootable Device
First of all, you need to download the latest ISO file from our website.
Then you can burn it using Balena Etcher or ROSA ImageWriter. They both work on GNU/Linux, Mac OS and Windows. We strongly recommend to use Etcher, but you can also use the DD command line tool if you prefer it.
The Parrot ISO uses the iso9660 format (also known as isohybrid). It is a special ISO format that contains not only the partition content, but also the partition table.
Some ISO writing programs do not write the iso bit-per-bit into the usb drive at a low level. They create a custom partition table and just copy the file in the USB drive in an unofficial and non-standard way. This behavior is against what the isohybrid was created for, and may break core system functionalities and make the system uninstallable from such USB drives.
It is highly recommended NOT to use programs like unetbootin, or any program which not isohybrid compliant.
You need a USB drive of at least 8 GB for Security Edition and 4 GB for Home Edition.
A quick summary of which tools you can use to create your Parrot USB:
Parrot USB boot procedure using Balena Etcher
Plug your USB stick into your USB port and launch Balena Etcher. Download and unzip it.
Click on .AppImage file.
Click on Flash from file. Select the Parrot ISO and verify that the USB drive you are going to overwrite is the right one.
Flash!
Once the burning is complete, you can use the USB stick as the boot device for your computer and boot Parrot OS.
Parrot USB boot procedure using DD command line tool
dd (and its derivatives) is a command line tool integrated in every UNIX and UNIX-like system, and it can be used to write the ISO file into a block device bit per bit. Due to the potential to brick your system, if you are not familiar with GNU/Linux we strongly recommend to use Etcher.
i.g.
sudo dd status=progress if=Parrot-<edition>-<version>_amd64.iso of=/dev/sdX
Parrot USB boot procedure using ROSA image writer
As mentioned at the beginning of this chapter, you can also use ROSA image writer to create your USB with Parrot. Download it from the website and extract all files. Then, click on “RosaImageWriter“:
Select the ISO and USB.
Click on Write and wait for the writing procedure to finish.
How to create persistent partition on USB
This guide shows how to create a persistent partition inside USB with ParrotOS. To do this we will use the mkusb tool.
Install mkusb
After downloading the ParrotOS .iso file from our website, download mkusb from the repository.
git clone https://github.com/sudodus/tarballs.git
Navigate to the downloaded folder and unpack dus-plus.tar.xz with tar:
cd tarballs && tar -xf dus-plus.tar.xz
NOTE
Why only dus-plus.tar.xz instead of dus.tar.xz? In short, it contains the usb-pack-efi package needed to boot the partition.
Go inside the newly extracted dus-tplus folder, and install the tool by typing:
cd dus-tplus/ && sudo ./dus-installer i
In the same terminal session, type dus (or open guidus from Parrot’s menu) and it will start:
NOTE
dus will ask to install the guidus GUI as well, the functionality will remain the same.
This tool can also be used to make a USB bootable, restore, format and other interesting things.
Create the persistent partition
Select install (make a boot device). Then, Persistent-live option.
Select dus-Persistent from the menu to choose the method to create the persistent partition.
Now select the .iso to install:
Select the USB where you want to install Parrot (we recommend using at least a 4GB USB key).
Select the upefi package and click ok.
You can allocate as much space as you like for the persistent partition from this window:
From here, click Go to confirm the operation. The persistent partition will be ready in a few minutes.
GRUB
This guide will give you a list of known solutions to use when you are having problems with GRUB.
NOTE
If you want to know more about GRUB:
Step 1 – Pick up ParrotOS Live ISO
In order to repair GRUB:
Download the latest ParrotOS .iso, flash it onto an USB drive and boot it.
Step 2 – Disk and partition identification
Once you entered the live mode, open terminal and type
sudo fdisk -l
The output should be similar to this. /dev/sda is usually the first SSD or HDD. If you have an NVMe M.2, the disk will be named /dev/nvme0n1.
- /dev/sda1 usually is the EFI partition, used for booting the OS in UEFI systems.
- /dev/sda2 is ParrotOS partition.
Step 3 – Create the mount folder
A mount folder is needed to perform this operation. So, in the same terminal window, type:
mkdir /mnt
This is the main folder. Next type:
mkdir /mnt/boot
followed by:
mkdir /boot/efi
Which creates the directory used for mounting the EFI partition. This is needed for installing the correct GRUB package.
Step 4 – Mount Partitions
Now it’s time to mount the partitions. In the same terminal window, type
sudo mount -o subvol=@ /dev/sda2 /mnt
NOTE
This is needed since ParrotOS default filesystem is btrfs and it has subvolumes enabled.
Mount the dev, proc, sys folders and the EFI partion in order to get access to the system.
In the same terminal window, type
sudo mount –bind /dev /mnt/dev
sudo mount –bind /proc /mnt/proc
sudo mount –bind /sys /mnt/sys
sudo mount /dev/sda1 /mnt/boot/efi
Step 5 – Chrooting and installing GRUB
Time to enter the system. In the same terminal window, type
sudo chroot /mnt
Once in chroot environment, type
grub-install /dev/sda
After the installation is finished, type exit so as to exit the chroot environment.
Step 6 – Unmounting partitions and rebooting system
After exiting the chroot environment, unmount all of the partitions and folders used. In the same terminal window type:
sudo umount /mnt/dev
sudo umount /mnt/proc
sudo umount /mnt/sys
sudo umount /mnt/boot/efi
sudo umount /mnt
Type reboot and press enter. You should now have a restored GRUB working flawlessly.
AnonSurf
AnonSurf is Parrot’s anonymous mode wrapper to force connections through Tor. It is written in Nim Language and uses GTK libraries so it can be used via a graphical interface (GUI) and a CommandLine Interface (CLI).
It can be used on ParrotOS and it is pre-installed on both main editions (Home and Security). It can be started from the Parrot menu, going to Applications and then Privacy:
To start it, press Start, and to verify that everything is working, you can click on My IP and Details.
Clicking on Tor Stats will show all the details about the current use being made under the Tor network.
With Change Identity you will switch to another exit node:
AnonSurf CLI
Technical details
AnonSurf works on iptables forcing applications to use the Tor network. iptables is an integrated firewall in the Linux kernel that allows the incoming and outgoing passage of all packages, then Tor is used to perform the tunneling of all the user’s traffic in an anonymous way.
Since version 3.2.0, AnonSurf has been rewritten, with a new code structure. The new versions are available here and you can try them by following this guide:
First of all, being written in Nim, some dependencies need to be installed:
sudo apt install nim
sudo apt install libnim-gintro-dev
Then you can download the anonsurf source:
cd anonsurf/
make build
make install
Some information about Tor
- Tor is a SOCKS4/SOCKS5 encryption protocol.
- Tor tunnels all traffic running across the users network anonymously.
- Tor conceals a user’s location and network data from anyone monitoring the user locally, and remotely.
Tor Has Several Use Cases
- Used with on the browser (torbrowser)
- IRC clients (like hexchat)
- Instant messanging (torchat, tormessanger)
- Hidden servers (Creating .onion sites)
Tor Technical Details
- The Tor protocol works by multiplexing [1] multiple “circuits” over a single node-to-node TLS connection.
- Tor traffic is routed through 3 nodes by default: Guard, relay, and exit.
[1] To be able to route multiple relays, Tor has something called stream multiplexing capability:
- multiple TCP connections can be carried over a single Tor circuit.
- Each node knows only the source and destination pairing for a circuit. It does not know the whole path.
Nmap
Nmap or Network Mapper is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping). Nmap’s power can be summarized as follows:
- Flexible
- Powerful
- Portable
- Easy
- Free
- Well Documented
- Supported
- Acclaimed
- Popular
Sample nmap command
nmap -A -T4 scanme.nmap.org
Nmap option summary
If you want to get a summary of nmap’s command just run nmap without any command like this:
nmap
Nmap Host discovery
One of the very first steps in any network reconnaissance mission is to reduce a (sometimes huge) set of IP ranges into a list of active or interesting hosts. Scanning every port of every single IP address is slow and usually unnecessary. Of course what makes a host interesting depends greatly on the scan purposes. Network administrators may only be interested in hosts running a certain service, while security auditors may care about every single device with an IP address. An administrator may be comfortable using just an ICMP ping to locate hosts on his internal network, while an external penetration tester may use a diverse set of dozens of probes in an attempt to evade firewall restrictions
# (List Scan)
nmap -sL
# (No port scan)
nmap -sn
# (No ping)
nmap -Pn
# (TCP SYN Ping)
nmap -PS <port list>
# (TCP ACK Ping)
nmap -PA <port list>
# (UDP Ping)
nmap -PU <port list>
# (SCTP INIT Ping)
nmap -PY <port list>
# (ICMP Ping Types)
nmap -PE; -PP; -PM
# (IP Protocol Ping)
nmap -PO <protocol list>
# (No ARP or ND Ping)
nmap –disable-arp-ping
# (Trace path to host)
nmap –traceroute
# (No DNS resolution)
nmap -n
# (DNS resolution for all targets)
nmap -R
# (Scan each resolved address)
nmap –resolve-all
# (Use system DNS resolver)
nmap –system-dns
# (Servers to use for reverse DNS queries)
nmap –dns-servers <server1>[,<server2>[,…]]
Nmap Port Scanning Basics
While Nmap has grown in functionality over the years, it began as an efficient port scanner, and that remains its core function. The simple command nmap target scans 1,000 TCP ports on the host target. While many port scanners have traditionally lumped all ports into the open or closed states, Nmap is much more granular. It divides ports into six states: open, closed, filtered, unfiltered, open|filtered, or closed|filtered.
These states are not intrinsic properties of the port itself, but describe how Nmap sees them. For example, an Nmap scan from the same network as the target may show port 135/tcp as open, while a scan at the same time with the same options from across the Internet might show that port as filtered
Six port states recognized by Nmap
- open
An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.
- closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next.
- filtered
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.
- unfiltered
The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open
- open|filtered
Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way.
- closed|filtered
This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
Not shown: 995 filtered ports
PORT STATE SERVICE
80/tcp open http
113/tcp closed ident
443/tcp open https
8080/tcp open http-proxy
8443/tcp open https-alt
Nmap done: 1 IP address (1 host up) scanned in 18.57 seconds
# Notice the STATE
rclone
rclone is a CLI tool that makes it easier to manage and sync files and directories in cloud storage and remote systems. It’s officially supported by Google Drive, Dropbox, Amazon S3, and many other services.
Common rclone use cases:
- Mounting a remote: Mount a remote storage system as a local filesystem using rclone mount.
- Filters and Exclusions: Use filters to include or exclude files based on patterns.
- Limit bandwidth on transfer: Limit the transfer rate to avoid using excessive bandwidth.
- Encrypt files and Cache: Use the crypt backend to encrypt files and the cache backend to cache files for faster access.
- Schedule Backups: Schedule rclone commands using cron jobs or other task scheduling mechanisms.
Let’s see in detail how to use rclone.
First, open a terminal window and launch
sudo apt update && sudo apt install rclone
This will install rclone in your system. Now it needs to be configured:
rclone config
The configuration wizard will ask for the remote name, storage type, and credentials (whether they are API keys, authentication tokens, etc.), so be sure to check the instructions given by your provider and take note of these credentials. After that, rclone is ready to be used.
Basic Usage
NOTE
It’s good practice to test every command by attaching the –dry-run flag. After ensuring that everything is okay, repeat the command without –dry-run option.
- List all of the remotes configured
rclone listremotes
- Copy files from source storage to destination storage
rclone copy source:path dest:path
where source:path is the source storage and dest:path is the remote storage of destination (e.g a personal folder sent to a remote, or a file sent from a remote to another)
- Sync storage
rclone sync source:path dest:path
- List all of the files in a remote
rclone ls remote:path
- Delete all files from a specific path in the remote
rclone delete remote:path
Wget
Wget is a CLI tool which lets you download files and use REST API interactively. It supports HTTP, HTTPS, FTP and FTPS.
Here’s some most common use cases:
- Direct File Download
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.39.2.tar.bz2
Launching this command will download directly the file inside the folder where the command has been launched. This is the basic command.
- Background download wget -b
wget -b http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.39.2.tar.bz2
This option is very useful when starting a download on a remote machine via SSH. It will initiate the download in background, allowing the user to disconnect from the terminal once the command is launched.
- Resuming interrupted or partially broken downloads wget -c
wget -c http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.39.2.tar.bz2
A very useful command for downloading large files that may be interrupted before the complete download. Additionally, if a file with the same name as the one being downloaded already exists, the option is able to check its size and start downloading the remaining part of the file instead of downloading it again.
- Maximum number of attempts wget –tries
wget –tries=10 http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.39.2.tar.bz2
It can happen to encounter a particularly slow or crowded server. Therefore, it is necessary to set a maximum number of attempts to avoid getting stuck on this download. In this example, the maximum number of attempts has been set to 10.
- Multiple Download wget -i
wget -i input.txt
A very powerful option. User can provide a text file as input to wget containing a series of URLs. The utility will sequentially download all the resources that the links listed in the text file point to, in this case is input.txt
- Limiting download speed wget –-limit-rate=
wget –limit-rate=1k http://www.kernel.org/pub/linux/kernel/v3.0/testing/patch-3.0-rc4.bz2
If you need to limit the amount of bandwidth for downloads, wget allows the user to do so with the “limit-rate” option, and in the example shown, the limit has been set to 1kB/s.
- Download with proxy enabled
To download through a proxy, it’s not necessary to use any strange options but rather set an environment variable called http_proxy. To do this, the syntax is as follows:
export http_proxy=”http://myproxyserver:8080″
The address http://myproxyserver:8080 represents the proxy server with the communication port. If it’s necessary to authenticate and use the proxy, then the syntax is as follows:
export http_proxy=”http://username:password@myproxyserver:8080″
Mirrors
The Parrot Project not only delivers a ready-to-use system in the ISO format, but it also provides a vast amount of additional software that can be installed apart from the official parrot repository.
The Parrot repository is used to provide officially supported software, system updates and security fixes.
The mirrors network
The software in the parrot archive is delivered in form of deb packages, and these packages are served through a vast network of mirror servers that provide the same set of packages distributed all around the world for faster software delivery.
The Parrot system is configured to use the central parrot archive directors. The Parrot directors are special servers that collect all the requests of the end users and redirect them to the geographically nearest download server available for the user who made the request.
If you want and can, you can make your own mirror for Parrot following this procedure.
Security measures
The Parrot Mirror Network is secured by centralized digital signatures and the mirrors can’t inject fake updates.
If an evil mirror tries to inject a fake package, the Parrot system will automatically refuse to download and install it, and will raise an alert message.
This security measure implemented in APT (the Parrot/Debian package manager) is very efficient and reliable because digital signatures are applied offline by the Parrot archive maintainer, and not by the mirror servers, ensuring direct and secure developer-to-user chain of trust.
Configuration and custom setup
The APT package manager uses /etc/apt/sources.list and any .list file found in the /etc/apt/sources.list.d/ directory.
NOTE
/etc/apt/sources.list is EMPTY and the default APT configuration is located at /etc/apt/sources.list.d/parrot.list
Content of /etc/apt/sources.list.d/parrot.list
deb https://deb.parrot.sh/parrot lory main contrib non-free non-free-firmware
deb https://deb.parrot.sh/parrot lory-security main contrib non-free non-free-firmware
deb https://deb.parrot.sh/parrot lory-backports main contrib non-free non-free-firmware
#deb-src https://deb.parrot.sh/parrot lory main contrib non-free non-free-firmware
#deb-src https://deb.parrot.sh/parrot lory-security main contrib non-free non-free-firmware
#deb-src https://deb.parrot.sh/parrot lory-backports main contrib non-free non-free-firmware
Updates/Testing purpose
The ‘parrot-updates’ repository provides updates before they are made available to ‘parrot’. This repo is mostly meant to be used by developers and beta testers to extensively test updates before they are migrated to the main repository.
We suggest to not enable it, as it may introduce untested bugs and make the system unstable. Updates are delivered as fast as possible (within a week), so you are not missing anything important with this disabled (unless you are a dev):
deb https://deb.parrot.sh/parrot lory-updates main contrib non-free non-free-firmware
Make your own mirror
You can set up a Parrot archive mirror on your server for personal or public usage by following the steps below.
Make sure to have enough free space
You can sync the entire repository or pick just the ISO images.
Make sure to have enough free space to host a mirror, and be ready for future upgrades as the archive size fluctuates.
The current archive size is available here archive.parrotsec.org/parrot/misc/archive-size.txt
Dockerized Setup
We have a provided docker image located at registry.gitlab.com/parrotsec/project/parrot-mirror-docker:main, you may use our suggested docker compose file:
services:
parrot-mirror:
image: registry.gitlab.com/parrotsec/project/parrot-mirror-docker:main
ports:
– “8000:80” # Port Exposed for HTTP, container port is 80
– “873:873” # Rsync Daemon Port
volumes:
– ./mirror-tmp:/mirror # Where do you want the mirror files to be stored? Must be mapped to /mirror internally.
environment:
SOURCE: “rsync://rsync.parrot.sh:/parrot” # Where the mirror should sync from
BWLIMIT: “0” # Bandwidth limit for rsync
Please change the configuration noted as applicable for your setup. The volume must be mounted at /mirror, unless you rebuild the container and change the relevant configuration.
Helm Chart
A Helm Chat chart is also availble, and can be installed as follows:
- Add the Helm Repo helm repo add 0xemma https://0xemma.github.io/helm-charts
- helm install parrot-mirror 0xemma/parrot-mirror
You may change the values.yaml as needed to match your setup.
Manual Setup
Choose the upstream server
We handle several domains for repository syncing services, we suggest you use rsync.parrot.sh for automatic and failproof setups, but upstream settings can be adjusted in case of specific needs.
Feel free to contact the Parrot team if you have specific mirroring needs or bandwidth limitations. We can provide you dedicated upstream sources or professional support for your mirror.
Main Mirror Director:
rsync.parrot.sh
Global Zones (read the notes):
EMEA:
emea.rsync.parrot.sh
NCSA:
ncsa.rsync.parrot.sh
APAC:
apac.rsync.parrot.sh
Single archives may be unavailable or replaced from time to time.
rsync.parrot.sh is automatically balanced between all the available mirrors and will give you zero downtimes.
Download the archive
If you sync the entire archive with the below instructions, you do NOT need to synchronize the ISO archive. ISO files are included by default!
Sync the repository
rsync -Pahv –delete-after rsync://rsync.parrot.sh:/parrot /var/www/html/parrot
Configure a cronjob
launch the following command:
crontab -e
and add the following content to the crontab file:
*/10 * * * * flock -xn /tmp/parrot-rsync.lock -c ‘rsync -aq –delete-after rsync://rsync.parrot.sh:/parrot /var/www/html/parrot’
Download the ISO archive only
Do not sync the ISO archive if you are already synchronizing the full archive with the above instructions. ISO files are already provided with the instructions in the precedent paragraph.
use the following instructions if you want to sync only the ISO files.
Sync the repository
rsync -Pahv –delete-after rsync://rsync.parrot.sh:/parrot-iso /var/www/html/parrot
Configure a cronjob
launch the following command:
crontab -e
and add the following content to the crontab file:
30 2 * * * flock -xn /tmp/parrot-rsync.lock -c ‘rsync -aq –delete-after rsync://rsync.parrot.sh:/parrot-iso /var/www/html/parrot’
Expose your mirror via rsync
Your mirror can be exposed via rsync to allow other people to sync from you and to allow our mirror director to periodically scan your mirror and perform indexing and health checks.
Rsync exposure is mandatory to add your mirror to our official list.
The following instructions will set up rsync and expose the parrot archive in compliance with our standards on a debian/ubuntu server. Minor adjustments are required for other non-apt systems.
install rsync with:
sudo apt install rsync
edit /etc/rsyncd.conf with nano:
sudo nano /etc/rsyncd.conf
paste the following settings in the config file and save it:
[parrot]
comment = Parrot OS – full archive [rsync.parrot.sh/parrot]
path = /var/www/html/parrot/
hosts allow = *
#hosts deny = *
list=true
uid=www-data
gid=www-data
read only = yes
use chroot=yes
dont compress # for better performance
[parrot-iso]
comment = Parrot OS – ISO files only [rsync.parrot.sh/parrot-iso]
path = /var/www/html/parrot/
exclude = pool dists
hosts allow = *
list=true
uid=www-data
gid=www-data
read only = yes
use chroot=yes
dont compress
Enable the rsync service:
sudo systemctl enable rsync
Start the rsync service:
sudo service rsync start
Make your mirror official
If you want your mirror to be added to our official mirrors list and to our mirror directors, email us at [email protected].