December 2, 2016

Parrot Security Could Be Your Next Security Tool

parrot-security.jpg

Parrot Security
Parrot Security is a complete distro, based on Debian Jessie core, which includes software for cryptography, cloud, anonymity, digital forensics, and programming.

Network and security administrators rely heavily on their tools. Without the right tools, that brilliant mind can only do so much. But what tools are the best for the job of forensics or testing? As you probably know, the list of such tools is extensive and often times it’s a matter of experimentation, review, and guesswork.

That’s where the likes Parrot Security come in. Parrot Security is a complete distribution, based on Debian Jessie core, which includes software for cryptography, cloud, anonymity, digital forensics, programming. The software list alone should be enough to have security and network admins rushing to download a copy.

  • Anonymous mode start

  • I2P

  • Two Cents Crypto

  • ZuluCrypt

  • EtherApe

  • Ettercap

  • King Phisher

  • Tor Browser

  • TorChat

  • Wireshark

  • XHydra

  • Zenmap

  • debmod builder

  • Parrot Cloud Controller

  • Spectrum Tool

And that’s just from the standard menu entries. Dive into the Parrot submenu (Figure 1) and you’ll find an astonishing array of tools.

parrotsec_a.jpg

Parrot submenu
Figure 1: The Parrot submenu of the main menu.

Parrot as distribution

Beyond the testing, auditing, and programming tools, what you’ll find in the Parrot distribution is a rock solid system. Parrot is based on Debian 9 and includes a custom hardened Linux 4.6 kernel. This is a rolling release upgrade distribution that uses the MATE desktop and the Lightdm display manager...all presented with custom icons and wallpapers. It’s pretty and it’s powerful.

The system requirements for Parrot are:

  • CPU: x86 with at least 700Mhz

  • Architecture: i386, amd64 (x86-64bit), 486 (legacy x86), armel, and armhf

  • RAM: At least 256MB for i386 and 320MB for amd64. 512MB recommended

  • GPU: No graphic acceleration required

  • HDD: ~16GB required for installation

  • BOOT: Legacy bios preferred

Parrot can be run as either a live distribution or installed on a standard desktop. When you first fire up the image, you will see a boot screen unlike any you’ve ever seen (Figure 2).

parrotsec_b.jpg

boot screen
Figure 2: The Parrot Security boot screen.

From the boot screen, you can start Parrot as either a live instance, run it in text mode, run it live with persistence (any configurations you make will be saved), Live with encrypted persistence (so your configuration options cannot be viewed by others), a non-invasive forensics mode, an aggressively anonymous mode, or a failsafe mode. You can also install directly from the boot menu.

If you run Parrot as a live instance, you can then install the distribution to your hard drive by going to Applications > System Tools > Install Parrot Security OS.

One of the issues I discovered is, out of the box, the screen will lock after five minutes. It took me a while to discover that the default live credentials are root/toor. Before discovering those credentials, I had to unset the screen locking (otherwise I was having to constantly reboot after five minutes of inactivity).

The installation of Parrot can hiccup out of the gate. After using Parrot as a live instance, I went to install, only to discover the kernel had upgraded from 4.6.0 to 4.7. The Parrot installer can only be used if the kernel versions of the live system and the installer are the same. The best way to successfully install Parrot Sec is to go directly to Install from the boot menu. This will ensure your kernels match. You can run the standard installer (an NCURSES installer) or a GTK installer (GUI). Either installer will work like a charm and installation is fairly fast. NOTE: Installing Parrot Security on as a VirtualBox instance failed every time, so your best bet is to either run the distribution live or install it on a standalone system.

Once installed, you’re ready to take advantage of the Parrot Platform.

One really nice feature of Parrot Sec is the anonymous mode. While running either a live session or from a fully installed sesion, go to Applications > Anon Surf > anonymous mode start. Once in anonymous mode, Parrot Security will automatically route all of your traffic through TOR (including your DNS requests so to prevent DNS leaks).

I ran a quick test of the anonymous mode. Before starting the mode, I ran a ping on google.com to see standard results. Afters starting up the anonymous mode, I ran the same ping to see very different output (Figure 3).

parrotsec_c.jpg

Anonymous mode
Figure 3: The difference between a ping with Anonymous mode off and then on.

Parrot as testing platform

As a testing platform, Parrot excels beyond any normal expectations. All you have to do is venture into Applications > Parrot and you’ll immediately see how capable a testing platform you have in Parrot Security. This distribution comes with nearly every tool you could possibly need to test your network and systems. It is from this menu that you can tackle serious work: Information gathering with DNS analysis, IDS/IPS Identification, Live Host Identification, OSINT/Route/SMB/SMTP/SNMP/SSL analysis; Vulnerability analysis with Cisco Tools, Fuzzing Tools, OpenVAS Scanner, Stress Testing, VoIP Tools; Web Application Analysis with CMS & Framework Identification, IPv6 Tools, Web Application Proxies, Web Crawlers & Directory Bruteforce, Web Vulnerability Scanners.

Each tool in the Parrot menu is a full-blown application, ready to use. Take a look into Applications > Parrot > Exploitation Tools and you’ll see an impressive list of applications including the likes of armitage (Figure 4 -- a scriptable collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework).

parrotsec_d.jpg

Armitage
Figure 4: Scanning a host with armitage.

Parrot as programming platform

But don’t think Parrot Security is a distribution designed solely for those who want to audit the security of their network and systems. This Debian-based distro packs plenty of programming punch as well. You’ll find interpreters and compilers for the most popular languages. Programming tools include:

  • Arduino IDE

  • Atom

  • Ferret

  • Geany

  • GNU Emacs 24

  • GRC

  • Ipython

  • PyCrust

  • Qt Creator

  • SQLite database browser

  • USBprog

  • XRCed

Beyond that, programmers will find one of the handiest tricks to ever grace their desktops. If you right-click a blank spot on the desktop and click Create Document > prog, you’ll see that you can create documents from a number of programming-centric templates (such as, assembly, Bash-sh, C, C++, header, Java, ObjC, Perl, etc. -- Figure 5).

parrotsec_e.jpg

Create a document
Figure 5: Creating a new document from one of the programming templates is simple.

This will create a file with the necessary extension, for the language you want work with, on your desktop. Right-click that file and then click Open With and then select your tool of choice. The template you choose will include some basic elements necessary for that language.

This is what you’ve been waiting for

If you’ve grown frustrated with your testing platform of choice letting you down, you cannot go wrong with Parrot Security. It’s only been around since 2013, but it’s made some remarkable strides in those short three years. Spin up an instance of this testing/programming-centric distribution and see if it isn’t exactly what you’ve been waiting for.

Advance your career with Linux security skills. Check out the Linux Security Fundamentals course from The Linux Foundation.

Click Here!