Parrot OS (officially Parrot Security) was born in 2013 in Frosinone, Italy.
Created by Lorenzo “Palinuro” Farina and the Frozenbox development team.
The Frozenbox team was a group of Italian security researchers, developers, and privacy advocates who wanted a Linux distribution that combined security tooling with genuine privacy features.
The name “Parrot” reflects the project’s colorful, creative identity — a parrot is clever, adaptable, and communicates freely. The mascot is a stylized parrot, and the project embraces a vibrant, artistic aesthetic.
Why Parrot Was Created
In 2013, Kali Linux (then BackTrack) was the dominant security distro — but it was heavy, resource-intensive, and focused almost entirely on offensive security tools.
The Frozenbox team wanted something different:
Lighter — runs well on older hardware and low-RAM machines
Privacy-first — built-in Tor routing, metadata cleaning, sandboxing
Daily driver capable — not just a pentesting live USB, but a usable desktop OS
Forensics-ready — digital forensics tools alongside security tools
Developer-friendly — programming tools, IDEs, and dev environments included
Technical Foundation
Built on Debian (Testing/Stable branch) — inherits Debian’s stability and massive package ecosystem.
Uses APT package manager — same as Debian and Ubuntu.
Kernel: Debian-based with security patches and custom configurations.
Timeline
2013 → Parrot OS 0.x — initial release by Frozenbox team
2014-2016 → Rapid development; security + privacy tools added
2017 → Parrot 3.x — major maturity milestone
2019 → Parrot 4.x — improved AnonSurf, new tools
2020 → Parrot 4.10 — Parrot Home edition introduced
2021 → Parrot 5.0 — based on Debian 11 Bullseye
2022 → Parrot 5.1/5.2 — stability improvements
2023 → Parrot 5.3 — Debian 12 Bookworm base
2024 → Parrot 6.x — continued development
Community & Governance
Parrot OS is maintained by the Parrot Project — a community-driven, non-profit initiative.
Hosted at: https://parrotsec.org
Community: Telegram groups, Discord, forums, and GitLab.
Funded by community donations and partnerships.
Introduction
What is Parrot OS?
Parrot OS is a Debian-based, security-focused Linux distribution designed for penetration testing, digital forensics, privacy, and daily use.
It ships with hundreds of pre-installed security tools, privacy utilities, and development environments — all in a lightweight, polished package.
Unlike Kali Linux (which is purely offensive security), Parrot is designed to be a complete operating system — you can use it as your daily driver while having all security tools at your fingertips.
Key differentiators: AnonSurf (system-wide Tor routing), Firejail sandboxing, MAT2 metadata cleaner, and a focus on operational security (OPSEC).
Parrot OS Editions
graph TD
A[🦜 Parrot OS] --> B[Security Edition]
A --> C[Home Edition]
A --> D[HTB Edition]
A --> E[Architect Edition]
A --> F[Cloud Edition]
B --> B1[Full pentesting + forensics tools\nMATE desktop\nAnonSurf included\nBest for: security professionals]
C --> C1[No security tools\nPrivacy tools only\nLighter, daily driver\nBest for: privacy-conscious users]
D --> D1[Hack The Box optimized\nHTB tools pre-configured\nBest for: CTF players]
E --> E1[Minimal base install\nNo desktop environment\nBest for: custom builds]
F --> F1[Cloud/server image\nAWS, Azure, GCP\nBest for: cloud pentesting]
Beautiful UI — MATE desktop with custom Parrot themes, icons, and wallpapers.
Active development — regular updates and a passionate community.
Disadvantages
Smaller community than Kali — fewer tutorials and Stack Overflow answers.
Rolling release — occasional package breakage (Debian Testing base).
Less corporate backing — Kali has Offensive Security behind it.
Tool documentation — some tools have less documentation than Kali equivalents.
Not RHEL-compatible — APT/Debian ecosystem only.
Use Cases
Penetration testing and ethical hacking, digital forensics and incident response, privacy-conscious daily computing, CTF (Capture The Flag) competitions, malware analysis and reverse engineering, OSINT (Open Source Intelligence), security research, anonymous browsing and communication, developer workstation with security tools.
Installation
System Requirements
Parrot Security (Minimum):
CPU: 1 GHz dual-core (64-bit x86_64 or ARM)
RAM: 512 MB (1 GB recommended, 2 GB for comfortable use)
Disk: 16 GB (40 GB recommended for full install)
GPU: Any (MATE is lightweight)
Parrot Home (Minimum):
CPU: 1 GHz
RAM: 512 MB (1 GB recommended)
Disk: 16 GB
Recommended for pentesting work:
CPU: 2+ cores
RAM: 4-8 GB
Disk: 60 GB+ SSD
Download ISO
Download from: https://parrotsec.org/download/
Available editions: Security, Home, HTB, Architect
Verify integrity:
# Verify SHA256 checksumsha256sum Parrot-security-6.x_amd64.iso# Compare with the checksum on the download page# Verify GPG signaturegpg --keyserver keyserver.ubuntu.com --recv-keys 3B3EAB807D70721BA9C03E55C7B39D0167C3C5A7gpg --verify Parrot-security-6.x_amd64.iso.sig Parrot-security-6.x_amd64.iso
Creating Bootable USB
# Linux — dd methodsudo dd if=Parrot-security-6.x_amd64.iso of=/dev/sdX bs=4M status=progress oflag=sync# Linux — using Etcher (GUI)# Download balenaEtcher from https://etcher.balena.io# Windows — Rufus or balenaEtcher# macOSsudo dd if=Parrot-security-6.x_amd64.iso of=/dev/rdiskX bs=4m
Calamares Installer Steps
Parrot OS uses the Calamares installer — a modern, user-friendly graphical installer.
1. Boot from USB → select "Try/Install Parrot OS"
2. Launch installer from desktop (Install Parrot icon)
3. Language selection
4. Location / Timezone
5. Keyboard layout
6. Partitioning:
- Erase disk (automatic) — simplest option
- Manual partitioning:
/boot/efi → 512 MB (FAT32, UEFI)
/ → 30+ GB (ext4 or btrfs)
swap → 2-4 GB (or use zram)
/home → rest (ext4)
7. User creation → set username + strong password
8. Summary → review and Install
9. ~15-20 minutes → Reboot
# Check AppArmor statussudo apparmor_statussudo aa-status# List profilessudo aa-status | grep "profiles are loaded"# Set profile to complain mode (log but don't block)sudo aa-complain /usr/bin/firefox# Set profile to enforce modesudo aa-enforce /usr/bin/firefox# Disable a profilesudo aa-disable /usr/bin/firefox
Linux File System Hierarchy on Parrot
/ Root filesystem (ext4 default)
├── /bin → /usr/bin (merged-usr)
├── /boot GRUB2, kernel, initrd
├── /dev Device files
├── /etc Configuration files
├── /home User home directories
├── /lib → /usr/lib
├── /media Removable media mount points
├── /mnt Manual mount points
├── /opt Third-party software
├── /proc Process/kernel virtual FS
├── /root Root user home
├── /run Runtime data (tmpfs)
├── /sbin → /usr/sbin
├── /srv Service data
├── /sys Hardware/driver virtual FS
├── /tmp Temporary files
├── /usr Programs, libraries, docs
└── /var Logs, spool, cache
anonsurf start # start anonymous modeanonsurf stop # stop and restore normal networkinganonsurf status # check if activeanonsurf myip # show your current Tor exit IPanonsurf change # get a new Tor circuit (new IP)
Tor Browser
# Tor Browser is pre-installed on Parrot Security# Launch from Applications → Internet → Tor Browser# Or from terminaltor-browser# Update Tor Browsersudo apt update && sudo apt install torbrowser-launcher -ytorbrowser-launcher # downloads and launches latest version# Tor Browser security levels:# Standard → all features enabled# Safer → JS disabled on non-HTTPS sites# Safest → JS disabled everywhere, no media
# Launch SETsudo setoolkit# Main menu options:# 1) Social-Engineering Attacks# → Spear-Phishing, Website Attack Vectors, Infectious Media# 2) Penetration Testing (Fast-Track)# 3) Third Party Modules
theHarvester — OSINT
# Gather emails, subdomains, IPs for a domaintheHarvester -d example.com -b googletheHarvester -d example.com -b all # all sourcestheHarvester -d example.com -b linkedin,google,bing# Sources: google, bing, linkedin, twitter, shodan, etc.
Digital Forensics Tools
Forensics Mode
Parrot OS has a dedicated Forensics Mode in the boot menu — it boots without mounting any local disks, preventing accidental evidence contamination.
Boot menu → "Parrot Forensic Mode"
→ No auto-mount of local drives
→ No swap activation
→ No modification of local filesystems
→ Safe for evidence acquisition
Autopsy — Digital Forensics Platform
# Launch Autopsyautopsy# Autopsy is a GUI forensics platform built on The Sleuth Kit# Features:# - Disk image analysis# - File system browsing# - Keyword search# - Timeline analysis# - Hash filtering (known good/bad files)# - Email analysis# - Web artifact extraction# - Registry analysis (Windows)
The Sleuth Kit (TSK)
# Disk image toolsmmls disk.img # partition layoutfsstat -o 2048 disk.img # filesystem statsfls -r -o 2048 disk.img # list files recursivelyicat -o 2048 disk.img 12345 # extract file by inode# File system analysisblkls -o 2048 disk.img # unallocated blocksdls -o 2048 disk.img # deleted file datails -o 2048 disk.img # inode list# Create disk imagesudo dd if=/dev/sdb of=evidence.img bs=4M status=progress# Or with dcfldd (better for forensics)sudo dcfldd if=/dev/sdb of=evidence.img hash=sha256 hashlog=hash.txt
Volatility — Memory Forensics
# Volatility 3 (pre-installed on Parrot)# Analyze memory dumpvol -f memory.dmp windows.info # OS infovol -f memory.dmp windows.pslist # process listvol -f memory.dmp windows.pstree # process treevol -f memory.dmp windows.netstat # network connectionsvol -f memory.dmp windows.cmdline # command line argsvol -f memory.dmp windows.filescan # file handlesvol -f memory.dmp windows.dumpfiles --pid 1234 # dump process filesvol -f memory.dmp windows.hashdump # password hashes# Linux memory analysisvol -f linux.dmp linux.pslistvol -f linux.dmp linux.bash # bash history from memory
# Read all metadataexiftool photo.jpgexiftool document.pdf# Read specific tagsexiftool -GPS* photo.jpg # GPS data onlyexiftool -Author -CreateDate doc.pdf # specific fields# Remove all metadataexiftool -all= photo.jpg # in-placeexiftool -all= -o clean.jpg photo.jpg # to new file# Batch processexiftool -all= *.jpg # clean all JPEGsexiftool -r -all= /path/to/photos/ # recursive
Reverse Engineering
Ghidra — NSA’s Reverse Engineering Suite
# Launch Ghidraghidra# Ghidra features:# - Disassembler + decompiler (C-like pseudocode)# - Multi-architecture: x86, ARM, MIPS, PowerPC, etc.# - Scripting (Java + Python)# - Collaborative analysis# - Binary diffing# - Symbol/function analysis# Workflow:# 1. Create new project# 2. Import binary (File → Import File)# 3. Auto-analyze (yes to all)# 4. Browse functions in Symbol Tree# 5. Use Decompiler window for C pseudocode
Radare2 — Command-Line RE Framework
# Open binaryr2 binary # open for analysisr2 -d binary # open with debuggerr2 -A binary # open + auto-analyze# Inside r2:# aa → analyze all# aaa → deeper analysis# afl → list all functions# pdf @ main → disassemble main function# s main → seek to main# VV → visual graph mode# q → quit# Cutter — Ghidra-like GUI for Radare2cutter binary
GDB with pwndbg
# Install pwndbg (enhances GDB)sudo apt install gdb -ygit clone https://github.com/pwndbg/pwndbgcd pwndbg && ./setup.sh# Launch GDBgdb ./binary# GDB + pwndbg commands:# run → run the program# break main → set breakpoint at main# break *0x401234 → breakpoint at address# continue → continue execution# next → next line (step over)# step → step into function# info registers → show all registers# x/20x $rsp → examine stack (20 hex words)# disassemble main → disassemble function# backtrace → call stack# vmmap → memory map (pwndbg)# checksec → binary security features (pwndbg)
# strace — trace system callsstrace ./binary # trace all syscallsstrace -e trace=open,read ./binary # specific syscallsstrace -p PID # attach to running processstrace -o output.txt ./binary # save to file# ltrace — trace library callsltrace ./binary # trace library callsltrace -e strcmp ./binary # specific functionltrace -p PID # attach to process# Useful for:# - Understanding what a binary does without source# - Finding hardcoded passwords (strcmp calls)# - Identifying file/network operations# - Malware analysis (safe environment only!)
Networking & Wireless
Network Reconnaissance
# Interface managementip addr show # all interfacesip link show # link layerip route show # routing tableiwconfig # wireless interfacesiwlist wlan0 scan # scan for WiFi networks# Port scanningnmap -sS -p- 192.168.1.0/24 # full SYN scan on subnetmasscan -p1-65535 192.168.1.0/24 --rate=1000 # fast scanner# Service enumerationnmap -sV -sC 192.168.1.100 # version + default scripts
# AnonSurf uses iptables to redirect traffic# When you run 'anonsurf start', it does roughly:# 1. Start Tor servicesudo systemctl start tor# 2. Flush existing iptables rulessudo iptables -Fsudo iptables -t nat -F# 3. Allow loopbacksudo iptables -A OUTPUT -o lo -j ACCEPT# 4. Allow Tor process itselfsudo iptables -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT# 5. Block all non-Tor traffic (DNS, TCP)sudo iptables -A OUTPUT -p udp --dport 53 -j REJECTsudo iptables -A OUTPUT -p tcp --dport 53 -j REJECT# 6. Redirect DNS to Tor's DNS portsudo iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 5353# 7. Redirect all TCP to Tor's TransPortsudo iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040# 8. Block everything elsesudo iptables -A OUTPUT -j REJECT
AnonSurf Commands
# Start anonymous modeanonsurf start# Stop anonymous mode (restore normal networking)anonsurf stop# Check statusanonsurf status# Show current IP (should be a Tor exit node)anonsurf myip# Get a new Tor circuit (new exit IP)anonsurf change# Restart AnonSurfanonsurf restart# Check if Tor is workingcurl -s https://check.torproject.org/api/ip# Should return: {"IsTor":true,"IP":"x.x.x.x"}
DNS Leak Prevention
# AnonSurf redirects DNS through Tor to prevent DNS leaks# Verify no DNS leaks:# Check DNS resolution goes through Tordig +short myip.opendns.com @resolver1.opendns.com# Should return Tor exit node IP, not your real IP# Test at: https://dnsleaktest.com (via Tor Browser)# /etc/tor/torrc — Tor configurationsudo vim /etc/tor/torrc
Browser fingerprinting — your browser’s unique fingerprint can identify you even through Tor. Use Tor Browser, not regular Firefox.
JavaScript — JS can reveal your real IP. Disable JS or use Tor Browser’s “Safest” mode.
Logged-in accounts — if you log into Google/Facebook through Tor, you’re identified.
Tor exit node surveillance — exit nodes can see unencrypted traffic. Always use HTTPS.
Timing attacks — sophisticated adversaries can correlate traffic timing.
Non-TCP protocols — some protocols may bypass Tor (UDP is blocked, not routed).
Malware — if your system is compromised, AnonSurf won’t help.
Metadata — files you share may contain identifying metadata (use MAT2).
Parrot Home Edition
What is Parrot Home?
Parrot Home is a separate edition of Parrot OS designed for everyday use — it includes privacy tools but none of the offensive security/pentesting tools.
Think of it as a privacy-hardened, lightweight Linux desktop for people who want anonymity and security without the full pentesting toolkit.
Perfect for: journalists, activists, privacy-conscious users, developers who want a clean but secure desktop.
Parrot Home vs Parrot Security
Feature
Parrot Home
Parrot Security
AnonSurf
✅ Yes
✅ Yes
Tor Browser
✅ Yes
✅ Yes
MAT2
✅ Yes
✅ Yes
Firejail
✅ Yes
✅ Yes
KeePassXC
✅ Yes
✅ Yes
Metasploit
❌ No
✅ Yes
Nmap
❌ No
✅ Yes
Aircrack-ng
❌ No
✅ Yes
Wireshark
❌ No
✅ Yes
Ghidra
❌ No
✅ Yes
RAM usage
~300 MB
~400 MB
Disk space
~8 GB
~16 GB
Target user
Daily driver
Security professional
MATE Desktop Environment
Parrot Home uses MATE — a lightweight, traditional desktop environment forked from GNOME 2.
# MATE is fast, customizable, and runs well on older hardware# Key MATE applications:# Caja → file manager# Pluma → text editor# Eye of MATE → image viewer# Atril → document viewer# MATE Terminal → terminal emulator# Customize MATEmate-control-center # system settingsmate-tweak # advanced tweaks# Install additional themessudo apt install arc-theme papirus-icon-theme -y
Privacy-Focused Daily Workflow
# Morning routine for privacy-conscious users:# 1. Start AnonSurf for anonymous browsinganonsurf startanonsurf myip # verify Tor exit IP# 2. Launch Tor Browser for sensitive browsingtor-browser# 3. Use Firejail for regular browserfirejail --private firefox# 4. Before sharing any files, clean metadatamat2 document.pdfmat2 photo.jpg# 5. Use KeePassXC for all passwordskeepassxc# 6. Encrypt sensitive files with VeraCryptveracrypt# 7. Stop AnonSurf when doneanonsurf stop
Installing Security Tools on Parrot Home
# You can install individual security tools on Parrot Home# without switching to the full Security edition# Install Nmapsudo apt install nmap -y# Install Wiresharksudo apt install wireshark -ysudo usermod -aG wireshark $USER# Install Metasploitsudo apt install metasploit-framework -y# Install the full security metapackagesudo apt install parrot-tools-full -y # installs everything# Or specific tool categoriessudo apt install parrot-tools-wireless # wireless toolssudo apt install parrot-tools-forensic # forensics toolssudo apt install parrot-tools-reversing # RE tools