Part 1 (Introduction)
While I still like Kali for ARM environments (like the Raspberry Pi) or as a chroot OS on my Android device (I will make a tutorial on that in the future), I still believe none of you should choose Kali blindly just because most of the tutorials on here are written for it.
While Kali has let me down a few times (the many bugs in Kali 2.0, for example…), ParrotSec hasn’t failed me yet. I’ve been using it for about 6 months now, and I only encountered one bug in that entire time, which was the display manager not working after a system upgrade.
Yesterday, ParrotSec 2.0 (nicknamed “Helium”) has been released, as a reaction to Kali 2.0. Kali 2.0 felt a bit rushed to me and had quite a few bugs, I didn’t encounter a bug with ParrotSec 2.0 yet. So I think that now is the right time to make a series on ParrotSec and it’s features.
Note: AppleDash48 already wrote an article on Parrot, but he didn’t really explain how the many features can be used, which is what I am hoping to do with this (probably 4-part) series.
Who Can Use ParrotSec?
ParrotSec is a very friendly pentesting distro and it is really suited for everyone! For the newbie, there is the cool theme and many automated features. The more experienced will love to have some of the must-have tools pre-installed with the OS, and many more available through the repositories. But it is also suitable for everyday use because it is closely based on Debian 8.
The Specs & Features
ParrotSec has a custom made Linux 4.1 kernel and is based on Debian 8. It uses the MATE dekstop environment, and “lightdm” as it’s display manager. ParrotSec also comes with it’s own theme.
That’s it for the specifications of the OS, let’s have a look at what features it has that Kali DOESN’T have!
This is the thing that makes ParrotSec so useful. ParrotSec has many built-in anti-forensic tools. One of the most useful ones being a script called TCCP, which allows you to encrypt a single file, a partition, or even entire drives! furthermore, it also comes pre-installed with tools such as ZuluCrypt, and it has even more anti-forensic tools in the repositories.
This is a really useful tool. Each time you shut down your computer, the data in your RAM is “lost”, but in reality it is still there. It kind of works like how files are being deleted in a hard drive. And just like you can recover deleted files, a forensic investigator can recover the data in your RAM, which gives away info on what programs you ran, what you did with those programs, what sites you might’ve visited, etc..
Pandora’s Box is a tool that removes everything your OS stored in the RAM during your session, and it runs automatically at shutdown, or you can choose to run it manually, though that is not recommended.
RAM-only surfing. Another neat feature: ParrotSec has a special browser that allows you to surf with a “RAM-Only browser profile”, which means iceweasel will not access your hard drive. This is really great if you need to look something up that absolutely nobody may see. While it is true that RAM-Only surfing leaves traces in the RAM, you shouldn’t worry, because we have Pandora’s Box!
This is some kind of script made by the ParrotSec team that completely anonymizes you with just one click of a button, using TOR (though i don’t like TOR anymore). Anonsurf automatically routes ALL your traffic through TOR, including your DNS requests to prevent DNS leaks.