Hack the planet/Parrot
Get started with a persistent USB install of Parrot Security OS
Usually for these hacker-themed features we tend to make judicious use of Kali Linux, a distro that’s jam-packed with pentesting and OSINT (open source intelligence) tools. But it’s not the only one – Parrot OS is equally powerful. And we’d urge you to go and grab the Security edition from https://parrotsec.org and write it to a USB stick without delay. Then the games can begin.
Before exploring Parrot OS, marvel at the stylish MATE desktop. Besides the colourful background, the Applications menu is organised into categories ranging with everything from privacy tools to text editors. Most of the specialist software is in the Pentesting category, so here you’ll find password crackers, social engineering tools and many scanners. The System Services category enables you to start various database and web services, which are required for some programs. Or if you’re targeting a locally hosted web application.
Don’t get ahead of yourself
Many of the programs in the menu are command line affairs. If, for example, you go to Pentesting>Web Application Analysis>wig, then a terminal will open showing the help page for wig (the WebApp Information Gatherer). Having read the help page, you might now be tempted to use this to scan your (least) favourite websites for weaknesses. But probably best not. Wig runs as a regular user, as you can see from the stylish ZSH prompt. But some programs are automatically run as root, for example Recon-NG (in the … menu) or anything that crafts packets or otherwise requires special access. Some aren’t even programs at all. If you click ‘webshells’ for example, Parrot just opens up a terminal in the /usr/share/webshells directory.
One reason Parrot has separate Desktop and Security editions is that you wouldn’t necessarily want all of those root-privileged tools lying around on your desktop. Just having them there is a security risk. Not because someone can exploit them, but because in the wrong hands they can wreck one’s setup. Similarly it’s not recommended to use the likes of Kali Linux (which by default only uses the root account) as a daily driver.
You can, of course, install these (see, for example, https://parrotsec.org/docs/installation.html), but remember that Parrot Security and Kali Linux can also be employed from a USB stick, which obviates the need for any kind of installation. That being said, it’s a little annoying working from a live environment and having to remember to save your data on another device or the cloud (since any changes you make in the live environment are lost on shutdown). Fortunately, Parrot makes it very easy to create a USB stick with persistence. Since the Security edition is close to 5GB, an 8GB USB stick will permit you 3GB of persistent storage. This is as easy as the three-step walkthrough (see below) suggests.