ParrotOS / Parrot Security 4.6 Linux Distro Review

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

para OS parrot security is a free open source Linux distribution based on Debian testing designed for security experts and developers and privacy aware people includes full portable arsenal of IT security and digital forensics operations but also includes everything you need to develop your own programs protects your privacy while surfing than that now this is a really slick distribution and I've been doing a lot of testing with that I've been using out and off over the years anytime I do any type of you know some of the hacking testing having fun you know we do the how they got hacked videos a lot of people talk about using Kali Linux I always preferred parrot over to Kali and pears become very very popular they both been around for a long time they're both based on Debian testing and I'll leave this blog article that kind of goes in detail and maybe I will one day Kali versus parrot but because I've used parrot way more than Kelly I'm favoring that one quite a bit but in short summary and I'll leave links at the link to this entire post when it comes to tools and functionality parrot OS as the winner over helot linux parrot OS has all the tools available in kala Linux and also adds its own tools and I didn't verify the statement on this blog post I did find it though and it's pretty much because they're both based on Debian repositories you if there's something you find missing either one like I said you can add it over there but there's a couple things that parrot does have right away which is a non surf and Wi-Fi Fisher both of these are pre-built in with parrot OS the other thing that's built in is a handful of other tools that I just found easier or at least more complete to setup with less problems in parrot but that goes back to a number of years ago and I haven't tried Kali recently to see if any of those bugs have been worked out and with any of these always going to be bugs especially when you're talking about an advanced pen pen testing tool like this but what I did to go a step further with parrot was a format on my laptop and loaded it on there and we're gonna cover that next in the video is actually using it's it's more than just using it just for the purpose built of pen testing I like parrot as now my you know operating system on my laptop because it having all the tools but still being able to use it as my so to speak evilly driver system that I can use to get my work done those first cover a little bit about the system of eret so they've been around since to 2013 this distribution is not new they didn't just start it yesterday they have a secure sandbox to environment using fire gel and a farmer this is actually kind of cool because they wrap everything in a set of security policy so they've done a lot of fine-tuning this is not like a Debian repository with some add-ons or a fork this is they copy all the debian repositories into their own and run their own repository system and then do a lot of customizations so I'm actually really heavy security customization that they build in here and one of the things that you know I really like is this announcer fright that's one of the things we're gonna demo later in a video is showing how that works is it's a it's a really neat system they have like I said a lot of documentation I'm not gonna cover every little thing on here excited this is more about showing you how it looks and how it works but it's well well-documented matter of fact that's actually one of the nice things is they have getting started using pair troubleshooting network map information this is kind of cool they have this whole breakdown of where their mere servers are details about their mayor server where the master nodes are this is it's really interesting they've done a lot it's more than just a distribution download they have a lot of information in their site whole user guide troubleshooting everything a nice FAQ so if you need to get into it from like the live method they do have this and they have their own paired upgrade and paired installs so when there's upgrades and things that need to be done it completely comes from their repositories like I said so it has you're still using the app tools you're still able to load the Debian tools on it and we're gonna dot dub package but the way their repository works they keep everything very up to date especially because they have so many hacking tools in there and this system will take care of upgrading them as well so it's kind of a very self-contained security and pentesting system that is easy to manage and easy to update so like it said they've done a great job on having all this in there now if you're familiar with apt and how their sources this work they do comment on here my sources list should be empty and they only have the parrot list you have to be very careful because you could run into trouble if you add your own or add more repositories to this this is Debian based and you may end up with some conflicts so just a word - warning on this be careful what you add if you decide to add other repositories but they pretty much they take care of it for you and so far setting it up and running into my laptop I haven't really had a problems setting all the things up that I wanted to run for my daily usage so it has all the pen testing tools and I added just a couple things like I do like Google Chrome to be on there for the business things that I do it all worked very well so let's jump over to download and show you a little bit about the install and then we'll switch over to my laptop to show it in action here when you want to download it it comes in a couple different flavors I think it's kind of slick that they have a home workstation build so if you don't care about all the hacking tools but you just want a more privacy focused operating system in terms of Linux based one so they has all the security sandboxing they have a smaller download that's for your home workstation it's only a two gig download now they also have for the home addition and KDE Home Edition and virtual appliance so you can download a virtual box image of it you can get the kve edition or the Home Edition which is going to be based on the mate' interface mate' interface is going to be much much lighter weight for the security edition we have the parrot security with the mati interface it's 4 gig download the KD Edition which is a 4 gig download as well and runs with KDE plasma desktop and still a virtual machine Edition and they still have other sub editions for things like loading it on a Raspberry Pi so if you go down to other builds they have a docker on that install orange pie ARP ARP and a pine 64 if you haven't seen the pine 64 box that's pretty cool these are also experimental ARM based distributions but still they're compiling them for more than just x86 so parents got a lot of options for you there now it does of course come with the live one I didn't feel like demoing the live but I pulled up here so you can see what the installer looks like it does have a standard Debian installer pretty basic I'm not gonna run through the entirety of the installer but it's if you've used aw2 installer at all it works quite well it also supports on set up full LVM encrypted drives I do recommend that all the time so she if you're lonely it's on you know anything that can be walked off with like a laptop please encrypt the whole Drive it's just a good habit to be into I encrypt all my desktop drives and my laptop drives and it's arbitrarily easy to do without really a performance hit on here so when we switch over my laptop here it is fully encrypted from the boot of the drive and like I said this is facilitated on the install with LVM encryption it's it's a nice system now before we switch over my laptop the other thing I wanted to cover was I downloaded the standard Montay desktop one but installed the version with KDE and it's actually really easy to do now I'm demoing this in my virtual system because I can't show this part when we do the screen capture on my laptop but up here at the top I have the ability to choose either the default X session which is the mottai or the plasma desktop so we're gonna choose plasma and put my password in and it loads this up in KDE plasma and then we'll go and log out you and we'll switch to the mati desktop when I do the screen share on my laptop it won't capture that screen that's why I'm doing this right here but this is the default desktop just you get and all you have to do in order to make this work sudo apt-get install pair at KDE and this will install the entire KDE desktop I believe that if you can do if you can download the KDE version you can also install apt-get install parrot - ma ta ma te and it will install full monty desktop on both so you don't really have to choose one or the other if you not if you're undecided which one you like or you keep going back and forth it does allow you to install both simultaneously and then each time you log in you can choose which desktop you want and both because you're installing the parrot version of the zest ops via all the parrot repositories by doing this you get the best of both worlds which is actually really nice from a standpoint of you know not deciding which desktop try them both out I did try the ma a desktop out and I did find it rather flat and kind of boring it works excellent for all the exploit tools and everything else but I thought the KDE one was a little bit better so we're actually gonna cover this from the KDE side of my laptop but I wanted so that both worked perfectly fine and I will also add one more thing to this before we switch to the laptop is both work through xtogo I did load X to go on my virtual host server here and we're gonna go ahead and switch to it so here it is with x2 go at a desktop all the applications and everything I can you know works works quite well in Monty being a very flat desktop still has that really flat look go ahead and system we're gonna log out and we'll go to pair at KDE and once again xtogo was built in I didn't have to add any repository it's just you know apt-get install actually go server and configure it for all this and because KDE and mati are supported in xtogo it works with both of them here and I keep this virtual install here the reason being because when you're doing some of the pen testing or enumeration work on a network I like to have a virtual install on my network because I actually use this to test my network I like it to beat up on my network but it takes time to do so for example if I run a tool like open vas for a vulnerability assessment against something it may take a couple hours or longer to run a series of these tests therefore it's nice having it installed as a virtual machine where you can kick it off and let it run in the background on my VM server for however long that particular tool that I'm running takes so it's really cool that this does this and like I said xtogo does work perfectly fine go ahead and log out from here and switch over to my laptop so I've loaded both Monta and the KDE desktop on my laptop oh so this is running parrot Linux gene Youth 4.6 latest version as of today and I loaded both but I after playing with it the monta desktop is just too simple and flat for my daily use so I'm going to show you this on the KDE all these tools work the same in both so this is really just a matter of desktop preference if you have a lower-end system you may want to lean towards the mate' due to its flatter look and lack of 3d requirements in terms of acceleration it does run a little bit faster on there now my laptop here's the specs on it is Intel Core i5 5300 2.3 gigahertz with eight gigs of RAM seven and a half K because there's some shared memory etc etc and only four cores so this is not exactly a powerhouse of a system but it runs perfectly fine applications open fine it's not slow to use it works quite well now the first thing we're talk about that I think is really slick and this is where the customization you'll start to notice right away of you going from a standard Linux desktop to this is the fact that there is a lot of other networking features added into this so the first networking thing we're going to talk about let's go to configure network connections and when you go into configuring the network connections it's kind of cool I've got the PA Sweden set here for the VPN in our LTS office VPN setup in here and let's talk about when you set up VPNs this is I just want to start I know it's starting at kind of the back end but I thought this was cool so you want to add a new connection it has a lot of options here for adding network connectivity Wi-Fi shared Wi-Fi Cisco VPN anyconnect iodine DNS juniper IPSec VPN and I believe forty gate is in yeah 48 SSL VPN so there's a lot of those are pre-configured in like I said these are all things you can load in other Linux distributions but out of the box these are any extras that they threw in here so you can go to a standard OB Open VPN and there's obviously instructions on how to do this to set that up or this is the best part and I just downloaded this from PAE they let you download the VPN file now as many of you know I'm a pfSense user and with pfSense you can also just download the inline configuration how to pfSense and then do an import so when we go to import connection we hit create go to downloads paa I have all these they have a hold download pack you can get from PA a VPN and I can choose like Singapore South Africa wherever I want to be open it up and it'll let me log in and import that so let's go ahead and say South Africa open do I want to import including all the certificates whoops I said no and I meant to say yes that's alright it's in there if the certificates aren't in line with the file and they're separate it can bring them all in there from that download folder and put them in the proper data store but here we are just going to put my PA username and password in there and away we go so how does it connect to the Open VPN that's actually really slick too right now I'm connected to pas whedon I hit disconnect and show you how the connection works I don't save my passwords in my VPNs alright and now it's connected and refresh to show you here actually will go to ifconfig dot Co here open it up in another page and you can get my IP address right here I've always liked this site is kind of slick just I have config dot Co and you can grab your IP address by the way if you're not favored at this tool you can curl it as well oops and it's gonna pull your IP address and if you want to disconnect from the VPN just go ahead and disconnect and it shows me back here in the United States so I'm not gonna show you my public IP address sorry and if you're wondering all these IP addresses were open for PIAA VPN so it they made it really easy to do and I thought that was really slick right off the bat for the networking that I can just go ahead and import that in I'll import it right out of PF sense and instantly have the VPN connected along with all the other options they have for cisco and 48 and everything else because you know if you're doing some pen testing you may need to connect to some of those networks so go back to configure network connections again and you'll see right here I'm connected to our internal Wi-Fi general configuration if I want to make this connection to be able to other users Wi-Fi security options in you know all the usual here but where they added a lot more is that we go over here to the wired connection this is just a nice little feature so maybe you don't want your wired to have the same MAC address all the time and I believe you can do this for the one here I can choose a random MAC address instead of my own so both of these have this option on here to go okay I want to choose a different random MAC address so I don't want to use mine each time this is kind of cool that they built this in on-the-fly so I can just go ahead and change that so I don't want to have my computer fingerprinted based on if you're trying to plug in and do some things so each time you plug in you want a different address you can keep using a different MAC address which is usually prompts DHCP servers to give you a different address on the network and obviously you may not want that network it'd be it tied to your physical adapter so they allow you to spoof that that's built right in a couple are side notes so they do have it so you can automatically connect to a VPN when using this connection so when you predefined a bunch of different network interfaces which they again once again make this really you do just hit the plus and you can define like another version of your wired interface with different IP settings on there they've made this so like certain ones maybe you automatically want to connect to a VPN and you know like I said this is kind of a nice feature niceties when you're doing security testing it's not that you want everything to be automated but it's nice to have a few automated things in there to you know help you out all right so that's the network configuration pretty slick now the Firefox configuration out of the box has a few plugins installed which i think is kind of cool so we're going to go ahead and close this and whenever you fire up Firefox it by default wants to start with the parrot profile and I actually loaded both parrot and tom profiles in there that way I can use a couple different ones but if you load the parrot profile it opens up Firefox and displays your public IP address don't worry I'm on PA you don't need to leave about thing in the comments but the parrot profile has a handful of you know a few different websites bookmarked for you things you can look up learning programming books parrot open books crypto books other books they have a lot of links that they pre-built in that are all free for you to start downloading and diving in and stuff I thought that was kind of nice that this level of customization but hey really cool that you you know can start reading right away so you can load the Cicero dive right in and start reading and learning within it with nice links to it and a donate page if you want to donate to the parrot security project because well takes a lot of time to make an operating system this awesome all these features in there and they have a lot of different ways to donate so if you can afford a few dollars I know I'll be doing this throw some money at the project it helps people out and put together these advanced projects now we also have you black origin privacy badger and no script installed in the Firefox browser as well so like I said the out-of-the-box experience is pretty privacy oriented in parent security now the other thing I wanted to talk about was the anonymous surfing we're gonna dive right into that too so they have the anon surf now when you're going through the applications here there's all kinds of things that we're gonna get to those in a second but I like that the announcer is right here so announcer start announcer stop now I ran into a couple error I find it works better from the command line you get a few errors and I'm not clear what those errors mean they said they're gonna be fixed soon so I like to run the anonymous surface to do and it makes those errors go away and it's just an answer start now I wanted to do it this way too because I want you to see exactly what happens when we do this we're gonna get an answer start and it's gonna say do you want an answer to kill dangerous applications and clean some application caches we would love you to do that so what it's doing here and it walks you to it's gonna start up a tor node but it's also you know killing off applications cleaning out the cache shutting down things that are open to kind of you know clear out your trail of where you were and it's going to start everything back up stopping resolver stopping the DNS mash those are deep for that's for your DNS so we want to make sure everything starts fresh from a tor node connection and you are under announcer so now if you didn't see it up here at the top it says dance like no one's watching and crypt like everyone is global anonymous proxy activated I just really like the way they did this so now we can use that same tool we used before so we're on a curl I have config dot CO and it takes a second to get the tor nodes going we're still connected to PA Sweden let's disconnect that and while we're at it we're gonna look at the onion circuits that are formed so we'll see which ones are built once again more stuff they've integrated so this has tor built in and a back-end the announcer kicks off the tour runs the wrapper so we'll see if it works now all right that site didn't load stores go ahead and open up under paired security to show my IP address and now my IP address is seven seven two four seven one eight one one six two like so this is a tor address here and I'm apparently in the Netherlands and if I want to be somewhere else I have these onion circuits open here I can see where I'm connected to which circuits it's going through we're gonna go ahead and if we su do tour service restart we can force it to rebuild those connections and I should end up statistically likely with a different IP address so here it goes thinking all right connections are all built looks like it built the same route but like I said this is kind of a nice feature they built all this info if you care about the privacy and you want to be able to suspend something up without going through a VPN but they go through a tor node they've just built this right in on here now in terms of what else they have on here that's where it gets really extensive we're going to go ahead and close this close this close tabs actually let's shut down the anonymous mode because it does walk you through that too so if we go sudo announcer stop do you want a announcer to kill all dangerous applications and clean the caches yes so we're now going to take our self off so it says cache cleaned dangerous applications killed takes a few seconds while it restarts all these then it tells you global anonymous proxy closed stop dancing I it's just cute that they put that in there but I like that they give you these notices that you're aware of when you've turned it on when you haven't obviously if you're doing security you have to make sure that these things stay up and running you don't really want to start doing a test and maybe have it jump to your public IP address that could be very problematic for you now let's start digging into the applications they have here so we're going to go under here and under the heading heading of parrot so they have them all grouped here there are so many like I said according to the article over 600 I didn't count but I believe it we've got air crack air getting art image burp suite comes with the burp suite mostly configured too so you just throw it in throw a proxy you know way you go we have kayak multi go loft crack Wireshark Zen map I've covered Zen mat before OS app so these are all these common applications for pen testing information gathering once again they're all nicely categorized DNS information now just so you know when you're running some of these like DNS map what they're going to do is require sudo because they require elevated permissions to run but they're just going to open up a terminal because not all these have a graphical interface and they are designed to be run from a terminal if I can remember to type my password properly there we go but they leave you with like a help message on there to help get you started so here's how you run it here's the how you would do the target etc etc slick you've like an example usually just the defaults like if you run the command on there so it's like if I just typed it in without any parameters it'd probably give me the same yeah gives me the same information so a lot of these are not all graphical but it's running each one in its own session so you can start running your reconnaissance information out of there let's go back over to the applications and parent vulnerability analysis webinar analytics database assessment the actual exploitation tools what to do post exploitation tunneling and exfiltration OS backdoors I like I said to even go through these there's a lot of books you know I have a book list on my site in my Amazon site we recommend if you go through any of the Kali books they kind of equate back over to the pair of books like I said the parody features of these are pretty much the same when it comes to tools you're splitting hairs when you talk about which one is there which one's not but any tool you find them one pretty much could be loaded on the other one of the things I thought was cool too and I have not played with any of these tools because I've never really gotten into this but they have the canvas tools for automotive reverse engineering so you have all your can utilities here and there's quite a few of them so if you are into the automotive hacking which I would like to be but have not really put any effort into it but it seems really novel they do have a lot of that in error and there's a big demand from the automotive companies because they know people are hacking at it so they're trying to hire more security researchers to work on that now another neat thing they have is all the different system tools on here so if you want to start an SSH server start stop it obviously for me I'm more used to doing all this from the command lines to do's you know start or stop the SSH services but they've enabled it so you can start and stop those services right from here one of the tools that I like that I thought worked really good in here is open vas I'm gonna do a separate video on that but I do use this in my sometimes on testing devices I want to see and use the open and vulnerability assessment tool it can be a lot to set it up again figure it they make it pretty easy to set up configure right from here inside the parrot system that's like I said I could spend hours and there's a lot of people to do and I'll actually leave links to another YouTube channel that goes more in-depth on each individual tool well because they're just better at those tools than I am and that site is the exploit comm and the accompanying YouTube channel which there's a lot of great tutorials within this channel that will help cover like everything they've got all kinds of different documentation in here for or walkthroughs for how to do Wireshark and burp suite and lots of other tools so if you're looking for a channel to get started in some of this I have myself would found some of these tutorials very helpful that are on here and they have an entire website to kind of go along with it where they break down a lot of the details so there's a companion blog post on each one of them for going to the tools now overall I really like parrot Linux using it on my laptop here has actually been really pain free and easy once I got those couple things loaded that I needed it's worked perfectly fine out of the box even for some of my workflow using things like not a problem I was even able to load que my money which is what I used to do my accounting which is something I do on my laptop because it's tedious and I usually do it while I'm watching one of these other YouTube videos when I go through that but I haven't found anything that I can't really do on this with one big exception which I I'm trying to figure out a workaround for there is a screen capture tool I'm in love with that's called shutter it is really great for capturing screens so I don't know that I'd want to use this on my desktop until I can solve that problem but I'd also don't have a use on my desktop for all the hacking tools so I'm still gonna keep running pop OS on my desktop or my laptop where I used to spin up a VM to run the tools it's really convenient people to have all these tools running right on the hardware here on my laptop but at the same time because I can get to my Chrome browser get to my office VPN and do the communication tools that I use such as you know you talking to people to a key base in signal I can use this as my daily laptop and home use and it works perfectly fine so it's definitely a nice operating system I like the extra twice I like the network connectivity and the nature of when I go out to a client if I'm on site visiting client it's usually to do some network engineering troubleshooting and try to figure out what's going on with someone's network so it's nice having all those tools just loaded up and ready to go what I have to figure things out because a lot of people ask how we enumerate networks or how we go through and find things when we take on a new MSP client honestly I spend a lot of time doing things like n mappers n map to just try to find all the devices and having all the extra tools because sometimes when we do I teach take overs we don't have the password these tools are actually very helpful to check things inside of clients networks to try to determine what the password is the things that sometimes you can just guess it it's admin admin but having some of these tools which sound like hacking tools that you're thinking of black hats would use are also helpful when clients who have well poor IT people that they had to fire that doesn't always mean they had good documentation so this also helps with some of those documentation and maybe I'll do some more video specifically on those use cases for it but I'll jump over and check out the hacker supply channel because they have a great tutorial on how to dive into things a little bit further in terms of you know using all the tools on here but it's fun because just remembering the list of all the tools this comes with this heart so sometimes being able to go through and have them all organized by category the way they've done in Parratt is really great I think it's a great operating system overall it's not had any problems loading a laptop or in the virtual instance that I loaded it so definitely give it a go it's definitely with the try if you want something polished and you're still a beginner you just want to have a nice Linux system I'm still thinking the pop OS would be more suited for that but if you want to dive into the pentesting hacking parrot OS is excellent I do highly recommend it alright thanks thanks for watching if you liked this video give it a thumbs up if you want to subscribe to this channel to see more content hit that subscribe button and nabela icon and maybe YouTube will sense you and notice when we post if you want to hire us for a project that you've seen or discussed in this video head over to Lauren systems comm where we offer both business IT services and consulting services and are excited to help you with whatever project you want to throw at us also if you want to carry on the discussion further ahead over to forums at Lauren systems comm where we can keep the conversation going and if you want to help the channel out in other ways we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel and once again thanks again for watching this video and see you next time

Info

Channel: Lawrence Systems

Views: 68,318

Rating: undefined out of 5

Keywords: parrot security os, kali linux, parrot os install, penetration testing, parrot security, parrot 4.6, parrot security os vs kali linux, parrot security os install, parrot security os شرح, parrot security os review, linux, parrot os, parrot security os tools

Id: AECJUklf9gU

Channel Id: undefined

Length: 30min 12sec (1812 seconds)

Published: Sun May 12 2019