Parrot OS Security Edition is a Debian-based Linux distribution designed for penetration testing, digital forensics, and privacy-conscious users. It competes directly with Kali Linux but differentiates itself with a lighter footprint, a more polished desktop experience (MATE by default), and a strong focus on privacy tools alongside the offensive security toolkit. This guide walks through downloading, installing, and hardening Parrot OS Security Edition for professional use.
Why Choose Parrot OS Over Kali?
Both distributions are excellent, but Parrot offers distinct advantages in certain scenarios:
| Feature | Parrot OS | Kali Linux |
|---|
| Default desktop | MATE (lightweight) | Xfce (lightweight) |
| RAM usage at idle | ~400–600 MB | ~500–700 MB |
| Privacy tools | Built-in (Tor, AnonSurf) | Requires manual install |
| Usable as daily driver | Yes (Home edition) | Less so |
| Update frequency | Rolling release | Rolling release |
| ARM support | Yes | Yes |
For low-resource VMs or embedded testing environments, Parrot’s lower overhead is a real advantage.
Downloading Parrot OS Security Edition
Download the ISO from the official site: parrotsec.org
Choose the Security Edition — not the Home or HTB (Hack The Box) edition if you want the full security toolkit.
Verify the SHA256 checksum before booting:
sha256sum parrot-security-6.x_amd64.iso
Compare the output against the hash published on the Parrot downloads page.
Installation Options
- Flash the ISO to a USB drive (8GB minimum):
# Linux
sudo dd if=parrot-security-6.x_amd64.iso of=/dev/sdX bs=4M status=progress
sync
# Or use BalenaEtcher on Windows/Mac
- Boot from the USB and select Install (not Live mode for permanent installs)
- Choose partitioning — for a dedicated security workstation, use the full disk with LVM:
/boot — 1 GB (ext4, not encrypted)/ — 40+ GB (ext4, inside encrypted LVM)swap — equal to RAM (inside encrypted LVM)
- Enable full disk encryption (LUKS) when prompted — essential for a pentesting machine containing client data
- Set a strong passphrase for the LUKS container (separate from your login password)
Virtual Machine Setup (Recommended for Beginners)
Running Parrot in a VM is the safest way to start — you can snapshot, revert, and isolate your testing environment.
VirtualBox settings:
- RAM: 4 GB minimum, 8 GB recommended
- CPUs: 2 cores minimum
- Disk: 80 GB (dynamically allocated)
- Network: NAT for initial setup; switch to Host-Only or Internal Network for active testing
VMware settings:
- Enable Virtualize Intel VT-x/EPT for better performance
- Use VMXNET3 network adapter
After booting the ISO in a VM:
- Launch the installer from the desktop shortcut
- Select Guided - use entire disk with LVM
- Skip disk encryption for lab VMs (for convenience), but enable it on physical machines
Post-Install First Steps
Update the system immediately after first boot:
sudo apt update && sudo apt full-upgrade -y
sudo apt autoremove -y
Install VirtualBox Guest Additions (if in VirtualBox) for shared clipboard and screen resizing:
sudo apt install virtualbox-guest-x11 -y
reboot
Parrot Security ships with tools organized under the Parrot Menu (Applications → Parrot Security Tools):
- Nmap — port scanning and service detection
- theHarvester — email and subdomain harvesting
- Maltego — visual link analysis for OSINT
- Recon-ng — modular OSINT framework
- Shodan — search engine CLI for internet-connected devices
Vulnerability Analysis
- Nikto — web server vulnerability scanner
- Nessus (not pre-installed, but easily added) — enterprise vuln scanner
- OpenVAS — open-source vulnerability scanner
Web Application Testing
- Burp Suite Community — web proxy and vulnerability scanner
- sqlmap — automated SQL injection tool
- ffuf — fast web fuzzer
- OWASP ZAP — open-source web app scanner
Exploitation
- Metasploit Framework — exploitation framework
- Searchsploit — offline exploit database search
# Search for exploits
searchsploit apache 2.4
searchsploit -m 44675 # Copy exploit to current directory
Password Attacks
- John the Ripper — offline password cracker
- Hashcat — GPU-accelerated hash cracking
- Hydra — network brute-force tool
Wireless Attacks
- Aircrack-ng — WEP/WPA cracking suite
- Wifite — automated wireless attack tool
- Kismet — wireless network detector
Forensics and Privacy
- Autopsy — digital forensics GUI
- Volatility — memory forensics
- AnonSurf — route all traffic through Tor (Parrot exclusive)
Configuring AnonSurf (Privacy Mode)
AnonSurf is Parrot’s integrated Tor routing tool. When active, all system traffic is routed through the Tor network:
# Start AnonSurf
sudo anonsurf start
# Check status and current Tor IP
sudo anonsurf status
sudo anonsurf myip
# Stop AnonSurf
sudo anonsurf stop
# Change Tor identity
sudo anonsurf change
AnonSurf also supports DNS leak prevention — it overrides your DNS settings to use Tor’s DNS resolver, preventing DNS queries from bypassing the Tor tunnel.
Hardening Parrot OS
1. Keep the System Updated
Set up unattended security updates:
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades
sudo apt install ufw -y
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enable
sudo ufw status verbose
3. Disable Unnecessary Services
# List running services
systemctl list-units --type=service --state=running
# Disable services you don't need
sudo systemctl disable bluetooth
sudo systemctl disable cups
sudo systemctl stop cups
4. Secure SSH (If Using Remote Access)
sudo nano /etc/ssh/sshd_config
Key settings to change:
Port 2222 # Change default port
PermitRootLogin no # Disable root login
PasswordAuthentication no # Use keys only
MaxAuthTries 3
Generate and use SSH keys:
ssh-keygen -t ed25519 -C "parrot-workstation"
ssh-copy-id -p 2222 user@remote-host
5. Enable Full Disk Encryption (If Not Done at Install)
For physical machines not encrypted at install time, you can encrypt the home directory:
sudo apt install ecryptfs-utils -y
sudo ecryptfs-migrate-home -u yourusername
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
# Check status
sudo fail2ban-client status
sudo fail2ban-client status sshd
AppArmor is installed and active on Parrot by default. Check its status:
sudo apparmor_status
sudo aa-status
Enable enforcement mode for all profiles:
sudo aa-enforce /etc/apparmor.d/*
Setting Up a Pentest Workspace
Organize your work from the start:
mkdir -p ~/pentests/{client-name}/{recon,exploitation,loot,reports}
mkdir -p ~/tools
mkdir -p ~/wordlists
Create symlinks to common wordlists:
ls /usr/share/seclists/
ls /usr/share/wordlists/
Install additional tools not in the default repos:
# Install Go tools
sudo apt install golang -y
export PATH=$PATH:/usr/local/go/bin
# Install Nuclei
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
# Install subfinder
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
Snapshot Your Clean Install
Before starting any engagement, take a VM snapshot of your clean, updated install:
- VirtualBox: Machine → Take Snapshot → “Clean Install YYYY-MM-DD”
- VMware: VM → Snapshot → Take Snapshot
This lets you revert to a known-good state instantly if something goes wrong or a tool corrupts your environment.
Summary
Parrot OS Security Edition is an excellent platform for penetration testing and security research. Its combination of offensive tools, privacy features like AnonSurf, and solid Debian foundation make it a competitive alternative to Kali Linux — especially on hardware-constrained systems or for users who want a capable daily driver that doubles as a security workstation. Follow the hardening steps above and maintain a disciplined workspace structure to keep your testing environment professional and reliable.