Kali Linux and Parrot Sec OS, Penetration Environment Comparison

Mar 8, 2022 by Georgi Nikolov | 2969 views

Offensive Security Pentesting

https://cylab.be/blog/205/kali-linux-and-parrot-sec-os-penetration-environment-comparison

For years, hackers have been the main characters of movies, books and generally have captured the imagination of regular folks. When we see these hackers use the tools of their trade, we usually see a black screen with green text flashing as fast as possible on the screen, lost in commands and bright flashing lights. This can't be any further from reality, as most hackers will spend hours and days on end to accomplish their tasks, usually staring at a screen, using their programs of choice.

Malicious actors, and the people who try to stop them, have to usually learn the same techniques to be able to accomplish their goals. Security experts need intimate knowledge in how hackers operate, to be able to prevent any intrusions in their systems. Usually this is accomplished through the use of penetration testing and the use of programs and tools, which an attacker would use. It is a major hassle to install all these programs by yourself, luckily here are distributions that facilitate this. One of the most popular of these distributions is Kali Linux, over which i have already written about here, but I would like to compare it to another distribution that has become quite prominent in pen-testing, the Parrot OS and see how they stack next to each other.

Kali Linux

kali_logo2.jpg

A lot can be said about Kali Linux, it is one of the most well established Linux distributions for penetration testing and sports a large variety of tools. The caveat is that it is quite complicated getting started and familiarizing with all the possibilities the Kali distribution offers. Luckily there are a large amount of tutorials available online, which explain how to install, configure and use Kali and the plethora of tools available.

Parrot OS

parrot_logo2.png

The Parrot Security OS is a Linux distribution, offering a nice and clean product for regular users, and in the vein of Kali, offering a powerful tool focused on security, privacy and offering a familiar environment for cyber security professionals to perform penetration testing. As with Kali Linux, it comes pre-installed with hundreds of tools, and as with Kali Linux, it can be a bit overwhelming for newcomers. Parrot OS has passed through multiple iterations- the StealthPwn and frozenboxOS, ending with the final product, that is the Parrot OS.

Comparison

First lets discuss the similarities between the two operating systems:

  • both systems are free
  • both systems are designed with penetration testing in mind
  • based on Debian development standard, which means that it has all the Debian repositories and packages available
  • supports 32 and 64-bit architectures
  • both support cloud Virtual Private Servers
  • support for analysis and testing of embedded and Internet of Things devices
  • both come pre-installed with a wide arsenal of hacking tools

At first glance it seems that both distributions are quite similar, it is quite difficult to see what sets them apart and why choose one over the other. To see what differentiates them, lets look at their hardware requirements:

Parrot OS Kali Linux
Graphical Acceleration No Graphical Acceleration Required Graphical Acceleration Required
Memory Required 320mb RAM 1GB RAM
CPU Required 1GHZ dual-core CPU 1GHZ dual-core CPU
Booting Requirements Can boot in legacy and UEFI Can boot in legacy and UEFI
Hard Disk Required 16GB of hard disk space 20GB of hard disk space

As we can see already from the start, the Parrot OS does not need Graphical Acceleration and demands less memory, because of the use of the MATE Desktop Environment. Contrary to that, Kali uses GNOME, which is heavier and has higher requirements. Funnily enough, MATE is a fork of the now unmaintained GNOME 2 project, making them soft-of siblings. Alongside that, Parrot OS requires a bit less hard disk space to install and run, saving you couple of GB of space.

Regarding security, Parrot OS offers some tools not directly available in Kali:

Conclusion

Comparing the the two distributions, we can see that there isn't a big difference in what kind of tools are installed. Parrot OS has a bit more security and anonymity oriented applications, but as both distributions are Debian based, it is easy to install them on Kali Linux too. The major difference comes in the hardware requirements between the two: Parrot OS is evidently more light-weight and can run on a wide variety of machines, where Kali Linux needs a more robust set-up to function properly. At the end of the day, it comes down to personal preference which of the pen-testing distribution we would like to use.

Honorable Mentions

BlackArc Linux is an Arch Linux-based penetration testing distribution that is also relatively popular with security researchers. The major caveat is that the Arch distribution can be a bit more complicated to set-up and update compared to the Debian one.

BackBox Linux is another operating system designed as an open source community project, centered around security and safety. It is based on Ubuntu, which is a Debian Linux distribution. The goal of this OS is to be used for penetration testing and security assessments, with a speedy and easy to use graphical interface.

This blog post is licensed under CC BY-SA 4.0

How to detect filtered (and opened) outgoing ports on a network?
Sometimes you want to access services running on unusual ports, like a SSH server running on port 2222 for example. If connection fails, how can we detect the outgoing ports that are filtered or open on the network?
May 16, 2023 | 1122 views
Adv-Bot: Realistic Adversarial Botnet Attacks against Network Intrusion Detection Systems
Due to the numerous advantages of machine learning (ML) algorithms, many applications now incorporate them. However, many studies in the field of image classification have shown that MLs can be fooled by a variety of adversarial attacks. This raises many questions in the cybersecurity field, where a growing number of researchers are recently investigating the feasibility of such attacks against machine learning-based security systems, such as intrusion detection systems.
Mar 28, 2023 | 926 views
SQLMap : additional techniques
In a previous blog post, we have explained what SQL injection is, and how to exploit it using sqlmap. In this blog post, we will show some additional techniques: how to exploit web applications that use clean URLs, how to exploit a POSTed form, how to hide traces etc.
Mar 21, 2023 | 1490 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept