Learning ParrotOS: Kickstart simple pentesting and ethical hacking techniques using cybersecurity operating system

Learning ParrotOS

Kickstart simple pentesting and ethical hacking techniques using cybersecurity operating system

Arvin Destar

Preface

As a security pro or beginner, if you want to get up and running with ParrotOS for ethical hacking and penetration testing, this book is a must-have. It starts with an intro to ParrotOS, its unique security-oriented environment, and key components, and then moves step-by-step into hands-on exercises. You'll learn how to install and customize ParrotOS, manage user accounts, and set up critical network configurations.

It's all hands-on, with each chapter focusing on real-world tasks and popular tools like Metasploit, Burp Suite, OWASP ZAP, John the Ripper, and Aircrack-ng. You'll learn the essential pentesting techniques for assessing vulnerabilities, exploiting weaknesses, and maintaining access within hacked networks. You'll even learn to intercept and manipulate web traffic, automate scans, and execute controlled exploits to retrieve sensitive data and escalate privileges. The steps are clearly laid out so that you can build your confidence and skills on your own.

The focus here is on giving you a solid hands-on experience with the essential tools needed for penetration testing tasks, and it's all done on ParrotOS. No matter what your interests are, whether it's network reconnaissance, automating scripts, or monitoring systems, this book has got you covered when it comes to tackling the latest security challenges.

In this book you will learn to:

Install, configure and customize ParrrotOS for ethical hacking and pentesting tasks.

Use bash scripting to automate and streamline penetration testing workflows.

Manage files and directories using command-line tools like rsync, grep, and awk.

Utilize network scanning techniques with nmap to identify active hosts and vulnerabilities.

Analyze network traffic in real-time using tcpdump, revealing hidden threats and suspicious patterns.

Exploit web vulnerabilities by intercepting and modifying traffic with Burp Suite and OWASP ZAP.

Perform robust password audits and recover weak credentials using John the Ripper.

Test wireless networks using Aircrack-ng in WEP and WPA protocols.

Leverage pivoting techniques across compromised networks.

Integrate automated recon and scanning for continuous network monitoring.

Prologue

Which is better, ParrotOS or Kali Linux?  Back when I was just starting out in the field of ethical hacking, I wondered the same thing.  While Kali Linux has long been recognized for its powerful pentesting tools, I found that ParrotOS offers a refined approach that aligns better with my needs and philosophy.  At its core, ParrotOS is about security, but it also offers a lightweight, adaptable environment that is sensitive to user privacy and suitable for a variety of uses.  Because it gives me more control over the available security tools and lets me work efficiently without overwhelming the system, ParrotOS was my choice.

In Learning ParrotOS, I take you on a tour of the penetration testing landscape with the open-source operating system ParrotOS.  We will provide you with a solid foundation by exploring the installation and customization of ParrotOS together.  I will show you how to set up the system, manage user accounts, configure network settings, and automate tasks, all of which are essential for effective security testing.  In a fun and interactive way, you will learn advanced bash scripting, scan networks, and monitor systems in real-time.

My goal in writing this book was to provide you with practical examples that you can apply right away and observe the fruits of your labor.  In this course, you will learn how to use Burp Suite, OWASP ZAP, and Metasploit to intercept and modify web traffic, test for vulnerabilities, and even test wireless networks with Aircrack-ng.  The goal of each chapter is to provide you with practical exercises that you can do independently, so you can transform theory into practice and obstacles into opportunities for growth.  My aim is to assist you in becoming proficient with ParrotOS so that you can confidently and efficiently carry out common and essential ethical hacking tasks.  When we finish this book, you will have a powerful toolbox full of techniques that will equip you to solve real-world security problems creatively and precisely.

--Arvin Destar

Copyright © 2025 by GitforGits

All rights reserved. This book is protected under copyright laws and no part of it may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without the prior written permission of the publisher. Any unauthorized reproduction, distribution, or transmission of this work may result in civil and criminal penalties and will be dealt with in the respective jurisdiction at anywhere in India, in accordance with the applicable copyright laws.

Published by: GitforGits

Publisher: Sonal Dhandre

www.gitforgits.com

[email protected]

Printed in India

First Printing: December 2024

Cover Design by: Kitten Publishing

For permission to use material from this book, please contact GitforGits at [email protected].

Content

Preface

GitforGits

Acknowledgement

Chapter 1: Getting Started with Parrot OS

Chapter Overview

Parrot OS Overview

Before Parrot OS

Emergence of Parrot OS

Parrot OS Among Security Professionals

Choosing Right Parrot Edition

Home Edition

Security Edition

IoT Edition

Why choose Security Edition?

Downloading Parrot OS Security Edition

Selecting a Reliable Download Mirror

Understanding Checksums

Locating Checksum File

Importing Parrot OS GPG Key

Verifying Checksum Signature

Calculating and Comparing SHA256 Checksum

Creating a Bootable USB Drive

Preparing USB Drive

Installing and Configuring Rufus

Initiating Bootable USB Creation

Booting Parrot OS Live Environment

Configuring USB Boot

Launching Live Environment

Performing Initial System Updates

Updating Package Lists and Packages

Cleaning up Unnecessary Files

Verifying Update Process

Booting Parrot OS Live Environment

Exploring Live Session Features

Desktop Environment

Navigating File Manager

Using Terminal

Accessing Preinstalled Security Tools

Exploring Anonymity and Privacy Features

Interacting with Preinstalled Applications

Web Browsers and Communication Tools

Productivity Software

Development Tools

Summary

Chapter 2: Up and Running with Parrot OS

Chapter Overview

Step-by-Step Installation

Configuring BIOS/UEFI Settings

Installing Parrot OS

Language and Keyboard Configuration

Preparing Installation

Disk Partitioning

Setting up User Accounts and System Settings

Disk Partitioning Details

Partitioning Types

Choosing Between Automatic and Manual Partitioning

Navigating the Parrot Menu

Accessing Parrot Menu

Internet

Development

Office

Security

System

Accessories

Launching Security Tools

Launching Metasploit

Using Burp Suite for Web Application Testing

Performing Network Scans with Nmap

Analyzing Traffic with Wireshark

Exploring Subcategories and Integration

Information Gathering

Vulnerability Analysis

Wireless Analysis

Exploitation Tools

Customizing Parrot Menu

Pinning Applications to Panel

Organizing Tools into Favorites

Creating Custom Categories

File Management with Caja

Caja Interface

Performing File Operations

Copying Files and Folders

Moving Files and Folders

Renaming Files and Folders

Deleting Files and Folders

Managing File Permissions

Viewing File Permissions

Changing File Permissions

Changing File Ownership

Organizing Directories

Creating New Folders

Moving Items between Directories

Using Bookmarks for Quick Access

Sorting and Filtering Files

Advanced File Operations

Batch Renaming Files

Linking Files and Folders

Compressing and Extracting Files

Managing External Devices

Mounting and Unmounting Drives

Ejecting Devices Safely

Customizing Caja Preferences

Accessing Preferences

Adjusting General Settings

Setting up Default Applications

Integrating Plugins and Extensions

Exploring Advanced Features

Previewing Files

Search and Filter

Connecting to Network Shares

Sample Program: Organizing Security Project

Terminal Navigation and Shortcuts

Basic Navigation Commands

Print Working Directory

List Directory Contents

Change Directory

Managing Files and Directories

Make Directory

Remove Directory

Copy Files and Directories

Move or Rename Files and Directories

Remove Files and Directories

Viewing and Editing Files

Concatenate and Display Files

View Files Page by Page

View Start or End of Files

Simple Text Editor

System Information Commands

System Information

Monitor Processes

Disk Space Usage

Memory Usage

Package Management with APT

Updating Package Lists

Upgrading Installed Packages

Installing New Packages

Removing Packages

Searching for Packages

Searching and Finding Files

Search Within Files

Locate Files and Directories

Quickly Find Files

Networking Commands

Configure Network Interfaces

Test Network Connectivity

Secure Shell Access

Network Statistics

Managing Permissions

Change File Permissions

Change File Ownership

Process Management

Display Current Processes

Terminate Processes

Kill by Name

Useful Shortcuts

Sample Program: Terminal Commands In-use

Enhancing Productivity with Aliases

Exploring Command History

Combining Commands with Pipes and Redirection

Managing Background Processes

Setting up Workspaces

Configuring Multiple Virtual Desktops

Accessing Workspace Settings

Adding and Removing Workspaces

Customizing Workspace Settings

Managing Workspaces

Workspace 1: Security Tools

Workspace 2: Web Browsing and Research

Workspace 3: Documentation and Reporting

Workspace 4: Miscellaneous Tasks

Summary

Chapter 3: System Configuration and Customization

Chapter Overview

Managing User Accounts and Permissions

Creating New User Account

Modifying User Account Privileges

Securing User Accounts with Proper Permissions

Installing/Removing Software with APT

Updating Package Lists

Upgrading Installed Packages

Installing New Software

Removing Unneeded Software

Cleaning Up after Removal

Removing Unnecessary Packages

Clearing Package Cache

Searching for Packages

Advanced APT Commands

Downloading Packages without Installing

Checking Broken Dependencies

Simulating an Upgrade

Configuring Network Interfaces

Setting up Wired Connection

Checking Current Status

Configuring Wired Interface

Verifying Connection

Setting up Wireless Connection

Accessing Network Manager

Connecting to a Wireless Network

Configuring VPN Settings

Installing a VPN Client

Setting up VPN Configuration

Starting VPN Connection

Verifying VPN Connection

Sample Program: Configuring Network Interfaces

Managing and Troubleshooting Connections

Automating Tasks with Cron Jobs

Getting Started with Cron

Creating Cron Script

Creating Maintenance Script

Making Script Executable

Scheduling Cron Job

Editing Crontab File

Testing Cron Job

Automating Cron Scripting for Routine Maintenance

Optimizing System Performance

Adjusting System Settings

Managing Background Services

Identifying Running Services

Disabling Unneeded Services

Optimizing Resource Allocation

Managing Swappiness

Tuning I/O Scheduler

Monitoring System Resources

Disk Cleanup and Defragmentation

Summary

Chapter 4: Mastering Command-Line Utilities

Chapter Overview

Advanced Bash Scripting

Script Structure and Functions

Testing Script

File Operations and Management

‘rsync’ for File Synchronization and Backup

Searching Through Files with ‘grep’

Processing Data with ‘awk’

Combining ‘rsync’, ‘grep’, and ‘awk’

Trying OutNetwork Tools

‘nmap’ for Network Scanning

‘wget’ for Data Downloading

‘rclone’ for Cloud Storage Synchronization

Configuring rclone

Synchronizing Files to Cloud Storage

Copying Files without Deletion

Listing Remote Files

‘curl’ for HTTP Requests

Performing Simple HTTP GET Request

Saving Output to File

curl with Different HTTP Methods

Adding Headers and Handling Cookies

Integrating Network Tools

System Monitoring and Diagnostics

Using ‘htop’ for Real-Time Monitoring

Using ‘netstat’ for Network Diagnostics

Using ‘df’ for Disk Space Monitoring

Summary

Chapter 5: Leveraging Parrot OS Security Tools

Chapter Overview

Setting up Metasploit Framework

Installing Metasploit

Configuring Metasploit

Initial Database Setup

Updating Environment Variables

Initializing Metasploit

Launching ‘msfconsole’

Navigating ‘msfconsole’ Interface

Basic Configuration and Use

Automating Routine Metasploit Tasks

Creating Resource Script

Running Resource Script

Additional Configuration Options

Using Burp Suite for Web Testing

Configuring Burp Suite as Proxy

Setting up Proxy Listener

Configuring Browser

Intercepting HTTP Requests

Enabling Interception

Analyzing Intercepted Request

Manipulating HTTP Requests

Modifying Request Parameters

Using Repeater Tool

Sample Program: Testing Web App

Automating Scans with OWASP ZAP

Configuring OWASP ZAP

Automating Scan

Password Cracking with John the Ripper

Installing John Ripper

Preparing Test Password File

Running John Ripper in Default Mode

Using Custom Wordlist

Configuring Cracking Modes

Sample Program: Auditing Passwords and Recovering Lost Credentials

Prepare Hash File

Run a Dictionary Attack

Use Incremental Mode for Unmatched Hashes

Analyze Results

Wireless Security Testing with Aircrack-ng

Setting up Wireless Interface

Capturing Wireless Traffic

Start ‘Airodump-ng’

Select a Target Network

Cracking Wireless Key with ‘Aircrack-ng’

Sample Program: Testing Wireless Network

Enable Monitor Mode

Scan for Networks

Capture Handshake

Crack the Password

Summary

Chapter 6: Conducting Network Reconnaissance

Chapter Overview

Comprehensive Network Scanning with Nmap

Basic Host Discovery

Service Version Detection

Operating System Detection and Advanced Options

Output Options Save Scan

Sample Program: Assess Complete Network

Fine-Tuning Scans

Scriptable Scanning

Packet Analysis with Wireshark

Configuring Wireshark

Installing Wireshark

Configuring Wireshark Permissions

Setting up Capture

Analyzing Captured Traffic

Identifying Suspicious Activities

Sample Program: Capturing and Analyzing Traffic

Mapping Networks with Netdiscover

Installing Netdiscover

Netdiscover in Active Mode

Netdiscover in Passive Mode

Interpreting Output

Filtering and Customizing Scan

Sample Program: Holistic Network Mapping

Gathering Information with Recon-ng

Up and Running with Recon-ng

Setting up Workspace

Adding Target Domain

Modules for Data Collection

Gathering Additional Information

Automating Recon Tasks

Reviewing and Exporting Data

Sample Program: Reconnaissance Data

Summary

Chapter 7: Exploiting Vulnerabilities with Metasploit

Chapter Overview

Identifying Exploitable