Parrot OS Tutorial: Complete Beginner’s Guide

Parrot OS is a Debian-based Linux distribution designed for security testing, privacy, and development. If you’re interested in cybersecurity, ethical hacking, or simply want a privacy-focused operating system, this tutorial will get you started.

What you’ll learn:

• How to install Parrot OS
• Navigation and basic commands
• Essential security tools
• Practical exercises to build skills
• Best practices for ethical hacking

What is Parrot OS?

Parrot OS (formerly Parrot Security) is a complete security-focused operating system that includes:

• Penetration testing tools - Network analysis, vulnerability scanning, exploitation
• Privacy tools - Anonymous browsing, encrypted communications
• Development tools - Programming languages, IDEs, containers
• Forensics tools - Digital investigation capabilities

Parrot OS vs Kali Linux

Both are excellent security distributions. Here’s how they compare:

Feature	Parrot OS	Kali Linux
Base	Debian Testing	Debian Testing
Resource Usage	Lighter (~320MB RAM)	Heavier (~500MB+ RAM)
Desktop	MATE (default)	XFCE (default)
Privacy Tools	Built-in (AnonSurf)	Manual setup
Target Audience	Beginners to Advanced	Intermediate to Advanced
Home Edition	Yes (daily driver)	No

Parrot OS is often recommended for beginners due to lower resource requirements and a more user-friendly interface.

Installation Options

Option 1: Full Installation

Download the ISO from parrotsec.org and install on dedicated hardware or as a dual-boot.

Editions available:

• Security Edition - Full penetration testing suite
• Home Edition - Privacy-focused daily driver
• Architect Edition - Minimal, build your own

Option 2: Virtual Machine

Run Parrot OS in VirtualBox or VMware:

1. Download the ISO or pre-built VM image
2. Create new VM (2GB+ RAM, 20GB+ disk)
3. Mount ISO and boot
4. Follow installation wizard

Option 3: WSL2 (Windows)

Run Parrot OS directly in Windows. See our detailed guide: Parrot OS on WSL2

Option 4: Live Boot

Boot from USB without installation to test the system.

First Steps After Installation

Update Your System

Always start by updating:

sudo apt update && sudo apt full-upgrade -y

Explore the Desktop

Parrot OS uses the MATE desktop environment by default:

• Applications Menu (top left) - Access all tools
• Places - File manager shortcuts
• System - Settings and administration
• Panel (bottom) - Running applications

Terminal Basics

Open the terminal (Ctrl+Alt+T) and practice these essential commands:

# Navigation
pwd                 # Print working directory
ls                  # List files
ls -la              # List all files with details
cd /path/to/dir     # Change directory
cd ~                # Go to home directory
cd ..               # Go up one directory

# File Operations
mkdir folder_name   # Create directory
touch file.txt      # Create empty file
cp source dest      # Copy file
mv source dest      # Move/rename file
rm file.txt         # Delete file
rm -r folder        # Delete folder recursively

# System Information
uname -a            # System information
whoami              # Current user
id                  # User and group IDs
df -h               # Disk space
free -h             # Memory usage

Essential Parrot OS Tools

Network Analysis

Nmap - Network Scanner

Nmap is the most important tool for network discovery and security auditing.

# Scan single host
nmap 192.168.1.1

# Scan network range
nmap 192.168.1.0/24

# Service version detection
nmap -sV 192.168.1.1

# Operating system detection
nmap -O 192.168.1.1

# Aggressive scan (comprehensive)
nmap -A 192.168.1.1

# Stealth scan
nmap -sS 192.168.1.1

Wireshark - Packet Analyzer

Wireshark captures and analyzes network traffic:

1. Launch from Applications > Sniffing/Spoofing > Wireshark
2. Select network interface (eth0, wlan0)
3. Start capture
4. Use display filters: http, tcp.port == 80, ip.addr == 192.168.1.1

Vulnerability Scanning

Nikto - Web Server Scanner

# Scan web server
nikto -h http://target.com

# Scan specific port
nikto -h http://target.com -p 8080

# Save output
nikto -h http://target.com -o report.html -Format html

OpenVAS - Vulnerability Scanner

Comprehensive vulnerability assessment tool:

# Install OpenVAS
sudo apt install openvas

# Initialize
sudo gvm-setup

# Start services
sudo gvm-start

# Access web interface
# https://127.0.0.1:9392

Password Tools

Hydra - Login Cracker

For authorized password testing:

# SSH brute force (authorized testing only!)
hydra -l username -P wordlist.txt ssh://target

# Web form attack
hydra -l admin -P wordlist.txt target http-post-form "/login:user=^USER^&pass=^PASS^:Invalid"

John the Ripper - Password Cracker

# Crack password hash
john hashfile.txt

# Use specific wordlist
john --wordlist=/usr/share/wordlists/rockyou.txt hashfile.txt

# Show cracked passwords
john --show hashfile.txt

Privacy Tools

AnonSurf - Anonymous Browsing

Parrot’s built-in tool for routing traffic through Tor:

# Start anonymous mode
sudo anonsurf start

# Check status
anonsurf status

# Change Tor circuit
anonsurf change

# Stop and return to normal
sudo anonsurf stop

OnionShare - Secure File Sharing

Share files anonymously through Tor:

1. Launch from Applications > Internet > OnionShare
2. Add files to share
3. Start sharing to get onion address
4. Share address with recipient

Web Application Testing

Burp Suite - Web Security Testing

Burp Suite is essential for web application security:

1. Launch from Applications > Web Application Analysis > Burp Suite
2. Configure browser proxy (127.0.0.1:8080)
3. Browse target application
4. Analyze requests in Proxy tab
5. Use Repeater for manual testing

SQLmap - SQL Injection

For testing SQL injection vulnerabilities:

# Test URL parameter
sqlmap -u "http://target.com/page?id=1"

# Get database names
sqlmap -u "http://target.com/page?id=1" --dbs

# Get tables
sqlmap -u "http://target.com/page?id=1" -D database_name --tables

Practical Exercises

Exercise 1: Network Discovery

Objective: Map your home network

# Find your network range
ip addr show

# Scan your network (replace with your range)
nmap -sn 192.168.1.0/24

# List discovered hosts
# Note: Only scan networks you own!

Exercise 2: Service Identification

Objective: Identify services on a target system

# Use a vulnerable VM like Metasploitable for practice
# Download from: https://sourceforge.net/projects/metasploitable/

# Scan for services
nmap -sV -sC target_ip

# What services are running?
# What versions?
# Are any outdated?

Exercise 3: Web Application Reconnaissance

Objective: Gather information about a web application

# Use intentionally vulnerable apps:
# - DVWA (Damn Vulnerable Web Application)
# - OWASP WebGoat
# - HackTheBox machines

# Scan with Nikto
nikto -h http://target

# Check for interesting directories
dirb http://target

# Review results for vulnerabilities

Exercise 4: Password Audit

Objective: Test password strength

# Create a test hash (your own password only!)
echo -n "testpassword" | md5sum

# Save hash to file
echo "hash_here" > test_hash.txt

# Attempt to crack
john --format=raw-md5 test_hash.txt

# Lesson: Weak passwords are easily cracked

Setting Up a Practice Lab

Never practice on systems you don’t own. Set up a safe lab:

Recommended Vulnerable VMs

1. Metasploitable 2/3 - Classic vulnerable Linux
2. DVWA - Web application vulnerabilities
3. VulnHub machines - Various difficulty levels
4. HackTheBox - Online practice platform
5. TryHackMe - Guided learning paths

Lab Network Setup

[Your PC/Laptop]
       |
   [Virtual Network]
       |
[Parrot OS VM] ---- [Vulnerable VM(s)]

Use host-only or NAT networking to isolate practice systems.

Best Practices for Ethical Hacking

Legal Considerations

Always:

• Get written permission before testing
• Stay within scope of authorization
• Document all activities
• Report vulnerabilities responsibly
• Follow your organization’s policies

Never:

• Access systems without permission
• Test production systems without approval
• Share discovered vulnerabilities publicly before fixing
• Use techniques that could cause damage

Professional Development

Build your skills responsibly:

1. Start with CTF challenges - Safe, legal practice
2. Earn certifications - CompTIA Security+, CEH, OSCP
3. Contribute to open source - Security tools welcome contributions
4. Join communities - Learn from experienced professionals
5. Stay updated - Security evolves constantly

Troubleshooting Common Issues

WiFi Not Working

# Check if adapter is recognized
iwconfig

# Check for available networks
sudo iwlist wlan0 scan

# If using USB adapter, check drivers
lsusb
dmesg | tail

Tools Not Found

# Update package lists
sudo apt update

# Search for package
apt search tool_name

# Install missing tool
sudo apt install tool_name

Permission Denied

# Run with sudo for system commands
sudo command_here

# Check file permissions
ls -l filename

# Fix permissions if needed
chmod +x script.sh

VM Performance Issues

• Allocate at least 2GB RAM
• Use SSD storage if possible
• Enable VT-x/AMD-V in BIOS
• Install guest additions/tools

Frequently Asked Questions

Is Parrot OS legal to use?

Yes, Parrot OS is completely legal. It’s the activities you perform that matter. Only test systems you own or have explicit permission to test.

Can I use Parrot OS as my daily driver?

Yes! The Home Edition is designed for everyday use with privacy features. The Security Edition can also be used daily but includes many tools you may not need.

Do I need powerful hardware?

No. Parrot OS runs well on modest hardware:

• Minimum: 1GB RAM, 20GB disk
• Recommended: 2GB+ RAM, 40GB+ disk, SSD

How do I learn more advanced techniques?

1. Complete TryHackMe learning paths
2. Practice on HackTheBox
3. Study for security certifications
4. Read security blogs and research
5. Join CTF competitions

Is Parrot OS better than Kali for beginners?

Many consider Parrot OS more beginner-friendly due to:

• Lower resource requirements
• Cleaner interface
• Built-in privacy tools
• Home Edition for daily use

Both are excellent choices. Try both and use what works for you.

Next Steps

Now that you understand Parrot OS basics, continue your learning:

1. Set up a practice lab with vulnerable VMs
2. Learn networking fundamentals - TCP/IP, routing, firewalls
3. Study for certifications like Security+ or CEH
4. Join cybersecurity communities for support and learning
5. Practice regularly on CTF platforms

Resources

Official Documentation

• Parrot OS Documentation
• Parrot OS Forums

Learning Platforms

• TryHackMe - Guided rooms
• HackTheBox - Practice machines
• VulnHub - Free vulnerable VMs
• OverTheWire - Wargames

Related Guides

• Parrot OS on WSL2 - Run Parrot on Windows
• Pwnagotchi WiFi Security Tool - AI-powered WiFi testing
• Penetration Testing Guide - Get started with pentesting
• Cybersecurity Careers - Build your career

Conclusion

Parrot OS provides everything you need to learn cybersecurity and ethical hacking. Start with the basics, practice in safe environments, and always maintain ethical standards.

Remember: The goal is to become a security professional who protects systems and people. Use your skills responsibly.

Happy learning, and welcome to the cybersecurity community!