If you don’t fit into any of those categories, it doesn’t mean that you have no use for pentest Linux distributions. Regardless of whether you want to pursue a career in information security, become a Linux administrator, or just learn more about computers and networks, pentest Linux distributions let you get hands-on experience with technologies most people only read about.
In this article, we compare what are currently the two most popular pentest Linux distributions, Kali Linux and Parrot Security OS, to help you get started on your pentest journey. While you can use both Kali Linux and Parrot Security OS as your main operating system, most pentesters run them from a USB drive instead to increase their privacy and security.
Penetration Testing Explained
The Chinese general, military strategist, philosopher, and reputed author of The Art of War, Sun Tzu, said, “If ignorant of your enemy and yourself, you are certain to be in peril.”
This nugget of wisdom is especially applicable when it comes to cybersecurity because it explains why organizations and individuals alike must use the same tools as attackers to evaluate the security of their cyber defenses, which is what penetration testing boils down to.
Penetration testing makes it possible to find security weaknesses, evaluate organization’s security policy and its adherence to compliance requirements, and raise employee awareness by simulating cyber-attacks using a wide variety of security assessment tools that are available for this exact purpose.
Pentest Linux distributions are one very important category of penetration testing tools. They bring together hundreds of professional tools for security testing, software development, and privacy defense, and present them in the form of a convenient live distribution.
First released by Offensive Security in March 2013, Kali Linux is arguably the most widely known pentest Linux distribution in the world. It’s derived from Debian, but large chunks of it come from BackTrack, which was the previous Linux distribution of Offensive Security.
Kali Linux has three core developers—Mati Aharoni (muts), Devon Kearns (dookie), and Raphaël Hertzog (buxy)—but they are by far not the only people who contribute to it. The distribution has thousands of supporters around the world, so bug fixes never take too long to be released, and support questions never take too long to be answered.
Bundled with Kali Linux is a massive collection of over 600 penetration testing software applications, including Nmap (a port scanner), Wireshark (a packet analyzer), Aircrack-ng (a software suite for penetration-testing wireless LANs), and many others.
Most software applications are imported from the Debian repositories, and Kali Linux itself is based on Debian Testing. Because Debian Testing is not exactly a bleeding-edge Linux distribution, it shouldn’t come as a surprise to you that software in Kali Linux is often a few versions old. The obvious benefit of including older, more tested software is stability, and Kali Linux truly excels in this regard.
To run Kali Linux, you need a minimum of 1 GB hard disk space for installation and at least 512 MB of RAM for i386 and AMD64 architectures. Both 32-bit and 64-bit images are available, and Kali Linux even supports ARM devices like Raspberry Pi, BeagleBone Black, or Odroid U2.
Developed by Frozenbox Network, the first version of Parrot Security OS saw the light of day in 2013. Just like Kali Linux, Parrot Security OS is based on Debian’s testing branch, and it follows a rolling release development model.
The people behind Parrot Security OS include Lorenzo Faletra (palinuro), Lisetta Ferrero (sheireen), Francesco Bonanno (mibofra), Nicolas North (nikksno), and Federica Marasà (marafed). It’s true that Parrot Security OS doesn’t have such a large community of users behind it as Kali Linux, but the distribution has been gaining a lot of momentum in recent months, so things could be very different just a year or two from now.
Parrot Security OS goes beyond pentesting software applications and includes a whole host of privacy-oriented tools, as well as a full development stack with the best editors, languages, and technologies. One incredibly useful privacy-oriented tool included in Parrot Security OS is Anonsurf, which is a network anonymizer that forces all connections through Tor and/or the i2p network. Also supported are popular cryptocurrencies, including Bitcoin, making the distribution a great choice for all blockchain enthusiasts who care about their privacy.
Unlike Kali Linux, which uses GNOME 3, Parrot Security OS uses MATE as its default desktop environment. Because MATE started as a fork of GNOME 2, its system requirements are very modest, and you can feel it by how well Parrot Security OS runs on older and low-end computers. Only 256 MB of RAM for i386 and 320 MB of RAM for amd64 is required, but it definitely doesn’t hurt to have more.
There are several editions of Parrot Security OS you can choose from. Parrot Security is a complete suite of tools intended for penetration testing, digital forensics, reverse engineering, and software development. Parrot Home is a special version of Parrot Security OS designed for daily use. Last but not least, there are also special builds of Parrot Security OS, which let you run this pentest Linux distribution on various ARM devices, including Raspberry Pi, Orange Pi, and Pine64.
Both Kali Linux and Parrot OS are excellent pentesting Linux distributions that can help all aspiring and seasoned penetration testers uncover hidden vulnerabilities to prevent hackers with bad intentions from exploiting them. Kali Linux has a broad community of users, who are always willing to help newbies solve any problems they might have. Parrot Security OS, on the other hand, stands out with its strong technical team and recent popularity surge.