They are arranged perfectly. If you want some different grouping, manually edit the menu with LibreMenu or create launchers on the panel(s).
Look up Metasploitable2, Metasploitable3, Webgoat, etc. The devs are not going to pay for servers that are hackable. Nmap has a site to scan too. Plus all this: Vulnerable webapps and VMs for penetration testing practice: my own list | Andrea Fortuna
And also big things are happening between Parrot Devs and the HackTheBox website: HTB News | Hack The Box + Parrot OS
Note that joining HackTheBox requires you to hack one of their pages to find a secret code before having further access to their free hacking scenarios. It requires that someone knows what they are doing to join.
Hahaha! Google Chrome on a security distribution. Would you like Microsoft Edge while you’re at it too? I have FireFox, Brave, Tor, Chromium, Opera, Falkon, Konqueror, and WaterFox Classic installed on my Parrot main system. If you must, don’t pursue hacking, install gdebi and right-click on the following deb package: https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
The Parrot developers are constantly working on bug fixes and packaging. Some of the mirrors are recently missing packages or have downgraded packages. Use the mirror list to find a mirror that works (China and Italy are two that are up-to-date) instead of https://deb.parrot.sh/parrot for now: Mirrors list - Parrot Documentation
You can add VirtualBox directly from the Parrot mirrors. Or even download and install VMware Workstation Player for free (it’s much faster than VirtualBox, but may phone home): https://www.vmware.com/go/getplayer-linux