Parrot Community

Community portal of the Parrot Project.

You are not logged in.

Announcement

Welcome Aboard Pirate!

Support us on Patreon and contribute to our project!

HappyHacking!

#1 2017-06-19 12:04:14

acidgen
Community Member
Registered: 2017-06-19
Posts: 10

Whats Parrot's vision?

Hi Parrot Devs and Community.

I have a question about Parrots vision, from what I see people would like this as
a Desktop Linux system, which I would not recommend at all for any security distribution.

Why?
It does contain vulnerabilities, old libraries, and "special" setup in order to get tools and
exploits working properly.

I would use this professionally on site, with as minimal stuff as possible.
Sadly Kali pulls to much performance and are slow with updates from their repo (bleeding edge, msf and Nmap etc).
And yes, you can change Window Manager etc etc but I just want it to be good Out Of The Box.

ArchStrike has been my goto, until one of the Developers quit.

BackBox is ok, but doesn't have all the things I use on a daily basis, which would mean I have to compile,
set up own gems, and might break the packet handling during updates etc.

However; Parrot have a good repo, similar to Kali but,  I'm unsure about Parrots vision.
Are you (devs) aiming for a Penetration testing distro or are you aiming for a desktop replacement ?

I see people requesting gaming support (Accelerated wine) and other tools / games
that would just waste space and effort.

Let me know, would be nice to contribute, unless its a 'desktop replacment'

Regards,
Acidgen

Offline

#2 2017-06-30 03:38:28

Jeff
Administrator
From: USA
Registered: 2017-02-11
Posts: 297
Website

Re: Whats Parrot's vision?

Well number 1  i use parrot easily as my main distro.  Second,  all the "Lib " Files are up to date and as a matter of fact we just updated with Debian 10.  Third, our vision is and always has been to make sure that we made a Linux Distribution that blows Kali away. And we have done just that.  Parrot is rated very high at this point and Kali is quickly losing ground.. I work with this every day and we are always improving its graphics and its speed and delivery as a Top Linux Distribution.


-Jeff Szydel

*Parrot Ambassador   *Social Groups Manager   *Helpdesk   *Wiki Editor   
*Parrot Telegram Group Administrator   *Parrot Community Administrator

Offline

#3 2017-06-30 21:05:12

palinuro
Parrot Project Founder
From: Italy
Registered: 2017-02-11
Posts: 238
Website

Re: Whats Parrot's vision?

PREAMBLE

i am italian, and english is not my main language.
there are many things that i should write to properly reply to you and i don't have so much time at the moment

sorry for any linguistic, grammatical or logical mistake

acidgen wrote:

Hi Parrot Devs and Community.

I have a question about Parrots vision, from what I see people would like this as
a Desktop Linux system, which I would not recommend at all for any security distribution.

if you don't only develop a software distribution but you also use it daily, you will immediately find all those little things that make it hard to use for things it is not made for

as a core developer and project founder i use parrot everywhere on all my personal computers (and with some precautions on some personal servers too) , and because i do other things not related to security, i have immediately spotted all the system details that may improve the comfort while using the system for daily use, gaming, office, porn, privacy, professional video editing, (almost) professional color correction/grading, 3d design, CAD design, audio production and so on.
and you know what? to achieve this you do not need to upset the system, but just to design it correctly.

acidgen wrote:

Why?
It does contain vulnerabilities, old libraries, and "special" setup in order to get tools and
exploits working properly.

bullshits

1) vulnerabilities
it does NOT contain vulnerabilities, or better, it may contain them, but they are immediately patched (remember that we are based on debian and debian is one of the most reliable and secure operating systems out there)

2) old libraries
it does NOT contain old libraries as we are based on debian testing, so once a software releases a new upstream version, it is immediately imported into debian experimental/unstable, and if it does not break anything, it is automatically imported into debian testing after a week since the last bug report, then it immediately enters parrot testing where it receives some further tests and then imported into parrot stable or immediately or after some days (never more than another week).
this means that usually parrot is perfectly up to date being less than a month behind the upstream version
and yes, it happened many times that parrot included softwares more updated than in arch linux
and yes, sometimes we ignore the debian release cycle and manually package more recent upstream versions that we trust when we need them to be absolutely updated in our repo.

3) no special setup, if a tool requires a particular version of a library, then that package is free to include its own version in its own tree (like metasploit does) without forcing us to keep old stuff in our system.
if some applications or tools require old and vulnerabile versions that may cause issues or create vulnerabilities in the system then they are fired from our repo and no longer provided by us..... want to hear some examples?? we recently did it with w3af, penmode, airmode, mysql (now provided by mariadb) and a couple of other packages, and we are being more efficient in selecting and handling our repository to keep it secure, updated, consistent and reliable.

acidgen wrote:

I would use this professionally on site, with as minimal stuff as possible.
Sadly Kali pulls to much performance and are slow with updates from their repo (bleeding edge, msf and Nmap etc).
And yes, you can change Window Manager etc etc but I just want it to be good Out Of The Box.

then i strongly suggest you to try our netinstall images where you can install only the core system and then build your very own environment on top of it, and remember that it is a debian testing core with further quality checks and a couple of tricks (some copied from kali and other security distros) to make the system more friendly for security things (for example if you install apache2, postgresql, mariadb or bind9, they will not be enabled by default to autostart at boot but they will remain dormant until you need them)

another awesome thing that we love to do, is to not let you use the root user by default.... if you really know the ABC of security then to run a couple of sudos or to open a root terminal is not supposed to be a problem for you

acidgen wrote:

ArchStrike has been my goto, until one of the Developers quit.

nice solution, i personally am a more "arch + blackarch repos" guy, but again, it is just a matter of tastes as soon as you really know all the details of what you are up to choose

acidgen wrote:

BackBox is ok, but doesn't have all the things I use on a daily basis, which would mean I have to compile,
set up own gems, and might break the packet handling during updates etc.

i know some backbox developers and i had the honor to see them at work on the debian pkg-security team, you know what? the way they work is fuckin awesome: they focus on few tools and maintain them well by making the quality their main goal.

but by now it is not a system i would suggest to anyone because they are still based on ubuntu 14.04 (did someone mentioned something about old libraries?), and trust me, when you work on something, to have a system with a set of libraries and software old enough to be between debian 7 and debian 8, well.... you can feel the difference.

but again, they focus on quality, and to have systemd aboard running the latest postgres version is not a key step to distriute a properly packaged nmap on a recent kernel

thumbs up for them

acidgen wrote:

However; Parrot have a good repo, similar to Kali but,  I'm unsure about Parrots vision.
Are you (devs) aiming for a Penetration testing distro or are you aiming for a desktop replacement ?

similar?
ok, let's make it clear:

1) both parrot and kali are based on debian testing.

2) parrot has an extremely small team (but an awesome community xP).

3) parrot imports all the tools of kali except for those directly maintained by the team, plus some tools not included in kali.

4) many people think that parrot is based on kali, but we import new packages directly from debian testing, and the kali import pipeline is on a separate layer with special rules (no kali metapackages are available on parrot for example), this makes parrot hard to be defined as a kali derivative, as for example we have similar import rules from other projects or distros we trust without being a derivative of them.

yes, we are VERY similar to kali as we share the same debian core and most of the tools, and both the distros are mostly compatible each other, but trust me, there are some major differences, and some of them are hard to spot from a user's point of view


acidgen wrote:

I see people requesting gaming support (Accelerated wine) and other tools / games
that would just waste space and effort.

when you work to fully support GPU acceleration for password cracking or parallel computing, the result is that you have automatically opened a beautiful gate to all the use cases where a GPU is needed, but again, it is not our goal, it is a goal of the development of debian

if i can play shadow of mordor on my laptop with 65fps on a stupid gtx850m during a typical hot sicilian summer is just because a bunch of people did the right thing, and they were working on the stack of software we are based on, then we are not wasting our time, probably debian is?

acidgen wrote:

Let me know, would be nice to contribute, unless its a 'desktop replacment'

it is not meant to be a desktop replacement, but it actually is because i love to make parrot as comfortable as possible, and when you tune a system to use less than 200mb of ram even with tons of applications aboard, you have made that awesome system that many people would love to use on their computer

are we going to be the next ubuntu and introduce new user friendly features that destroy our initial design? absolutely not! a quick example?
take a look at our update reminder: usually this kind of applications is very very complex, requires many resources while running, is always running in the background and regularly opens internet connections to verify the presence of updates

our update notifier on the other hand is just  a very little bash script that uses zenity as its interface, it does not verify if an update is available online, so if you are working on a production network, no internet traffic will be made from your parrot machine. it just remembers you once a week that you should upgrade your system, then it exits without leaving any background process opened.

i personally consider it a good way to design a very desktop-centric software which stays perfectly aligned with the main purpose of the distro

acidgen wrote:

Regards,
Acidgen


Lorenzo "Palinuro" Faletra - Parrot Security

GPG FINGERPRINT: B350 5059 3C2F 7656 40E6 DDDB 97CA A129 F4C6 B9A4
GPG Info: http://pgp.mit.edu/pks/lookup?op=vindex … 29F4C6B9A4
GPG Key: http://pgp.mit.edu/pks/lookup?op=get&se … 29F4C6B9A4

Offline

#4 2017-06-30 21:20:01

palinuro
Parrot Project Founder
From: Italy
Registered: 2017-02-11
Posts: 238
Website

Re: Whats Parrot's vision?

very short version of my previous message


what is the parrot vision?

we want to build a powerful, lightweight and customizable platform for security experts and privacy paranoid people


the system is based on debian, which is a general purpose distro, and even if parrot is a pentesting-centric project, it is still a beautiful debian remix and people love to use it for things which are completely out of our scope (i am the first one who uses parrot for video post-production)

i have personally discovered that it is quite easy to maintain the parrot core as general purpose as debian testing is without impacting in any way all the features that make it particularly comfortable for penetration tests and similar things, and no, we never gave up on a feature to maintain the wide range of use cases of debian

my professional video and audio editing platform, my gaming laptop and my little openstack lab are the proof of if

and this strange behavior is common to happen when the people who develop something are also the first users of that product


Lorenzo "Palinuro" Faletra - Parrot Security

GPG FINGERPRINT: B350 5059 3C2F 7656 40E6 DDDB 97CA A129 F4C6 B9A4
GPG Info: http://pgp.mit.edu/pks/lookup?op=vindex … 29F4C6B9A4
GPG Key: http://pgp.mit.edu/pks/lookup?op=get&se … 29F4C6B9A4

Offline

Board footer

Powered by FluxBB

Design by Klocek.