Reading Time: 3 minutes

Docker: Parrot OS Security

In an effort to make Parrot OS Security more portable the creators have been experimenting with Docker. They have successfully ported an enormous amount of functionality into a Parrot OS Security Docker image. This will make running Parrot OS Security anywhere possible. Because this is running in a Linux container the graphical user tools will not be available. Currently, the security image only contains basic penetration testing tools but thus so far this is more than impressive.

Let’s Pull Some Docker Images

Just to show off how portable this is now, I’ll be using Docker on Windows with a PowerShell terminal to do all of this.

https://hub.docker.com/r/parrotsec/security

(Parrot OS Security Docker Image)

Accessing the ParrotSec Container

Before I access the terminal I created a folder on my root hard drive for the Docker container’s files.

Just WOW! I’m beyond impressed at this point. Things are starting to look familiar. Accessing the Docker container is very easy. I used the command below and was given a ParrotSec OS prompt.

Trying out the functionality

At this point, I’m dying to see what is packed into this container. Everything will obviously be accessed through shell prompt. Let’s try out some functionality!

Parrot OS Metasploit Framework in Docker

First things first! One of the most powerful tools in Parrot OS is the Metasploit framework.

(Metasploit in a Parrot OS Docker Container)

Hydra, password dictionaries, rockyou.txt

Oh no! This is missing! However, it makes a lot of sense because that password dictionary is 15 GB!

I also notice hydra was not installed…

This was expected… this is a light Docker image of ParrotOS and is still incredibly powerful. Below I will show you how to install it.

(expected limited functionality..)

Installing Wordlists and Hydra is Easy

Reverse Shell in Docker

Yes, it is possible to catch a reverse shell and here’s how I did it locally.

(Start netcat listener…)

I tried this out and it definitely works…

(catching the hook…)

Apps & Penetration Testing Tools

These are some of the apps I noticed that were available.

  • netcat
  • nmap
  • sqlmap
  • metasploit
  • dirb
  • nikto
  • wireshark CLI
  • tcpdump
  • webacoo
  • websploit
  • zuluCrypt
  • macchanger
  • weevly
  • BeEF
  • bettercap
  • dirbuster
  • dnsmap
  • dnsenum
  • ettercap
  • fierce
  • hashcat
  • john
  • htshells
  • sslstrip
  • gcc
  • git
  • geany
  • emacs
  • lua
  • vim
  • nano
  • perl
  • python
  • rsync