Finally A Worthy Rival To Kali
ParrotOS is a pretty promising new offering in the pentester targeted OS space that initially looked to be the best contender to Kali in my opinion. Sure there have been others, like BlackArch, but personally I didn’t see them as practical or viable. While the new takes were appreciated, Parrot felt like it was someone making a fresh attempt at the pentester toolkit experience in the same way I would.
With the above in mind I decided I would daily drive Parrot. To that end I have been using Parrot for a while, a little over a year, and it has been a great year or so! That is… up until the last few months.
The Challenge With Trendy Linux Distros
Unfortunately, Linux distros come and go sometimes. Such is the way of life especially when you don’t have a profit model for your project. I don’t want to dive into the politics of open source technology or even this specific event but I want to make it clear I don’t think the devs working on Parrot are BAD. But what I am about to say next may come off… not good.
Parrot seems to be falling victim to attrition in a way that makes it hard to support, or even suggest. Broken mirrors, unresponsive founder, poor support etc. And that isn’t just a recent change unfortunately.
So what’s wrong specifically with ParrotOS?
Glad you asked. Over the last few months the most glaring issue with Parrot is many of the mirrors for it running from MIT are broken. That is, if you are automatically directed to the MIT servers to download an update it will fail. This happens even out of the box with a fresh install of Parrot. It’s extremely disappointing as this is as simple as a mirror list update but for some reason the parrot Devs aren’t able to do it.
My whole issue is pretty well summarized in this forum discussion
Sadly, the devs are well aware that the updates for Parrot have been broken for some users out of the box for some time and are apparently unable to do anything about it. At the time of this writing I am still unable to update a fresh ParrotOS install for the most part. While admittedly MIT mirrors are not under the Parrot dev’s control, the list of mirrors is. So why do we still have this issue?
Leadership MIA
Apparently, Palinuro is MIA/Low Profile, after a cursory search we can see this is the alias associated with the founder of Parrot Security. So not only are some users unable to update the security focused OS for security professionals, the person who founded it and is apparently responsible for ensuring updates are going smoothly is unresponsive to the issue. This makes for a concerning situation when your MVP for any project disappears and takes the keys to the shop with them.
Where is Palinuro? Why can’t anyone fix the broken mirrors without him? I don’t know and without any more invasive digging I don’t think we will for a while.
What can I do in the meantime?
There are some decent suggestions to manually edit the mirror list but this ultimately defeats the purpose of the selector. Additionally, this is a solution that shouldn’t be required in the first place..
Summary
ParrotOS, when opperational, is a great new take on the security OS and is a great contender against Kali. Unfortunately, it is in pretty bad shape with broken mirrors and an MIA founder who apparently is the only one who can fix the issue. While a bandaid fix exists, to say you need to bandaid the updates on a security focused OS out of the box has a lot of irony in it.
Personally, I like ParrotOS a lot, but in its current state I can’t recommend it to anyone looking to supplant their Kali daily driver. Keep an eye out though, maybe it will turn around!
Ryan