What ships in Parrot, what Kali has that Parrot doesn't, how to bridge the gap cleanly

Section	Topic
1	The metapackage model on both distros
2	Parrot’s `parrot-tools-*` metapackages — what’s in each
3	Kali’s `kali-tools-*` metapackages — the reference
4	Side-by-side category map
5	Tools Kali has that Parrot doesn’t
6	Tools Parrot has that Kali doesn’t
7	Installing the missing pieces cleanly
8	Version drift between Parrot and Kali
9	The fully-loaded daily-driver: a recommended install set
10	Cheatsheet additions

1. The metapackage model on both distros {#metapackage-model}

A metapackage in Debian / APT is a virtual package that depends on a group of other packages — installing it pulls in the whole group. Both Parrot and Kali use metapackages to organize their pentest tooling: instead of remembering “I need nmap, masscan, zmap, naabu, rustscan, unicornscan” for network reconnaissance, you install parrot-tools-network (Parrot) or kali-tools-information-gathering (Kali) and get all of them at once.

The two distros’ metapackage naming conventions diverge — Parrot prefixes with parrot-tools-, Kali with kali-tools- — but the contents substantially overlap. Most categories on one distro map to a clear category on the other.

The Parrot Security Edition ISO comes with most parrot-tools-* metapackages already installed. The Home Edition ships none of them — you’d apt install parrot-tools-full on Home to get the same tool set.

2. Parrot’s `parrot-tools-*` metapackages — what’s in each {#parrot-tools}

As of Parrot 6.3, the canonical parrot-tools-* metapackages are:

Metapackage	Contents (representative; not exhaustive)	Approx. tool count
`parrot-tools-network`	nmap, masscan, zmap, netcat, hping3, arp-scan, fping, mtr, traceroute, sslscan, sslyze, testssl.sh	~30
`parrot-tools-web`	sqlmap, nikto, gobuster, dirb, dirbuster, wfuzz, ffuf, burpsuite (community), zaproxy (OWASP ZAP), wpscan, jSQL Injection	~40
`parrot-tools-wireless`	aircrack-ng, kismet, reaver, bully, pixiewps, mdk4, wifite, hcxtools, hcxdumptool, wireshark, bettercap	~25
`parrot-tools-passwords`	john (John the Ripper), hashcat, hydra, medusa, ncrack, crunch, cewl, cupp, hash-identifier, hashid	~20
`parrot-tools-forensics`	autopsy, sleuthkit, volatility3, dc3dd, ddrescue, foremost, scalpel, photorec, binwalk, scrounge-ntfs, regripper	~30
`parrot-tools-reverse`	ghidra, radare2, rizin+cutter, gdb (gef/peda/pwndbg), ltrace, strace, objdump, hex editors (bless, ghex, wxhexeditor), IDA Free	~25
`parrot-tools-exploit`	metasploit-framework, set (Social-Engineer Toolkit), beef-xss, exploitdb, searchsploit, msfpc, mona.py	~15
`parrot-tools-pwn`	pwntools (Python), GEF/PEDA/pwndbg GDB plugins, gef-extras, ROPgadget, ropper, one_gadget, libc-database	~15
`parrot-tools-stress`	hping3, t50, slowhttptest, goldeneye, hulk, loic, xerxes	~10
`parrot-tools-sniffer`	wireshark, tcpdump, dsniff, ettercap, mitmproxy, bettercap, sslsplit, sslsniff, urlsnarf, dnschef	~20
`parrot-tools-vuln`	openvas (Greenbone), nikto, lynis, chkrootkit, rkhunter, unhide	~15
`parrot-tools-anon`	tor, torsocks, proxychains-ng, anonsurf, obfs4proxy, snowflake-client	~10
`parrot-tools-info`	theharvester, recon-ng, maltego (community), spiderfoot, photon, sherlock, holehe, h8mail	~20
`parrot-tools-cloud`	aws-cli, gcloud, azure-cli, pacu, cloudgoat, scoutsuite, prowler, cloudsplaining	~15
`parrot-tools-mobile`	apktool, jadx, dex2jar, drozer, frida-tools, objection, mobsf	~15
`parrot-tools-rfid`	proxmark3, libnfc, mfoc, mfcuk, libnfc-bin	~10
`parrot-tools-iot`	mqtt-tools, esptool, avrdude, openocd, j-link tools	~10
`parrot-tools-malware`	clamav, malwarescan, capa, yara	~10
`parrot-tools-full`	(transitively depends on everything above)	~500+

sudo apt install parrot-tools-<name> to install a category. sudo apt install parrot-tools-full for everything.

After install, the MATE menu’s Pentesting sub-menu groups tools by category (Information Gathering, Vulnerability Analysis, Web Application Analysis, Database Assessment, Password Attacks, Wireless Attacks, Reverse Engineering, Exploitation Tools, Sniffing & Spoofing, Post Exploitation, Forensics, Reporting Tools, Social Engineering Tools).

3. Kali’s `kali-tools-*` metapackages — the reference {#kali-tools}

For comparison, Kali Linux 2025.x’s catalog:

Metapackage	Contents	Approx. tool count
`kali-tools-top10`	The 10 most-used (nmap, Metasploit, Burp Suite, sqlmap, Aircrack-ng, John, Hydra, Hashcat, Wireshark, Nikto)	10
`kali-tools-information-gathering`	(same as Parrot’s `parrot-tools-network` + much of `parrot-tools-info`)	~80
`kali-tools-vulnerability`	OpenVAS, Nikto, sqlmap, w3af, joomscan, wpscan, etc.	~30
`kali-tools-web`	(matches `parrot-tools-web`)	~50
`kali-tools-database`	sqlmap, sqlite tools, jSQL Injection, sqlninja	~10
`kali-tools-passwords`	(matches `parrot-tools-passwords`)	~30
`kali-tools-wireless`	(matches `parrot-tools-wireless`)	~30
`kali-tools-reverse-engineering`	ghidra, radare2, rizin+cutter, gdb plugins, IDA Free	~25
`kali-tools-exploitation`	metasploit, beef-xss, set, exploitdb	~20
`kali-tools-social-engineering`	set, gophish, evilginx2, beef-xss	~10
`kali-tools-sniffing-spoofing`	(matches `parrot-tools-sniffer`)	~20
`kali-tools-post-exploitation`	empire/starkiller, mimikatz, BloodHound, Sliver, PowerSploit, weevely	~30
`kali-tools-forensics`	(matches `parrot-tools-forensics`)	~30
`kali-tools-reporting`	dradis, faraday, magictree, pipal, casefile	~5
`kali-tools-rfid`	(matches `parrot-tools-rfid`)	~10
`kali-tools-hardware`	esptool, avrdude, openocd, sigrok, j-link	~10
`kali-tools-windows-resources`	impacket, responder, mimikatz, evil-winrm, crackmapexec / NetExec	~30
`kali-tools-crypto-stego`	hashid, hash-identifier, John, sage, stegcracker, steghide	~15
`kali-tools-fuzzing`	afl, american-fuzzy-lop, honggfuzz, wfuzz, ffuf	~15
`kali-tools-802-11`	aircrack-ng, mdk4, kismet, pyrit, reaver	(subset of wireless)
`kali-tools-bluetooth`	bluez, blueranger, bluelog, bluemaho, btcrack	~10
`kali-tools-sdr`	gnuradio, gqrx, gr-osmosdr, rtl-sdr	~10
`kali-tools-voip`	sipvicious, voiphopper, sipsak	~10
`kali-tools-rfid`	proxmark3, libnfc, mfoc	~10
`kali-tools-everything`	everything (massive)	600+

4. Side-by-side category map {#category-map}

The two distros’ categories don’t map 1:1 — Kali splits more granularly. The functional mapping:

Need	Parrot metapackage	Kali metapackage
Network recon (nmap, masscan)	`parrot-tools-network`	`kali-tools-information-gathering`
Web app testing (Burp, sqlmap, ffuf)	`parrot-tools-web`	`kali-tools-web`
Wireless	`parrot-tools-wireless`	`kali-tools-wireless` + `kali-tools-802-11` + `kali-tools-bluetooth`
Password / hash	`parrot-tools-passwords`	`kali-tools-passwords`
Reverse engineering	`parrot-tools-reverse`	`kali-tools-reverse-engineering`
Exploitation	`parrot-tools-exploit`	`kali-tools-exploitation`
Post-exploitation / lateral movement	(subset of `parrot-tools-exploit`, less complete)	`kali-tools-post-exploitation` (richer)
Windows-specific (impacket, responder, mimikatz, evil-winrm, NetExec)	scattered; not a dedicated metapackage	`kali-tools-windows-resources` (well-curated)
Forensics	`parrot-tools-forensics`	`kali-tools-forensics`
RFID / NFC	`parrot-tools-rfid`	`kali-tools-rfid`
Hardware (microcontrollers, JTAG)	`parrot-tools-iot`	`kali-tools-hardware`
SDR	not metapackaged; `apt install gnuradio gqrx`	`kali-tools-sdr`
Anonymity	`parrot-tools-anon` (well-curated)	(no equivalent; install tor + obfs4proxy manually)
Information gathering / OSINT	`parrot-tools-info`	`kali-tools-information-gathering`
Fuzzing	(scattered; afl in main repo)	`kali-tools-fuzzing`
Reporting	not metapackaged	`kali-tools-reporting`

The two big gaps for Parrot users:

kali-tools-windows-resources equivalents (impacket, responder, mimikatz, evil-winrm, NetExec, BloodHound, PowerSploit, Sliver) are not bundled into a single Parrot metapackage. They exist in Parrot’s repos individually, but you install them by name.
kali-tools-post-exploitation equivalents are similarly scattered on Parrot. Empire / Starkiller / Sliver / Cobalt Strike alternatives are individually installable.

5. Tools Kali has that Parrot doesn’t {#kali-only}

In 2026 the actual “Kali-only” gap is narrow — most tools are available in both either via the distro’s own repo or via the upstream developer’s release. The places where Parrot is meaningfully behind:

Tool	Why Kali has it more conveniently	How to get on Parrot
BloodHound + neo4j	Kali ships `bloodhound` metapackage; Parrot requires manual neo4j install and BloodHound binary download	`apt install neo4j` + download BloodHound from https://github.com/BloodHoundAD/BloodHound/releases
Sliver C2	Kali ships `sliver` package; Parrot doesn’t	Download from https://github.com/BishopFox/sliver/releases
NetExec (the maintained CrackMapExec fork)	Kali ships `netexec`; Parrot may have older `crackmapexec`	`pipx install netexec`
Starkiller (Empire GUI)	Kali ships in `kali-tools-post-exploitation`	Download from https://github.com/BC-SECURITY/Starkiller/releases as AppImage
Caldera (MITRE ATT&CK emulation)	Kali ships	`git clone https://github.com/mitre/caldera.git` + install
Mythic C2	Kali ships	Docker; pull from https://github.com/its-a-feature/Mythic
Faraday community platform	Kali ships `faraday-server`; Parrot has older	Docker install via upstream docs
GoPhish	Kali ships	Download release from https://github.com/gophish/gophish/releases
PEASS-ng (LinPEAS / WinPEAS)	Kali ships	`wget` from GitHub releases

For most of these, the install pattern is: pipx install for Python tools, AppImage download for GUI tools, Docker for server-class tools, git clone for active dev projects.

6. Tools Parrot has that Kali doesn’t {#parrot-only}

The reverse list — Parrot’s distinctive offerings:

Tool	What it is
AnonSurf	System-wide Tor routing (Vol 5 § 4). Available as `kali-anonsurf` third-party package on Kali, but not first-class.
Parrot-shell	Custom zsh prompt theme integrated with AnonSurf state.
Parrot Privacy Mode	A MATE session that disables logging, sets up tmpfs `/tmp`, runs everything through firejail. Press the Privacy Mode toggle in the system tray.
Parrot Cleaner	One-click cleanup of bash history, system logs, browser caches. The “covering tracks” function bundled.
Cryptcrack toolkit (custom)	Parrot’s curated collection of hash-cracking scripts wrapping hashcat.
anti-forensic boot mode	A boot option (from GRUB) that mounts no swap, no drives — for triage of evidence devices without alteration.
Better Calamares LUKS+LVM defaults	Parrot’s installer creates a more polished LUKS+LVM layout out of the box. Kali requires manual partitioning for the same.
Parrot-style menu organization	Subjective, but Parrot’s MATE pentest menu structure mirrors industry-standard categories better than Kali’s Xfce menu.

7. Installing the missing pieces cleanly {#installing-missing}

The cleanest patterns for adding what Parrot doesn’t bundle.

7.1 Python tools — pipx

pipx installs Python CLI tools in isolated venvs and links them into ~/.local/bin/. No system-Python pollution, no pip install --user conflicts.

sudo apt install pipx
pipx ensurepath
# Restart shell or source ~/.zshrc

# Install tools
pipx install netexec
pipx install impacket
pipx install bloodhound      # the CLI; the GUI is separate
pipx install pwntools
pipx install volatility3
pipx install cme             # CrackMapExec (legacy; prefer netexec)
pipx install certipy-ad
pipx install kerbrute
pipx install enum4linux-ng

7.2 Go tools — go install

Many Go-based pentest tools (subfinder, naabu, httpx, nuclei, ffuf, gobuster recent versions) are best installed via go install:

sudo apt install golang
export PATH=$PATH:~/go/bin   # add to ~/.zshrc

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install -v github.com/ffuf/ffuf/v2@latest
go install -v github.com/OJ/gobuster/v3@latest

7.3 Rust tools — cargo install

For Rust-based pentest tools (rustscan, feroxbuster, etc.):

sudo apt install cargo rustc
cargo install rustscan
cargo install feroxbuster
cargo install x8           # parameter discovery

Binaries land in ~/.cargo/bin/ — add to PATH.

7.4 AppImages — single-file binaries

For desktop apps that don’t have a Parrot package (Burp Suite Pro, OWASP ZAP, Bitwarden Desktop, Starkiller):

Download the .AppImage file.
chmod +x ~/Downloads/AppName.AppImage.
Drop into ~/Applications/ (create the folder if missing).
Use AppImageLauncher (sudo apt install appimagelauncher) to integrate into the MATE menu — drag the AppImage into AppImageLauncher’s UI, it creates a .desktop file.

7.5 Flatpak — sandboxed cross-distro apps

Flatpak is Parrot-supported but not enabled by default in Security Edition:

sudo apt install flatpak gnome-software-plugin-flatpak
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
# Restart session

# Install apps:
flatpak install flathub org.mozilla.firefox
flatpak install flathub com.bitwarden.desktop
flatpak install flathub org.signal.Signal
flatpak install flathub im.riot.Riot       # Element / Matrix client

Flatpak apps run in their own sandbox — convenient, but pentest tools sometimes break in the sandbox (no raw socket access, restricted PATH, no access to outside ~/).

7.6 Docker — for server-class tools

sudo apt install docker.io docker-compose
sudo usermod -aG docker $USER
# Log out + back in for group change

# Examples
docker pull bishopfox/sliver-server:latest
docker pull mitre/caldera:latest
docker pull mythic/mythic-cli:latest

docker run -d --name dvwa -p 80:80 vulnerables/web-dvwa

7.7 Pinning Kali’s repos to Parrot — the “Don’t”

A pattern occasionally suggested online: add Kali’s apt repository to Parrot’s /etc/apt/sources.list.d/ to pull Kali-only packages. Do not do this. Mixed-distro apt configurations break package dependencies the first time something significant updates. Either install the missing tool via pipx/go install/AppImage, or run a Kali VM alongside Parrot.

8. Version drift between Parrot and Kali {#version-drift}

Both distros track upstream tool development, but the cadence differs.

Tool	Update cadence on Parrot	Update cadence on Kali
Metasploit Framework	Weekly (Parrot’s mirror of Rapid7’s repo)	Daily (Kali’s mirror is more aggressive)
nmap	Quarterly (in line with Debian Testing)	Quarterly
sqlmap	Monthly	Monthly
Wireshark	Quarterly	Quarterly
Burp Suite Community	When upstream releases	When upstream releases (slightly faster)
hashcat	Monthly	Monthly
Aircrack-ng	Quarterly	Quarterly
BloodHound	Not packaged	Quarterly (Kali team backports)

For the latest version of any specific tool, apt show <tool> shows the packaged version; the upstream project’s GitHub releases show the absolute current. If you need bleeding-edge, install from upstream (pipx/go/cargo or git clone + build).

9. The fully-loaded daily-driver: a recommended install set {#daily-driver-set}

For Jeff’s daily-driver use case, this is a sensible installed-set the day after install:

9.1 Parrot metapackages

sudo apt install \
    parrot-tools-network \
    parrot-tools-web \
    parrot-tools-wireless \
    parrot-tools-passwords \
    parrot-tools-forensics \
    parrot-tools-reverse \
    parrot-tools-exploit \
    parrot-tools-pwn \
    parrot-tools-sniffer \
    parrot-tools-vuln \
    parrot-tools-anon \
    parrot-tools-info \
    parrot-tools-rfid \
    parrot-tools-iot \
    parrot-tools-mobile \
    parrot-tools-malware

(Skipped parrot-tools-cloud — install when Jeff starts cloud work. Skipped parrot-tools-stress — DoS tools, narrow use case. Skipped parrot-tools-full — pulls all of the above + several extras Jeff may not need.)

9.2 Additional individual packages

sudo apt install \
    wireshark tshark dumpcap \
    gnuradio gqrx-sdr gr-osmosdr rtl-sdr hackrf \
    code            # VS Code from Microsoft, or replace with codium
    git tig         # version control
    tmux            # terminal multiplexer
    zsh fzf ripgrep fd-find bat exa htop btop \
    keepassxc       # password manager
    obsidian        # notes (if available; else AppImage)
    flameshot       # screenshot
    obs-studio      # screen recording for demos / writeups
    kvm qemu virt-manager libvirt-daemon-system bridge-utils \
    docker.io docker-compose \
    pipx golang cargo rustc \
    minicom picocom screen tio   # serial console

9.3 Python tools via pipx

for tool in netexec impacket bloodhound pwntools volatility3 \
            certipy-ad kerbrute enum4linux-ng requests-toolbelt \
            sherlock-project holehe; do
    pipx install $tool
done

9.4 Go tools via go install

for tool in github.com/projectdiscovery/subfinder/v2/cmd/subfinder \
            github.com/projectdiscovery/naabu/v2/cmd/naabu \
            github.com/projectdiscovery/httpx/cmd/httpx \
            github.com/projectdiscovery/nuclei/v3/cmd/nuclei \
            github.com/projectdiscovery/dnsx/cmd/dnsx \
            github.com/ffuf/ffuf/v2 \
            github.com/OJ/gobuster/v3 \
            github.com/tomnomnom/assetfinder \
            github.com/tomnomnom/waybackurls; do
    go install -v ${tool}@latest
done

9.5 AppImages

Burp Suite Community — from https://portswigger.net/burp/communitydownload
Bitwarden Desktop — from https://bitwarden.com/download/
Signal Desktop — from https://signal.org/download/linux/
OBS Studio — apt install obs-studio works fine
Obsidian — from https://obsidian.md/download
Tor Browser — from https://www.torproject.org/download/

9.6 Browsers

Firefox — pre-installed; harden via arkenfox/user.js if security-conscious
Brave — apt install brave-browser after adding Brave’s repo (or via Flatpak)
Tor Browser — for clear-browser Tor sessions

9.7 Disk space estimate

The above set lands in 30-40 GB under /. Comfortable on the Vol 3 § 5.2 80 GB / partition.

10. Cheatsheet additions {#cheatsheet-feed}

Install all Parrot pentest tools: sudo apt install parrot-tools-full.
Per-category install: sudo apt install parrot-tools-<category>. Categories: network, web, wireless, passwords, forensics, reverse, exploit, pwn, sniffer, vuln, anon, info, cloud, mobile, rfid, iot, malware.
Find what package owns a tool: apt-file search <command> (after sudo apt install apt-file && sudo apt-file update).
Find newer version of installed tool: apt show <tool> vs upstream GitHub release.
Install Python pentest tool: pipx install <package>.
Install Go pentest tool: go install -v <repo path>@latest.
Install Rust pentest tool: cargo install <crate>.
Add Flatpak (Flathub): flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo.
DO NOT mix Kali repos into Parrot’s apt sources.
List installed Parrot metapackages: dpkg -l 'parrot-tools-*' | grep '^ii'.

Parrot OS Volume 6 — Tool Inventory and Kali Parity

Contents