Parrot OS 7.0 “Echo” is a major new release of the popular security‑focused Linux distribution. It brings a fully modernized interface and a Debian 13 base. Additionally, it features KDE Plasma 6 with Wayland. The release includes a new AI‑centric penetration testing toolset aimed at the next generation of cybersecurity workflows. It is still free and open source. It is designed for security professionals, developers, and privacy‑conscious users who want a ready‑to‑use pentesting and development platform.
What’s new in Parrot 7.0 Echo
Parrot 7.0 is described by its developers as a complete system rewrite. It updates almost every layer of the distribution to align with the upcoming Debian 13 “Trixie” base. This overhaul improves package management and stability. It enhances access to newer compilers, libraries, and runtimes that are important for exploit development. These features are also crucial for modern app stacks.
The release is codenamed Echo. It is inspired by the Echo Parakeet (Mauritius Parakeet). The release ships with a refreshed visual identity. This includes a new wallpaper, revised icon set, and updated accent colors. These design changes are packaged as the echo-themes collection. These themes are built on Flat Remix and Sweet Mars. They are also available from the project’s graphics repository for reuse or customization.
Desktop, UI and system architecture
Parrot 7 switches from MATE to KDE Plasma 6 as the default desktop environment. It adopts Wayland as the default display protocol on supported hardware. KDE is often regarded as heavy. However, the Parrot team has tuned Plasma and theming. These efforts keep it relatively lightweight and responsive on typical pentesting hardware.
Under the hood, ISOs are still built using Debian’s live-build. However, Parrot now relies on dedicated tooling to generate optimized virtual machine images. These images are for QEMU, VirtualBox, VMware, and UTM in formats like .qcow2, .vmdk, .ova, .vdi, and .utm. Docker images and WSL builds are aligned with Echo. They are produced by a fully automated GitLab CI/CD pipeline. This allows images to be rebuilt and pushed to Docker Hub with a single pipeline trigger.
Core packages and tooling refresh
Several key Parrot metapackages have been bumped for 7.0, including parrot-core, parrot-interface, parrot-menu, and parrot-desktop-kde. The parrot-core component was originally geared around MATE and dconf. It has been refactored to drive KDE’s plain‑text configuration files cleanly. This reduces friction when applying Parrot‑opinionated defaults on top of Plasma.
parrot-menu sees a major cleanup. Desktop entries and icons have been revisited. The Go‑based launcher-updater utility has been improved to catch duplicate or broken entries. It now provides clearer error messages. System‑wide, the distro also updates core toolchains and runtimes, including newer OpenJDK, Go, Python 3.13, glibc 2.41, and AppArmor 4.1, which benefits both development and exploit research scenarios.
New pentesting and AI tooling
Parrot 7 ships an expanded and more opinionated set of preinstalled tools. It stays true to its “small but complete” philosophy. It also broadens coverage across offensive and defensive workflows. New additions include utilities for C2, tunneling, and eBPF reversing. They also cover Active Directory mapping, automated recon, and cloud secret hunting. These make the base install more immediately useful out of the box.
A dedicated AI category debuts in the menu. The first flagship tool is Hexstrike AI. It is an AI-assisted offensive security framework. This framework focuses specifically on LLM prompt security and advanced prompt-engineering tests. It does this rather than engaging in generic code generation. The Parrot team explicitly states that their long-term AI roadmap is about sponsoring tools that test and secure AI systems. They focus on LLM-driven workflows. They argue that the “AI revolution” in cybersecurity will hinge on robust strategies and specialized testing frameworks, not pure automation.
Parrot‑tools metapackages and categories
The parrot-tools metapackage has been expanded to install more tooling by default. It still leaves plenty in the repositories for users who want a minimal core. Among the notable changes, gdb and cgdb are now part of parrot-meta-devel-tools. Various recon and privilege-escalation helpers, such as autorecon, goshs, bloodhound, chisel, and peass, are grouped into parrot-tools-infogathering. Bpf-focused reversing utilities sit under parrot-tools-reversing.
For cloud and DevSecOps‑style work, tools like Syft and Trufflehog are included via parrot-tools-cloud. This gives users built‑in support for SBOM generation. It also aids in secret scanning in distributed stacks. In the crypto and key‑management space, Seahorse replaces GPA inside parrot-meta-crypto. It provides a more modern GUI for managing GPG keys. It also manages related secrets.
RISC‑V, Raspberry Pi and hardware support
Parrot 7 is the first penetration‑testing distribution to officially embrace RISC‑V. It provides a pre‑assembled riscv64 root filesystem tarball. Additionally, it ensures that every compatible Parrot and Debian package builds natively for this architecture. You can run Parrot on emerging RISC‑V boards with ease. The experience is much closer to the x86_64 images than ad‑hoc ports or chroot setups.
On the ARM side, Raspberry Pi images have been updated to reflect the KDE switch. The team strongly recommends using the Core edition on older Pi 3B hardware. They suggest reserving full Home or Security editions for boards with at least 2 GB of RAM. The developers also leave the door open to potentially returning to MATE. They might also adopt XFCE in future releases. This would happen if KDE proves too heavy for long‑term support on constrained devices.
Parrot Updater, Rocket and workflow polish
To improve everyday usability, the Parrot Updater tool has been completely rewritten in Rust. It now exposes a GTK4‑based graphical interface. This interface performs weekly system checks. It also pops up notifications when updates are available. This project served two purposes. It allowed the team to deepen their expertise in Rust. This knowledge could influence future system utilities and security‑critical components.
The Rocket application manager advances to version 1.3.0, with performance improvements and tighter integration into the Echo stack. These changes, along with the improved CI/CD and Docker/WSL images, make it easier to integrate Parrot. It is easier to incorporate into more modern, container-centric and hybrid Windows–Linux workflows.
Debian 13 conversion and upgrade path
Users can now use Parrot 7 repositories from Debian 13. This is possible through an official conversion script. It enables users to layer the Parrot experience on top of an existing Debian install. This works with any desktop environment or window manager. However, due to the variety of Debian setups, the Parrot team recommends starting from the Core Edition. After that, add Home or Security components as needed.
There are deep architectural changes in Echo. The developers advise a clean installation if you are coming from Parrot 6 “Lorykeet”. Be sure to back up your data before proceeding. The 6.x branch will continue to receive updates for some time. Once the migration path is considered stable, there will be an automated parrot-core update in the 6.x repositories. This will handle in‑place upgrades to 7.0. The MATE desktop will be preserved by default. Users will need to perform manual steps to adopt KDE Plasma 6 configs from /etc/skel into their home directories.
Website and ecosystem updates
The Parrot website itself has been redesigned to match the Echo visual style, keeping its React and Next.js foundation while updating dependencies to current stable versions. The site continues to serve as a central hub for ISO downloads. It provides documentation and information about Docker, WSL, and rootfs images.
For those who prefer containers, Docker Hub primarily exposes a 7 tag for the Echo release. It also offers a latest tag that tracks the most up‑to‑date builds. This makes it easy to pin to a specific generation or always ride the newest toolchain. Additional Docker images are provided for focused tool collections. For example, images are centered around Nmap, sqlmap, or Metasploit. These images also serve as the foundation for the CI/CD workflows used by the Parrot team.
