A heavily modified Arch system that boots fast and arrives ready for offensive and defensive work.
2840+ tools under one Weapons menu, on a clean, fast desktop. Boot the live ISO and install from there.
Download ISO DocumentationEvery layer is deliberate, from the kernel scheduler to the dock.
Over 2840 tools for recon, exploitation and the work that comes after, sorted into categories under the Weapons menu.
Red team or blue team, it works for both. Attack tooling sits right next to hardening, monitoring and incident response.
It boots a tuned Zen performance kernel, and you can switch kernels and the CPU governor from the Control Center.
When pacman or the AUR breaks, arx already knows the fix: keyring, mirrors, locks, caches, a corrupt database. It repairs and retries on its own, so an install rarely just dies.
A top menubar, a centered dock and tidy window controls on XFCE 4.20, with fonts matched to the host. Clean, and quick.
Runs on bare metal, and carries its own resize and guest tools for QEMU/KVM, VirtualBox and VMware. Firmware and drivers are already included.
Not a theme bolted onto someone else's distro. These are built here, ship by default, and update themselves.
One window for real anonymity: transparent Tor, VPN then Tor, Snowflake over WebRTC to beat censorship, MAC spoofing, and a one-click leak test. No terminal required.
A full graphical Android workbench: mass debloat, complete backup, Frida, a MITM proxy with CA cert and packet capture, and MediaTek plus Samsung firmware flashing.
A package manager that repairs pacman and the AUR for you, browses the 2840-tool arsenal, and installs whole categories with one command.
Hand arx a .deb, .rpm, .tar, .pkg.tar, .AppImage or .zip from any distro. It converts Debian packages into real pacman packages, maps their dependencies onto Arch and installs whatever is missing, then tracks it like everything else.
Live system stats, one-click kernel and CPU-governor switching, snapshots, wallpapers, and a real update counter that watches every ArxOS tool repo.
The default zsh ships fish-style autosuggestions, syntax highlighting, fuzzy history and completion, and auto-closing brackets, straight out of the box.
Every feature is its own repo. The updater pulls only over HTTPS and can require a signed commit or tag before it installs, so a tampered update never runs.
Small tools that stay quiet and tell you what happened.
A self-healing package manager over pacman. One arx update upgrades the system and every ARXOS tool in a single pass, with one clean loader. It fixes keyring, mirror, lock and database errors on its own.
A zero-trust command screen in your shell. It blocks homograph URLs, decode-exec, pipe-to-root-shell, credential theft and destructive commands before they run, with no overhead on clean input.
ARXOS' own Control Center, a real-time GUI for update, kernels, CPU governor, Tor routing, services, snapshots, wallpaper and info.
One window routes the whole system through Tor with DNS leaks closed, MAC spoofed and IPv6 off, then proves it with a one-click leak test. Hide Tor from your ISP with a Snowflake bridge or a VPN → Tor chain, and rotate identity on demand.
A full graphical Android toolkit: device info, apps, live logcat, a real-time file browser, screen capture, fastboot, an in-window adb shell, Magisk / TWRP / GSI / custom-ROM flashing, plus MediaTek and Samsung firmware flashing.
Find, fetch and slideshow wallpapers across desktop and lockscreen.
A source-built Calamares (Qt6) installer handles it.
Grab the latest ARXOS ISO.
arxos-0.0.1-x86_64.isoFlash it to a drive.
dd if=arxos.iso of=/dev/sdX bs=4MTry the full desktop. It auto-resizes to any hypervisor and runs on bare metal.
Launch the wizard and follow along.
Install ARXOSYou can bolt tools onto any distro. ARXOS is the finished system built around them.
Assembling a full security arsenal on Arch by hand means days of configuration. ARXOS ships it finished: the arsenal sorted into a Weapons menu, a self-healing package manager, tools that update themselves, a graphical installer, and a boot and desktop that were actually designed.
Kali is Debian, so packages move slowly and you live with apt. ARXOS is Arch: rolling and always current, with arx, a package manager that fixes its own keyring, mirror and database errors. No remaster lag, no stale tools.
It does one job, offensive and defensive security, and it's tuned for that job: a tuned performance kernel, hardened private browsers, one-key Tor, bare metal or any hypervisor, and it updates itself from its own repos.
New to security, or ten years in, here is the deal in plain terms.
It is genuinely hard to break. A snapshot is taken before every change so you can roll back in one click, the package manager repairs itself instead of leaving you stranded, and almost everything has a GUI. Make mistakes, undo them, learn.
Every ArxOS tool is ours and open in the thearxos repos, not a mystery binary. No telemetry, no phone-home. A zero-trust guard screens each command before it runs, and the package manager scans the AUR for malware before it builds.
Hardened browsers, no tracking, and one-window anonymity with AnonKit: Tor, Snowflake, VPN → Tor, MAC spoofing, and a leak test that confirms it. Privacy you can verify, not just hope for.
No tool makes you invisible. ArxOS gives you strong, verifiable defaults and tells you the truth about what they do, so you stay in control instead of trusting a magic button. The skill is still yours to build, and the system is built to help you build it.
Offensive tools, defended by default. Every command gets screened before it runs, and every install gets vetted.
arxguard reads a command before it runs. It catches homograph URLs (the Cyrillic і you can't see), hidden bidi and invisible characters, base64 → bash payloads, pipe-to-root-shell, credential theft and destructive commands. Your browser catches these. Your terminal doesn't. ARXOS blocks them.
Before it builds anything from the AUR, arx reads the PKGBUILD and flags the dangerous stuff: remote pipe-to-shell, reverse shells, rogue sudo, persistence, sketchy npm/pip/npx supply-chain calls. A flagged package won't auto-build.
Firefox and Brave ship hardened, with no telemetry. ArxOS AnonKit sends the whole system through Tor (DNS leaks closed, MAC spoofed, IPv6 off) and can hide Tor from your ISP with a Snowflake bridge or VPN → Tor. A built-in leak test tells you, honestly, whether you are actually covered.
The package manager recovers from keyring, mirror, lock and corrupt-database failures on its own, across pacman and the AUR. An install rarely just fails, and the system rarely ends up half-broken.
From firmware to desktop, designed end to end, with the same ARXOS art and orange across every stage.









One system, four ways in.
The full offensive arsenal sits under one Weapons menu: Metasploit, Burp, recon, exploitation. Tor anonymization, MAC spoofing and transparent traffic interception are part of the OS, not bolted on after. Stand up a whole toolset in one line: arx install weaponCat-webapp.
2840+ tools, cleanly sorted, live on the ISO. Mobile work through droidB, a package manager that fixes Arch breakage for you, and a desktop that keeps quiet while you work.
Defensive by design: system hardening, a snapshot before every change, LUKS-ready full-disk encryption, and a Control Center that manages kernels, services, performance and privacy from one window.
A friendly, good-looking desktop that teaches you as you go. Switch a kernel, route through Tor, roll back a snapshot, all from the GUI, on a base that's genuinely hard to break.