A citadel, armed

Offensive & defensive security

A heavily modified Arch system that boots fast and arrives ready for offensive and defensive work.

2840+ tools under one Weapons menu, on a clean, fast desktop. Boot the live ISO and install from there.

Download ISO Documentation
scroll
// what's inside

Built like a weapon, made to stay out of your way.

Every layer is deliberate, from the kernel scheduler to the dock.

The Weapons Arsenal

Over 2840 tools for recon, exploitation and the work that comes after, sorted into categories under the Weapons menu.

Offense & Defense

Red team or blue team, it works for both. Attack tooling sits right next to hardening, monitoring and incident response.

Tuned for Speed

It boots a tuned Zen performance kernel, and you can switch kernels and the CPU governor from the Control Center.

Self-Healing

When pacman or the AUR breaks, arx already knows the fix: keyring, mirrors, locks, caches, a corrupt database. It repairs and retries on its own, so an install rarely just dies.

The Desktop

A top menubar, a centered dock and tidy window controls on XFCE 4.20, with fonts matched to the host. Clean, and quick.

Runs Anywhere

Runs on bare metal, and carries its own resize and guest tools for QEMU/KVM, VirtualBox and VMware. Firmware and drivers are already included.

2840+
Tools
Zen
Performance Kernel
Qt6
Installer
self·upd
From Source
// nowhere else

The things you'll only find on ArxOS.

Not a theme bolted onto someone else's distro. These are built here, ship by default, and update themselves.

AnonKit

One window for real anonymity: transparent Tor, VPN then Tor, Snowflake over WebRTC to beat censorship, MAC spoofing, and a one-click leak test. No terminal required.

droidB

A full graphical Android workbench: mass debloat, complete backup, Frida, a MITM proxy with CA cert and packet capture, and MediaTek plus Samsung firmware flashing.

Self-healing arx

A package manager that repairs pacman and the AUR for you, browses the 2840-tool arsenal, and installs whole categories with one command.

Install anything

Hand arx a .deb, .rpm, .tar, .pkg.tar, .AppImage or .zip from any distro. It converts Debian packages into real pacman packages, maps their dependencies onto Arch and installs whatever is missing, then tracks it like everything else.

Control Center

Live system stats, one-click kernel and CPU-governor switching, snapshots, wallpapers, and a real update counter that watches every ArxOS tool repo.

A shell that thinks

The default zsh ships fish-style autosuggestions, syntax highlighting, fuzzy history and completion, and auto-closing brackets, straight out of the box.

Verified updates from source

Every feature is its own repo. The updater pulls only over HTTPS and can require a signed commit or tag before it installs, so a tampered update never runs.

// native tooling

A tiny, quiet command suite.

Small tools that stay quiet and tell you what happened.

arxos@admin (arxos) · arx
arxos@admin (arxos) ~ >> arx search nmap arx :: search nmap nmap 7.99-2 extra [installed] Utility for network discovery and security auditing >> arx install ./slack.deb arx :: install slack.deb resolving dependencies against the Arch repositories… missing: gtk3 libnotify nss >> installed (pacman-tracked): slack.deb

arx

A self-healing package manager over pacman. One arx update upgrades the system and every ARXOS tool in a single pass, with one clean loader. It fixes keyring, mirror, lock and database errors on its own.

arxguard

A zero-trust command screen in your shell. It blocks homograph URLs, decode-exec, pipe-to-root-shell, credential theft and destructive commands before they run, with no overhead on clean input.

arxctl

ARXOS' own Control Center, a real-time GUI for update, kernels, CPU governor, Tor routing, services, snapshots, wallpaper and info.

ArxOS AnonKit

One window routes the whole system through Tor with DNS leaks closed, MAC spoofed and IPv6 off, then proves it with a one-click leak test. Hide Tor from your ISP with a Snowflake bridge or a VPN → Tor chain, and rotate identity on demand.

droidB

A full graphical Android toolkit: device info, apps, live logcat, a real-time file browser, screen capture, fastboot, an in-window adb shell, Magisk / TWRP / GSI / custom-ROM flashing, plus MediaTek and Samsung firmware flashing.

Wallpaper Manager

Find, fetch and slideshow wallpapers across desktop and lockscreen.

// get started

From ISO to installed in four steps.

A source-built Calamares (Qt6) installer handles it.

Download

Grab the latest ARXOS ISO.

arxos-0.0.1-x86_64.iso

Write USB

Flash it to a drive.

dd if=arxos.iso of=/dev/sdX bs=4M

Boot Live

Try the full desktop. It auto-resizes to any hypervisor and runs on bare metal.

Install

Launch the wizard and follow along.

Install ARXOS
// why arxos

Why not just roll your own Arch?

You can bolt tools onto any distro. ARXOS is the finished system built around them.

vs. a DIY Arch build

Assembling a full security arsenal on Arch by hand means days of configuration. ARXOS ships it finished: the arsenal sorted into a Weapons menu, a self-healing package manager, tools that update themselves, a graphical installer, and a boot and desktop that were actually designed.

vs. Kali

Kali is Debian, so packages move slowly and you live with apt. ARXOS is Arch: rolling and always current, with arx, a package manager that fixes its own keyring, mirror and database errors. No remaster lag, no stale tools.

vs. mainstream

It does one job, offensive and defensive security, and it's tuned for that job: a tuned performance kernel, hardened private browsers, one-key Tor, bare metal or any hypervisor, and it updates itself from its own repos.

// what you get

What ArxOS promises you.

New to security, or ten years in, here is the deal in plain terms.

Safe to learn on

It is genuinely hard to break. A snapshot is taken before every change so you can roll back in one click, the package manager repairs itself instead of leaving you stranded, and almost everything has a GUI. Make mistakes, undo them, learn.

You can trust the tools

Every ArxOS tool is ours and open in the thearxos repos, not a mystery binary. No telemetry, no phone-home. A zero-trust guard screens each command before it runs, and the package manager scans the AUR for malware before it builds.

Private from the first boot

Hardened browsers, no tracking, and one-window anonymity with AnonKit: Tor, Snowflake, VPN → Tor, MAC spoofing, and a leak test that confirms it. Privacy you can verify, not just hope for.

Honest about the limits

No tool makes you invisible. ArxOS gives you strong, verifiable defaults and tells you the truth about what they do, so you stay in control instead of trusting a magic button. The skill is still yours to build, and the system is built to help you build it.

// safety

Security all the way down.

Offensive tools, defended by default. Every command gets screened before it runs, and every install gets vetted.

Zero-trust command guard

arxguard reads a command before it runs. It catches homograph URLs (the Cyrillic і you can't see), hidden bidi and invisible characters, base64 → bash payloads, pipe-to-root-shell, credential theft and destructive commands. Your browser catches these. Your terminal doesn't. ARXOS blocks them.

AUR malware scanning

Before it builds anything from the AUR, arx reads the PKGBUILD and flags the dangerous stuff: remote pipe-to-shell, reverse shells, rogue sudo, persistence, sketchy npm/pip/npx supply-chain calls. A flagged package won't auto-build.

Private by default

Firefox and Brave ship hardened, with no telemetry. ArxOS AnonKit sends the whole system through Tor (DNS leaks closed, MAC spoofed, IPv6 off) and can hide Tor from your ISP with a Snowflake bridge or VPN → Tor. A built-in leak test tells you, honestly, whether you are actually covered.

Self-healing

The package manager recovers from keyring, mirror, lock and corrupt-database failures on its own, across pacman and the AUR. An install rarely just fails, and the system rarely ends up half-broken.

// see it

A boot worth watching.

From firmware to desktop, designed end to end, with the same ARXOS art and orange across every stage.

ARXOS GRUB boot menu
The boot menu
ARXOS Plymouth boot splash
The boot splash · live system status
ARXOS login and lock screen
The login · and lock screen
ARXOS welcome splash
Welcome back · post-login
ARXOS desktop
The desktop
ARXOS Control Center
Control Center · live system stats
ARXOS arsenal in the terminal
The arsenal · arx weapons
Metasploit running on ARXOS
Tools, ready · Metasploit on the transparent terminal
ARXOS performance tuning
Performance tuning
// who it's for

For the people who break and defend.

One system, four ways in.

Red teamers

The full offensive arsenal sits under one Weapons menu: Metasploit, Burp, recon, exploitation. Tor anonymization, MAC spoofing and transparent traffic interception are part of the OS, not bolted on after. Stand up a whole toolset in one line: arx install weaponCat-webapp.

Pentesters

2840+ tools, cleanly sorted, live on the ISO. Mobile work through droidB, a package manager that fixes Arch breakage for you, and a desktop that keeps quiet while you work.

IT & security pros

Defensive by design: system hardening, a snapshot before every change, LUKS-ready full-disk encryption, and a Control Center that manages kernels, services, performance and privacy from one window.

Hobbyists & learners

A friendly, good-looking desktop that teaches you as you go. Switch a kernel, route through Tor, roll back a snapshot, all from the GUI, on a base that's genuinely hard to break.

// releases

Latest release

v0.0.1
First public release.

The full arsenal, the refined desktop, the performance kernel, the arx tool suite, a source-built installer, hardened browsers and the Wallpaper Manager.

LatestRolling~30 GBx86_64
Download