explaingit

cristiancmoises/securityops-os

Analysis updated 2026-05-18

3SchemeAudience · developerComplexity · 4/5LicenseSetup · moderate

TLDR

A bootable GNU Guix live ISO for security professionals with a reproducible Scheme-defined system, hardened kernel, Tor integration, and a curated pentest and forensics toolkit.

Mindmap

mindmap
  root((repo))
    What it is
      Live USB Linux ISO
      Guix-based system
      Security focused
    Features
      Reproducible system
      Hardened kernel
      Tor integration
    Tools Included
      Pentest toolkit
      Forensics tools
      Wireless testing
    Compared To
      Tails
      Qubes
      Kali Linux
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Boot a reproducible, hardened Linux environment from a USB stick on any machine for security work or forensics

USE CASE 2

Use the included pentest toolkit (nmap, Wireshark, hashcat, radare2) from a live system without installing anything

USE CASE 3

Study or rebuild the full OS configuration from the Scheme source files included on the running system

USE CASE 4

Route specific traffic through Tor using the bundled Torando GUI without forcing all traffic through the anonymity network

What is it built with?

GuixSchemeLinuxSwayWaylandnftables

How do you get it running?

Difficulty · moderate Time to first run · 30min

Write the ISO to a USB stick with dd or Ventoy and boot, no installation needed, but customizing the system requires learning the Guix/Scheme config language.

AGPL-3.0: use freely and share modifications, but any network-accessible application must also share its source, commercial license available for closed-source use.

In plain English

Security Ops OS is a complete Linux operating system packaged as a bootable live ISO, meaning you write it to a USB stick and boot any machine from it without installing anything. It is built on GNU Guix, an unusual Linux distribution where the entire system configuration is expressed in a text-based programming language called Scheme. This means the full operating system can be reproduced byte-for-byte from the source files, and the source is included on the running system so you can read or rebuild it at any time. The system is aimed at security professionals who want a portable, hardened environment with a curated set of security tools already installed. The included tools cover common tasks in penetration testing and digital forensics: network scanning, packet capture, wireless testing, password cracking, reverse engineering, and file recovery. Tor is included as an optional privacy layer accessible through a graphical control panel, but it is not force-routed. The README is explicit that this is not an anti-forensics system like Tails and does not provide hardware isolation like Qubes. The hardening profile focuses on kernel-level protections: memory protection settings, address space randomization, a firewall that blocks all inbound connections by default, and a few custom native tools including a post-quantum encrypted tunnel and a backup utility. The desktop uses Sway, a Wayland-based window manager with keyboard-driven navigation, and the system is designed to reach a usable desktop in about 7 seconds from boot. The license is AGPL-3.0. Some native tools included in the system have a dual license option where commercial users can purchase a separate license to avoid the copyleft terms.

Copy-paste prompts

Prompt 1
How do I write the Security Ops OS ISO to a USB stick and verify the checksum? Walk me through the dd command and how to confirm the bytes landed correctly.
Prompt 2
What are the key differences between Security Ops OS, Tails, Qubes OS, and Kali Linux? When should I choose each one?
Prompt 3
How does the GNU Guix declarative system in Security Ops OS work? What are channels.scm and config.scm and how do I rebuild the OS from them?
Prompt 4
What kernel hardening does Security Ops OS apply? Explain the key sysctl settings and boot command line options it uses.

Frequently asked questions

What is securityops-os?

A bootable GNU Guix live ISO for security professionals with a reproducible Scheme-defined system, hardened kernel, Tor integration, and a curated pentest and forensics toolkit.

What language is securityops-os written in?

Mainly Scheme. The stack also includes Guix, Scheme, Linux.

What license does securityops-os use?

AGPL-3.0: use freely and share modifications, but any network-accessible application must also share its source, commercial license available for closed-source use.

How hard is securityops-os to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is securityops-os for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub cristiancmoises on gitmyhub

Verify against the repo before relying on details.