Analysis updated 2026-05-18
Boot a reproducible, hardened Linux environment from a USB stick on any machine for security work or forensics
Use the included pentest toolkit (nmap, Wireshark, hashcat, radare2) from a live system without installing anything
Study or rebuild the full OS configuration from the Scheme source files included on the running system
Route specific traffic through Tor using the bundled Torando GUI without forcing all traffic through the anonymity network
Write the ISO to a USB stick with dd or Ventoy and boot, no installation needed, but customizing the system requires learning the Guix/Scheme config language.
Security Ops OS is a complete Linux operating system packaged as a bootable live ISO, meaning you write it to a USB stick and boot any machine from it without installing anything. It is built on GNU Guix, an unusual Linux distribution where the entire system configuration is expressed in a text-based programming language called Scheme. This means the full operating system can be reproduced byte-for-byte from the source files, and the source is included on the running system so you can read or rebuild it at any time. The system is aimed at security professionals who want a portable, hardened environment with a curated set of security tools already installed. The included tools cover common tasks in penetration testing and digital forensics: network scanning, packet capture, wireless testing, password cracking, reverse engineering, and file recovery. Tor is included as an optional privacy layer accessible through a graphical control panel, but it is not force-routed. The README is explicit that this is not an anti-forensics system like Tails and does not provide hardware isolation like Qubes. The hardening profile focuses on kernel-level protections: memory protection settings, address space randomization, a firewall that blocks all inbound connections by default, and a few custom native tools including a post-quantum encrypted tunnel and a backup utility. The desktop uses Sway, a Wayland-based window manager with keyboard-driven navigation, and the system is designed to reach a usable desktop in about 7 seconds from boot. The license is AGPL-3.0. Some native tools included in the system have a dual license option where commercial users can purchase a separate license to avoid the copyleft terms.
A bootable GNU Guix live ISO for security professionals with a reproducible Scheme-defined system, hardened kernel, Tor integration, and a curated pentest and forensics toolkit.
Mainly Scheme. The stack also includes Guix, Scheme, Linux.
AGPL-3.0: use freely and share modifications, but any network-accessible application must also share its source, commercial license available for closed-source use.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.