Privacy OS as a
live command center.
Kodachi gives you a prepared privacy workstation: dashboard controls, signed binaries, multiple routing modes, verification tools, recovery paths, and panic actions in one guided system. You still choose the right mode for your threat model; Kodachi makes the stack visible, controllable, and recoverable.
Three paths. One privacy stack.
Same hardened core, three deployment shapes. Pick the one that matches how you work.
Kodachi Desktop
Permanent install of the full Kodachi experience. Privacy-hardened Debian 13 XFCE with the dashboard, all 11 protocols, all 25 binaries, all dev tools, and Secure Boot, pre-configured from first boot.
Terminal Server
Minimal live ISO for headless privacy operations. Boot as a SOCKS gateway, run a privacy lab, stage VM exit nodes, or operate a hardened jump host, with no GUI overhead and the full backend stack.
Binary Suite
The 25 signed Rust binaries that power Kodachi, usable on any compatible Debian-based system. Bring the Kodachi engine to your existing OS without committing to the full distribution.
Kodachi is an infrastructure, not just an OS.
The ISO you boot is the visible tip. The rest of the stack runs continuously behind it.
Capabilities you won’t find together anywhere else.
Tails gives you a Tor browser. Whonix gives you VM isolation. Parrot gives you a toolbox. Kodachi gives you a complete control plane, and a stack of features no other distro ships pre-integrated and configured by default.
Built-in SOC, your host as a neural map
A live Security Operations Center page renders the machine as a neural map: a central security score orbited by 8 cluster hubs, vitals, network, connections, processes, threats, auth, privacy, system, with colour-coded nodes, MITRE ATT&CK, tagged findings, a top-findings list, privacy posture, and a live alert feed. Read-only situational awareness no other distro ships on the desktop.
kodachi-soc referenceMulti-Tor + HAProxy load balancing
Run N parallel Tor instances behind an HAProxy front end, configurable per-circuit, with independent exit selection. Faster real-world throughput than single-instance Tor, and circuit correlation costs an adversary more.
tor-switch referenceThree destruction paths, always ready
The LUKS nuke password destroys keys at boot. The dashboard adds a live nuke surface: armable kill-switch, countdown, memory wipe, and an optional fake update screen to stall whoever is watching. A red “Destroy Kodachi” sidebar icon (skull) sits at the bottom of the dashboard's left sidebar in Full, Lite, and Circle dashboards (show/hide from Settings › Security): one click wipes the LUKS header of every active encrypted device, then runs the full nuke, network kill, RAM wipe, file shred, MBR/EFI destroy, power-off. Confirmation style is configurable (type DESTROY / Yes-No / immediate). Emergency global hotkeys via the session helper are a third path, triggerable without opening the dashboard.
health-controlThree-tier panic, by design
Soft: kill network, clear clipboard, lock screen (reversible). Medium: kill processes, wipe memory, unmount devices. Hard: irreversible destruction path. Triggered from dashboard or hotkey. Backed by cold-boot defense and multi-pass shred.
Anti-forensicsDashboard-first, not bolt-on
Most privacy distros launch separate GUIs per tool. Kodachi ships a single native dashboard that drives VPN, Tor, DNS, identity, hardening, workflows, AI, recovery, and emergency from one process, sharing state and live scoring across all of them.
Dashboard tour96+ pre-built workflows
One click runs a chained sequence: rotate identity, restart Tor, re-check IP, verify DNS, regenerate MAC. Or build your own with the visual workflow builder. Repeatable privacy playbooks instead of a wiki of bash commands.
Workflows & AIDynamic security scoring
Live score across hardening, privacy, network, and auth, with history tracking and threat-response actions. Know exactly how exposed you are right now, not by reading a 50-page audit checklist.
Scoring engineAlways-on threat watchdog
health-control runs a background watchdog that continuously monitors network, hardware, USB and integrity state, then fires automated responses (re-block leaks, kill suspect connections, raise the security posture) without you watching the dashboard. Automated responses, not just alerts.
health-control watchdogPlain-English command intelligence
KAICS + ai-gateway translate “am I leaking my IP?” into dns-leak test --check-ip. Offline-first, with cloud routed through VPN/Tor when you opt in. Policy-aware so it can’t hurt you.
Dev-ready on first boot
Compilers, language runtimes, editors, and security toolchains ship inside the ISO. Boot, install, and start coding the same hour, with a privacy stack already wrapping every connection your build process makes.
Desktop edition13 VPN providers, one tab
Browse VPN Gate, Riseup, NordVPN, IVPN, PIA, Surfshark, Mullvad, AirVPN, Windscribe, ProtonVPN, ExpressVPN, TorGuard, plus your own pasted configs (.ovpn, WireGuard, Shadowsocks, V2Ray, Hysteria2, or vmess:///vless:///ss:// URI schemes and Clash/sing-box subscriptions) from one dashboard tab. Sort, filter, ping-benchmark, save credentials, and connect, all without leaving the GUI.
One dashboard. Everything that matters.
VPN, Tor, DNS, identity, hardening, workflows, AI, integrity, recovery, and emergency response. Read the full dashboard tour →
Most Linux distributions give you tools.
Kodachi gives you a purpose-built privacy operating environment, hardened by default.
Over a decade of research, field use, and hardening, shipped as a coherent default. Every package, every script, every binary was chosen so the first boot is already a defensible position.
vs Tails, Whonix, Parrot & Qubes
Other privacy distros are excellent at what they target. Kodachi is built to cover the gaps between them: a daily-driver OS, not a live-only tool or a hypervisor.
| Capability | Kodachi 9 | Tails | Whonix | Parrot | Qubes |
|---|---|---|---|---|---|
| Persistent daily-driver install | ✓ XFCE desktop | Live only | VM | ✓ | ✓ |
| Multi-protocol routing switcher | 11 protocols, one click | Tor only | Tor only | Manual | Per-VM |
| Multi-Tor instances + HAProxy LB | Built-in | ✗ | ✗ | ✗ | ✗ |
| Single dashboard for the whole stack | Native desktop app | Separate tools | Separate tools | Separate tools | Manager + per-VM |
| Tiered panic modes & dashboard NUKE | 3-tier + live nuke | Wipe on shutdown | ✗ | ✗ | ✗ |
| Pre-bundled workflows (chained actions) | 96+ | ✗ | ✗ | ✗ | ✗ |
| Local AI command bar (offline-first) | KAICS + ai-gateway | ✗ | ✗ | ✗ | ✗ |
| Always-on threat watchdog | health-control | ✗ | ✗ | ✗ | ✗ |
| SOC neural monitor (MITRE ATT&CK, tagged, 8 clusters) | Built-in | ✗ | ✗ | ✗ | ✗ |
| Crypto wallets pre-installed | Electrum, Monero GUI/CLI | Electrum | ✗ | ✗ | ✗ |
| Offline install (no network needed) | ✓ Bundled Secure Boot | N/A (live) | Manual | ✓ | ✓ |
Built for environments where exposure is not an option.
Cyber operations targeting power grids, transport networks, hospitals, financial systems, and government platforms are documented, ongoing, and frequently successful against systems that were never hardened for operational use. Kodachi is a purpose-hardened privacy and security OS designed to reduce that attack surface from first boot: encrypted routing, DNS leak protection, system integrity monitoring, and a three-tier emergency response are integrated and active by default. Whether you are a regulatory authority, a military unit, a law enforcement agency, or a private operator of critical systems, the architecture is the same and the controls are yours from day one.
Your own isolated infrastructure
The Dedicated tier gives your organization a fully isolated VPS reserved to your devices, with no third-party traffic on your network. Fit for utilities, transport operators, carriers, hospitals, financial platforms, and government agencies alike. 5 to 100 devices, annual license.
Dedicated tierChoose your country and provider
Select the exit country and infrastructure provider that fits your operational and legal requirements. You are not locked to a shared pool operated by a third party.
Routing controlA custom build for your organization
Kodachi can be built for your organization with your own tools, workflows, and configuration preloaded, then delivered as a signed, deployable ISO. Available by arrangement.
Talk to usEvery package had to earn its place.
Years of testing mean the apps in Kodachi were chosen because they survived the test, not because they were popular. Wallets, messengers, encryption, dev tools: production-grade, privacy-vetted, ready out of the box.
Crypto wallets
- Electrum BTC
- Monero GUI XMR
- Monero CLI XMR
- Monero daemon full node
Encryption
- VeraCrypt containers
- LUKS / cryptsetup full disk
- GnuPG 2 + Kleopatra signing
- KeePassXC passwords
- SiriKali + gocryptfs / cryfs fs-level
Secure comms & onion
- Tor Browser w/ Kodachi user.js
- Session Desktop onion-routed
- OnionShare file share
- OnionCircuits circuit viewer
Dev toolchain
- VSCodium privacy IDE
- Geany + plugins editor
- build-essential gcc / make
- Python 3 + pip + pipx system
- git + git-lfs + meld VCS
Network & recon
- nmap + Zenmap scan
- tshark + tcpdump capture
- mtr + traceroute + whois route
- mat2 metadata clean
- OpenSSL verify
Privacy protocols
- Tor + torsocks + obfs4proxy + nyx tor stack
- OpenVPN + WireGuard + OpenConnect VPN
- Shadowsocks-libev circumvention
- HAProxy + proxychains + microsocks LB & chain
Anti-forensics
- scrub + secure-delete wipe
- macchanger MAC randomize
- mat2 + steghide metadata / stego
- LUKS nuke boot-time
- health-control panic 3-tier
Hardening & sandboxing
- firejail sandbox
- AppArmor + profiles MAC
- ufw + nftables firewall
- permission-guard + integrity-check Rust
- Secure Boot bundled in ISO
Live tools, running right now.
Some of what Kodachi runs locally is also exposed as web tools you can use today to verify your current setup or test the engine behind Kodachi’s privacy stack.
Anonymity Verifier
The flagship live tool: “See What the Web Sees.” Tor status, proxy detection, WebRTC leak, session & user checks, security signals, all in one report.
Open verifierIP Information Extractor
Pull full IP intel: ASN, geolocation, reverse DNS, blacklist status, datacenter / Tor exit detection. Multi-source with cross-validation.
Check my IPDNS Leak Checker
Live DNS leak test. Detects rogue resolvers, transparent proxies, unencrypted lookups, and resolver fingerprints visible to remote sites.
Test DNSBrowser Fingerprint
What every site can see about your browser: canvas, fonts, WebGL, audio context, screen, plugins. Find out how identifiable you actually are.
Test fingerprintSystem Freshness Checker
Verify your running Kodachi install is current, untampered, and matches the signed release. Live proof you’re booting the real thing.
Check my systemDNS Propagation
Query a domain across resolvers worldwide to spot DNS censorship, GeoDNS splits, and propagation gaps in real time.
Check a domainDomain Security Analyzer
Inspect a domain’s full security posture: DNS records, MX/SPF/DMARC/DKIM mail config, TLS chain, header hygiene, blacklist status, and exposure footprint.
Analyze a domainIP Queries Analytics
Aggregated IP-intel analytics from the verifier: query volumes, top ASNs and countries, datacenter vs residential mix, and trend lines over time.
View analyticsFile Hash Verify
Verify any ISO or binary against Kodachi’s signed release manifests, with BLAKE3 primary and SHA-256 fallback. Confirms what you have is what we actually shipped.
Verify a fileSystem Status
Live operational status for Kodachi services: verifier APIs, IP/DNS endpoints, mirrors, and update channels. Real-time uptime, response times, and incident notes.
Check statusVerifier User Guide
Step-by-step walkthrough of every Anonymity Verifier signal: what each check means, how it’s computed, and how to fix anything the verifier flags red.
Read the guideAPI Docs
REST API reference for programmatic access to Kodachi’s verifier and IP/DNS intelligence: endpoints, parameters, auth, rate limits, and example responses.
Browse the APILive build stamps.
Every edition is built and signed. These cards reflect the latest stamped versions and build numbers, pulled automatically from the live release feed.
Shared stamp: loading…
Built in the open.
Privacy software has to earn trust. Here is how to check ours: sources, signatures, canaries, and where to find the maintainer.
Open source on GitHub
Source for the Rust binaries, dashboard, and live-build tooling. Read it, build it, audit it.
github.com/WMAL/Linux-KodachiSigned binaries
Every Rust binary, every ISO, and the binary tarball are signed with an RSA-4096 key. Public key published for independent verification.
View public keyWarrant canary
A signed transparency statement refreshed regularly. If it stops appearing, assume the worst.
Open canaryTracked on DistroWatch
Independent public record of releases, packages, and project longevity, useful for sanity-checking what Kodachi claims here.
DistroWatch entryActive community
Discord and Matrix channels for issues, OPSEC discussion, and live help. The author replies.
Join DiscordMaintainer
Built by Warith Al Maawali (digi77.com). Same person, same name, since 2013. No anonymous shell.
digi77.comPublic changelog
Every release documented, including what was deprecated and what was hardened.
Read changelogLicensing terms
Free for personal use. Professional and organizational use needs an annual license. Plain English, in the open.
Read licenseBoot it. It’s already configured.
Pick your edition, write the ISO, and the first time you reach the desktop the dashboard is already running: routing, monitoring, and ready to defend.