Kodachi KODACHI Download Buy Kodachi
Linux Kodachi 9.0.1 · Debian 13 · Wiki

Privacy OS as a
live command center.

Kodachi gives you a prepared privacy workstation: dashboard controls, signed binaries, multiple routing modes, verification tools, recovery paths, and panic actions in one guided system. You still choose the right mode for your threat model; Kodachi makes the stack visible, controllable, and recoverable.

11 routing protocols 96+ workflows 25 Rust binaries 3-tier panic modes offline-first local AI (KAICS) since 2013 · active
Choose your edition

Three paths. One privacy stack.

Same hardened core, three deployment shapes. Pick the one that matches how you work.

Terminal Server

Headless · live · gateway

Minimal live ISO for headless privacy operations. Boot as a SOCKS gateway, run a privacy lab, stage VM exit nodes, or operate a hardened jump host, with no GUI overhead and the full backend stack.

Best for: power users, VPS operators, VM labs, SOCKS gateways, and pen-test infrastructure.

Binary Suite

25 Rust binaries · signed

The 25 signed Rust binaries that power Kodachi, usable on any compatible Debian-based system. Bring the Kodachi engine to your existing OS without committing to the full distribution.

Best for: sysadmins, advanced users, and developers who want individual Kodachi components or to integrate Kodachi into their own stack.
Inside Kodachi 9

Kodachi is an infrastructure, not just an OS.

The ISO you boot is the visible tip. The rest of the stack runs continuously behind it.

01

Master

Auth, PKI, and the card vault. Hardware-bound sessions with a 2-minute heartbeat.

02

Worker fleet

An elastic VPS fleet on DMCA-resistant hosting runs the full protocol stack and pushes signed JSON cards to the master.

03

Your device

Pick any source: Kodachi fleet, Riseup VPN, VPNGate, or your own VPN. Tunnel up, on-device shield on top.

Every major privacy protocol, pre-configured, one-click switch
Tor (multi-instance + HAProxy LB) OpenVPN WireGuard Shadowsocks V2Ray Xray (VLESS / Reality / Trojan) Hysteria2 Mieru / Mita Dante (SOCKS5) DNSCrypt VPNGate Riseup VPN bring-your-own VPN
What you won’t find in any other distro

Capabilities you won’t find together anywhere else.

Tails gives you a Tor browser. Whonix gives you VM isolation. Parrot gives you a toolbox. Kodachi gives you a complete control plane, and a stack of features no other distro ships pre-integrated and configured by default.

Built-in SOC, your host as a neural map

A live Security Operations Center page renders the machine as a neural map: a central security score orbited by 8 cluster hubs, vitals, network, connections, processes, threats, auth, privacy, system, with colour-coded nodes, MITRE ATT&CK, tagged findings, a top-findings list, privacy posture, and a live alert feed. Read-only situational awareness no other distro ships on the desktop.

kodachi-soc reference

Multi-Tor + HAProxy load balancing

Run N parallel Tor instances behind an HAProxy front end, configurable per-circuit, with independent exit selection. Faster real-world throughput than single-instance Tor, and circuit correlation costs an adversary more.

tor-switch reference

Three destruction paths, always ready

The LUKS nuke password destroys keys at boot. The dashboard adds a live nuke surface: armable kill-switch, countdown, memory wipe, and an optional fake update screen to stall whoever is watching. A red “Destroy Kodachi” sidebar icon (skull) sits at the bottom of the dashboard's left sidebar in Full, Lite, and Circle dashboards (show/hide from Settings › Security): one click wipes the LUKS header of every active encrypted device, then runs the full nuke, network kill, RAM wipe, file shred, MBR/EFI destroy, power-off. Confirmation style is configurable (type DESTROY / Yes-No / immediate). Emergency global hotkeys via the session helper are a third path, triggerable without opening the dashboard.

health-control

Three-tier panic, by design

Soft: kill network, clear clipboard, lock screen (reversible). Medium: kill processes, wipe memory, unmount devices. Hard: irreversible destruction path. Triggered from dashboard or hotkey. Backed by cold-boot defense and multi-pass shred.

Anti-forensics

Dashboard-first, not bolt-on

Most privacy distros launch separate GUIs per tool. Kodachi ships a single native dashboard that drives VPN, Tor, DNS, identity, hardening, workflows, AI, recovery, and emergency from one process, sharing state and live scoring across all of them.

Dashboard tour

96+ pre-built workflows

One click runs a chained sequence: rotate identity, restart Tor, re-check IP, verify DNS, regenerate MAC. Or build your own with the visual workflow builder. Repeatable privacy playbooks instead of a wiki of bash commands.

Workflows & AI

Dynamic security scoring

Live score across hardening, privacy, network, and auth, with history tracking and threat-response actions. Know exactly how exposed you are right now, not by reading a 50-page audit checklist.

Scoring engine

Always-on threat watchdog

health-control runs a background watchdog that continuously monitors network, hardware, USB and integrity state, then fires automated responses (re-block leaks, kill suspect connections, raise the security posture) without you watching the dashboard. Automated responses, not just alerts.

health-control watchdog

Plain-English command intelligence

KAICS + ai-gateway translate “am I leaking my IP?” into dns-leak test --check-ip. Offline-first, with cloud routed through VPN/Tor when you opt in. Policy-aware so it can’t hurt you.

ai-cmd guide

Dev-ready on first boot

Compilers, language runtimes, editors, and security toolchains ship inside the ISO. Boot, install, and start coding the same hour, with a privacy stack already wrapping every connection your build process makes.

Desktop edition

13 VPN providers, one tab

Browse VPN Gate, Riseup, NordVPN, IVPN, PIA, Surfshark, Mullvad, AirVPN, Windscribe, ProtonVPN, ExpressVPN, TorGuard, plus your own pasted configs (.ovpn, WireGuard, Shadowsocks, V2Ray, Hysteria2, or vmess:///vless:///ss:// URI schemes and Clash/sing-box subscriptions) from one dashboard tab. Sort, filter, ping-benchmark, save credentials, and connect, all without leaving the GUI.

External VPN Providers
The control plane

One dashboard. Everything that matters.

VPN, Tor, DNS, identity, hardening, workflows, AI, integrity, recovery, and emergency response. Read the full dashboard tour →

Most Linux distributions give you tools.
Kodachi gives you a purpose-built privacy operating environment, hardened by default.

Over a decade of research, field use, and hardening, shipped as a coherent default. Every package, every script, every binary was chosen so the first boot is already a defensible position.

How Kodachi compares

vs Tails, Whonix, Parrot & Qubes

Other privacy distros are excellent at what they target. Kodachi is built to cover the gaps between them: a daily-driver OS, not a live-only tool or a hypervisor.

Capability Kodachi 9 Tails Whonix Parrot Qubes
Persistent daily-driver install ✓ XFCE desktop Live only VM
Multi-protocol routing switcher 11 protocols, one click Tor only Tor only Manual Per-VM
Multi-Tor instances + HAProxy LB Built-in
Single dashboard for the whole stack Native desktop app Separate tools Separate tools Separate tools Manager + per-VM
Tiered panic modes & dashboard NUKE 3-tier + live nuke Wipe on shutdown
Pre-bundled workflows (chained actions) 96+
Local AI command bar (offline-first) KAICS + ai-gateway
Always-on threat watchdog health-control
SOC neural monitor (MITRE ATT&CK, tagged, 8 clusters) Built-in
Crypto wallets pre-installed Electrum, Monero GUI/CLI Electrum
Offline install (no network needed) ✓ Bundled Secure Boot N/A (live) Manual
Comparison reflects default out-of-the-box capability. Anything below has been verified against each project’s published documentation.
For government, defense, law enforcement & critical-infrastructure operators

Built for environments where exposure is not an option.

Cyber operations targeting power grids, transport networks, hospitals, financial systems, and government platforms are documented, ongoing, and frequently successful against systems that were never hardened for operational use. Kodachi is a purpose-hardened privacy and security OS designed to reduce that attack surface from first boot: encrypted routing, DNS leak protection, system integrity monitoring, and a three-tier emergency response are integrated and active by default. Whether you are a regulatory authority, a military unit, a law enforcement agency, or a private operator of critical systems, the architecture is the same and the controls are yours from day one.

Your own isolated infrastructure

The Dedicated tier gives your organization a fully isolated VPS reserved to your devices, with no third-party traffic on your network. Fit for utilities, transport operators, carriers, hospitals, financial platforms, and government agencies alike. 5 to 100 devices, annual license.

Dedicated tier

Choose your country and provider

Select the exit country and infrastructure provider that fits your operational and legal requirements. You are not locked to a shared pool operated by a third party.

Routing control

A custom build for your organization

Kodachi can be built for your organization with your own tools, workflows, and configuration preloaded, then delivered as a signed, deployable ISO. Available by arrangement.

Talk to us
Kodachi is independent. Built for over a decade and funded by people who use it. Personal use is free. A license is an annual subscription that funds continued development.
Buy Kodachi
Carefully curated, not blindly bundled

Every package had to earn its place.

Years of testing mean the apps in Kodachi were chosen because they survived the test, not because they were popular. Wallets, messengers, encryption, dev tools: production-grade, privacy-vetted, ready out of the box.

Crypto wallets
  • Electrum BTC
  • Monero GUI XMR
  • Monero CLI XMR
  • Monero daemon full node
Encryption
  • VeraCrypt containers
  • LUKS / cryptsetup full disk
  • GnuPG 2 + Kleopatra signing
  • KeePassXC passwords
  • SiriKali + gocryptfs / cryfs fs-level
Secure comms & onion
  • Tor Browser w/ Kodachi user.js
  • Session Desktop onion-routed
  • OnionShare file share
  • OnionCircuits circuit viewer
Dev toolchain
  • VSCodium privacy IDE
  • Geany + plugins editor
  • build-essential gcc / make
  • Python 3 + pip + pipx system
  • git + git-lfs + meld VCS
Network & recon
  • nmap + Zenmap scan
  • tshark + tcpdump capture
  • mtr + traceroute + whois route
  • mat2 metadata clean
  • OpenSSL verify
Privacy protocols
  • Tor + torsocks + obfs4proxy + nyx tor stack
  • OpenVPN + WireGuard + OpenConnect VPN
  • Shadowsocks-libev circumvention
  • HAProxy + proxychains + microsocks LB & chain
Anti-forensics
  • scrub + secure-delete wipe
  • macchanger MAC randomize
  • mat2 + steghide metadata / stego
  • LUKS nuke boot-time
  • health-control panic 3-tier
Hardening & sandboxing
  • firejail sandbox
  • AppArmor + profiles MAC
  • ufw + nftables firewall
  • permission-guard + integrity-check Rust
  • Secure Boot bundled in ISO
Try Kodachi tech without installing

Live tools, running right now.

Some of what Kodachi runs locally is also exposed as web tools you can use today to verify your current setup or test the engine behind Kodachi’s privacy stack.

Anonymity Verifier

The flagship live tool: “See What the Web Sees.” Tor status, proxy detection, WebRTC leak, session & user checks, security signals, all in one report.

Open verifier
IP Information Extractor

Pull full IP intel: ASN, geolocation, reverse DNS, blacklist status, datacenter / Tor exit detection. Multi-source with cross-validation.

Check my IP
DNS Leak Checker

Live DNS leak test. Detects rogue resolvers, transparent proxies, unencrypted lookups, and resolver fingerprints visible to remote sites.

Test DNS
Browser Fingerprint

What every site can see about your browser: canvas, fonts, WebGL, audio context, screen, plugins. Find out how identifiable you actually are.

Test fingerprint
System Freshness Checker

Verify your running Kodachi install is current, untampered, and matches the signed release. Live proof you’re booting the real thing.

Check my system
DNS Propagation

Query a domain across resolvers worldwide to spot DNS censorship, GeoDNS splits, and propagation gaps in real time.

Check a domain
Domain Security Analyzer

Inspect a domain’s full security posture: DNS records, MX/SPF/DMARC/DKIM mail config, TLS chain, header hygiene, blacklist status, and exposure footprint.

Analyze a domain
IP Queries Analytics

Aggregated IP-intel analytics from the verifier: query volumes, top ASNs and countries, datacenter vs residential mix, and trend lines over time.

View analytics
File Hash Verify

Verify any ISO or binary against Kodachi’s signed release manifests, with BLAKE3 primary and SHA-256 fallback. Confirms what you have is what we actually shipped.

Verify a file
System Status

Live operational status for Kodachi services: verifier APIs, IP/DNS endpoints, mirrors, and update channels. Real-time uptime, response times, and incident notes.

Check status
Verifier User Guide

Step-by-step walkthrough of every Anonymity Verifier signal: what each check means, how it’s computed, and how to fix anything the verifier flags red.

Read the guide
API Docs

REST API reference for programmatic access to Kodachi’s verifier and IP/DNS intelligence: endpoints, parameters, auth, rate limits, and example responses.

Browse the API
927K+
Total downloads
224
Countries served
12+
Years active
11
Routing protocols
96+
Workflows
25
Signed Rust binaries
Current builds

Live build stamps.

Every edition is built and signed. These cards reflect the latest stamped versions and build numbers, pulled automatically from the live release feed.

Shared stamp: loading…

Boot it. It’s already configured.

Pick your edition, write the ISO, and the first time you reach the desktop the dashboard is already running: routing, monitoring, and ready to defend.