_____ _ _ _
|_ _|__ _ __ (_)_ __ | | (_)_ __ _ _ __ __
| |/ _ \| '_ \| \ \/ / | | | | '_ \| | | |\ \/ /
| | (_) | | | | |> < | |___| | | | | |_| | > <
|_|\___/|_| |_|_/_/\_\ |_____|_|_| |_|\__,_|/_/\_\
Tonix Linux — Codename: Mirage
Status: Active / Encrypted / Amnesic
A custom Debian-based Linux distribution designed to run entirely from a USB drive, leaving no traces on host systems, with full disk encryption for user data and Tails-inspired privacy features.
Core Architecture
[+] Immutable Root
OS runs read-only via overlayfs. Changes live in RAM and vanish on reboot. No host footprint.
OS runs read-only via overlayfs. Changes live in RAM and vanish on reboot. No host footprint.
[+] Encrypted Vault
Persistent /home partition secured via LUKS2 (AES-512-XTS). Survives OS rebuilds and upgrades.
Persistent /home partition secured via LUKS2 (AES-512-XTS). Survives OS rebuilds and upgrades.
[+] Tor-Only & Browser
Toggle forces all network traffic through Tor via iptables. Includes pre-installed Tor Browser running as an isolated sandboxed user.
Toggle forces all network traffic through Tor via iptables. Includes pre-installed Tor Browser running as an isolated sandboxed user.
[+] Hardware Spoofing
Early MAC address randomization triggers before NetworkManager starts.
Early MAC address randomization triggers before NetworkManager starts.
[+] Anti-Forensics
Active RAM wiping on shutdown (sdmem + cache flush) and disabled swap prevents sensitive data from leaking to disk.
Active RAM wiping on shutdown (sdmem + cache flush) and disabled swap prevents sensitive data from leaking to disk.
[+] Dynamic User Setup
No hardcoded credentials. Usernames and passwords are set dynamically during the installation wizard.
No hardcoded credentials. Usernames and passwords are set dynamically during the installation wizard.
Deployment & Caching
sudo ./tonix.sh build # Uses cache (15-25 min)
sudo ./tonix.sh --refresh build # Force fresh packages
sudo ./tonix.sh install /dev/sdX # Install to USB
sudo ./tonix.sh iso # Build installer ISO
sudo ./tonix.sh --refresh build # Force fresh packages
sudo ./tonix.sh install /dev/sdX # Install to USB
sudo ./tonix.sh iso # Build installer ISO
Virtual Machine Testing
sudo ./tonix.sh vm-test iso-with-disk # Boot ISO & attach virtual disk
sudo ./tonix.sh vm-test disk # Boot installed VM disk (UEFI)
sudo ./tonix.sh vm-test disk-bios # Boot installed VM disk (Legacy BIOS)
sudo ./tonix.sh vm-test disk # Boot installed VM disk (UEFI)
sudo ./tonix.sh vm-test disk-bios # Boot installed VM disk (Legacy BIOS)
Test your builds instantly using QEMU/KVM without writing to a physical USB drive. Inside the live ISO environment, run install-tonix and enter vda as the target device to simulate an installation.
Tactical Toolkit
[+] WiFi Auditing
Alfa adapter support (AWUS036ACM, AWUS036AXML, AWUS1900) + aircrack-ng, kismet, wifite, bettercap, mdk4, hcxdumptool, cowpatty, reaver, hping3, yersinia, ngrep, netsniff-ng.
Alfa adapter support (AWUS036ACM, AWUS036AXML, AWUS1900) + aircrack-ng, kismet, wifite, bettercap, mdk4, hcxdumptool, cowpatty, reaver, hping3, yersinia, ngrep, netsniff-ng.
[+] Penetration Testing
nikto, sqlmap, gobuster, dirb, wfuzz, whatweb, sslscan, hydra, medusa, mitmproxy, sslsplit, p0f, tcpflow, httpie, exploitdb (searchsploit).
nikto, sqlmap, gobuster, dirb, wfuzz, whatweb, sslscan, hydra, medusa, mitmproxy, sslsplit, p0f, tcpflow, httpie, exploitdb (searchsploit).
[+] OSINT & Recon
theharvester, recon-ng, dnsrecon, dnsenum, fierce, dmitry for passive and active intelligence gathering.
theharvester, recon-ng, dnsrecon, dnsenum, fierce, dmitry for passive and active intelligence gathering.
[+] Windows / SMB / AD
enum4linux, smbclient, nbtscan, ldap-utils, samdump2, chntpw for Windows network enumeration and credential recovery.
enum4linux, smbclient, nbtscan, ldap-utils, samdump2, chntpw for Windows network enumeration and credential recovery.
[+] Password & Hash Cracking
hashcat, john, hydra, medusa, fcrackzip, pdfcrack, ophcrack. Wordlist generation via crunch and cewl.
hashcat, john, hydra, medusa, fcrackzip, pdfcrack, ophcrack. Wordlist generation via crunch and cewl.
[+] Encryption Toolkit
LUKS2, GPG, age, gocryptfs, encfs, VeraCrypt, git-crypt, ssss (Shamir's Secret Sharing), YubiKey & smart card support.
LUKS2, GPG, age, gocryptfs, encfs, VeraCrypt, git-crypt, ssss (Shamir's Secret Sharing), YubiKey & smart card support.
[+] Tunneling & Pivoting
proxychains4, iodine (DNS tunnel), proxytunnel (HTTP/S tunnel), obfs4proxy (Tor bridges), sshuttle, stunnel4, OpenVPN, WireGuard.
proxychains4, iodine (DNS tunnel), proxytunnel (HTTP/S tunnel), obfs4proxy (Tor bridges), sshuttle, stunnel4, OpenVPN, WireGuard.
[+] Forensics & Reverse Engineering
sleuthkit, dc3dd, gddrescue, hashdeep, bulk-extractor, binwalk, foremost, volatility3, radare2, gdb, nasm, ltrace, strace.
sleuthkit, dc3dd, gddrescue, hashdeep, bulk-extractor, binwalk, foremost, volatility3, radare2, gdb, nasm, ltrace, strace.
[+] SDR & Radio
rtl-sdr for software-defined radio, Ubertooth for Bluetooth LE sniffing alongside Kismet.
rtl-sdr for software-defined radio, Ubertooth for Bluetooth LE sniffing alongside Kismet.
[+] Steganography
Custom
Custom
stego command for hiding encrypted data within media files. steghide, outguess, exiftool, binwalk pre-installed.
[+] Python Security Toolkit
scapy, impacket, volatility3, pwntools, yara, wafw00f, sublist3r, hashid, sslyze, visidata, stegcracker, arjun, paramiko, dpkt pre-installed via pip.
scapy, impacket, volatility3, pwntools, yara, wafw00f, sublist3r, hashid, sslyze, visidata, stegcracker, arjun, paramiko, dpkt pre-installed via pip.
[+] Communication
weechat + irssi for IRC. neomutt for GPG-integrated email. rtorrent (CLI) + transmission-gtk (GUI) for torrents. I2P + onionshare for anonymous networking and file sharing.
weechat + irssi for IRC. neomutt for GPG-integrated email. rtorrent (CLI) + transmission-gtk (GUI) for torrents. I2P + onionshare for anonymous networking and file sharing.
[+] Hardware Hacking
minicom, picocom for serial console access. flashrom for firmware chip read/write. avrdude + openocd for AVR/ARM/JTAG debugging. sigrok-cli + pulseview for logic analysis.
minicom, picocom for serial console access. flashrom for firmware chip read/write. avrdude + openocd for AVR/ARM/JTAG debugging. sigrok-cli + pulseview for logic analysis.
[+] Media & Documents
mpv, vlc, cmus, audacious for video/audio. feh, nsxiv, ristretto for images. zathura, mupdf, evince for PDF. imagemagick for CLI processing. abiword + gnumeric for lightweight office.
mpv, vlc, cmus, audacious for video/audio. feh, nsxiv, ristretto for images. zathura, mupdf, evince for PDF. imagemagick for CLI processing. abiword + gnumeric for lightweight office.
[+] Backup & Sharing
borgbackup for deduplicated encrypted backups of /home. rclone for cloud sync. onionshare for anonymous file sharing and hosting over Tor.
borgbackup for deduplicated encrypted backups of /home. rclone for cloud sync. onionshare for anonymous file sharing and hosting over Tor.
[+] System & Terminal
Boots to CLI.
Boots to CLI.
startxfce4 for GUI. neovim, fzf, ripgrep, bat, exa, tldr, pandoc, miller, zsh, iotop, iftop, nethogs, zram-tools, earlyoom pre-installed.