Documentation

Everything you need to get started with Almighty Linux.

Introduction

Almighty Linux is a Linux distribution based on Kali Linux, purpose-built for intelligence gathering and OSINT (Open Source Intelligence) operations.

The distribution ships with an extensive collection of 89 security and OSINT tools, including 59 Almighty tools (53 custom-built) developed exclusively for Almighty Linux and 30 industry-standard packages from the Kali repositories. It features a hardened kernel tuning profile and a comprehensive suite of anonymity, trace-cleaning, isolation, and security tools to maintain operational security during intelligence operations.

Almighty Linux also includes the Almighty OSINT Browser — a custom Chromium-based browser with integrated OSINT utilities and user-agent spoofing capabilities. The distribution uses MATE as its desktop environment, providing a lightweight and professional workspace for extended investigation sessions.

Technical Details

Property Value
Name Almighty Linux
Base Kali Linux
Desktop Environment MATE
Architecture x86_64 (amd64)
Kernel Vanilla(Hardened Tuning)
Init System systemd
Package Manager APT (dpkg)
Installer Debian Installer (Kali)
Default Shell Bash

Warnings

Legal Disclaimer
Almighty Linux is intended solely for lawful security research, authorized penetration testing, and educational purposes. Any unauthorized use of the tools included in this distribution against systems you do not own or have explicit permission to test is strictly prohibited and may violate local, national, and international laws. The developers assume no liability for misuse.
Disclaimer of Liability
This software is provided "as is" without warranty of any kind, express or implied. The developers are not responsible for any damage, data loss, legal issues, or other consequences arising from the use or misuse of this distribution.

Features

Intelligence Toolset

  • 89 Tools: 59 Almighty tools + 30 Kali popular osint tools
  • OSINT Frameworks: Multi-module platforms
  • Social Intelligence: Facebook, TikTok, YouTube, LinkedIn, Telegram, GitHub, ProtonMail profilers
  • Dark Web Reconnaissance: 8 dedicated onion network tools for archiving, crawling, and intelligence extraction
  • Digital Forensics: Image/video analysis, steganography detection, blockchain intelligence, file encryption

OSINT Browser (ALPHA/DEVELOPMENT WARNING)

  • Custom Chromium-based browser with built-in fingerprint protection
  • Canvas, WebGL, and AudioContext spoofing to prevent identity leaks
  • WebRTC blocking and User-Agent rotation
  • Integrated OSINT utilities: Base64, CIDR calculator, Email validator, Link extractor

Operational Security

  • Tor traffic routing (anonroute)
  • MAC address randomization (change-mac)
  • Hostname spoofing (anonhost)
  • Forensic trace cleaning (anti-tr4ce)
  • Application isolation (almighty-jails, plaztek)
  • DNS changer for censorship bypass

Desktop Environment

  • MATE desktop with custom theming
  • Conky system monitors with auto-anchor
  • Branded terminal splash screens

Known Issues

System Updates
Rolling updates in Kali Linux can introduce regressions or temporary incompatibilities. It is recommended to review changelogs before major updates.
  • System Updates: As a rolling-release distribution, regular updates are recommended, but users should be aware of potential regressions.
  • Tool Compatibility: Some third-party tools may require manual dependency management.
  • GPU Drivers: Proprietary GPU drivers may require manual installation.

Hardening Details

Almighty Linux adopts a "Security by Default" philosophy, providing multi-layered protection from the kernel to the application layer. The system is hardened against local privilege escalation, side-channel attacks, network sniffing, and unauthorized hardware access.

1. Kernel & Boot Security

Critical boot-time kernel parameters are enforced via /etc/default/grub.d/40_hardened.cfg:

# /etc/default/grub.d/40_hardened.cfg

GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_alloc.shuffle=1"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX randomize_kstack_offset=on"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX iommu=on"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX iommu.passthrough=0"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX iommu.strict=0"

GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mitigations=auto"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_v2=on"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_bhi=on"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kpti=1"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spec_store_bypass_disable=on"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ssbd=force-on"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX l1tf=flush"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX tsx=off"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX tsx_async_abort=full"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX retbleed=auto"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mmio_stale_data=full"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX gather_data_sampling=on"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX reg_file_data_sampling=on"

GRUB_DISABLE_RECOVERY="true"

Key Kernel Parameters Explained:

  • Slab Cache Isolation: slab_nomerge prevents merging of slab caches of different sizes, mitigating heap overflow exploitation techniques.
  • Memory Allocator Shuffling: page_alloc.shuffle=1 randomizes the system page allocator freelist, making memory corruption attacks less predictable.
  • Page Table Isolation: pti=on (and kpti=1) isolates kernel-space and user-space page tables, protecting against the Meltdown vulnerability.
  • Stack Randomization: randomize_kstack_offset=on randomizes the kernel stack offset for each system call, preventing deterministic stack overflow exploits.
  • Disabling Legacy Vsyscalls: vsyscall=none completely disables legacy virtual system calls, removing a common target for return-oriented programming (ROP) exploits.
  • Kernel Debugging Disabled: debugfs=off restricts access to the kernel debug filesystem, reducing the kernel's runtime attack surface.
  • IOMMU Enforcement: iommu=on, iommu.passthrough=0, and iommu.strict=0 enforce input-output memory management to prevent Direct Memory Access (DMA) attacks.
  • Hardware Vulnerability Mitigations: Configured for maximum CPU security (mitigations=auto) against speculative execution vulnerabilities:
    • Spectre mitigations (spectre_v2=on, spectre_bhi=on, spec_store_bypass_disable=on, and ssbd=force-on)
    • L1 Terminal Fault & Microarchitectural Data Sampling (l1tf=flush, mds=full)
    • Intel TSX disabled to prevent side-channels (tsx=off, tsx_async_abort=full)
    • Retbleed, MMIO Stale Data, Gather/Register File Data Sampling mitigations active (retbleed=auto, mmio_stale_data=full, gather_data_sampling=on, reg_file_data_sampling=on)
  • GRUB Recovery Disabled: GRUB_DISABLE_RECOVERY="true" prevents unauthorized access to recovery root shells without password prompts during physical boot.

2. Runtime Security: Sysctl Configuration

Runtime kernel parameters are hardened via /etc/sysctl.d/sysctl.conf to prevent kernel exploits, network sniffing, and denial-of-service attacks:

# /etc/sysctl.d/sysctl.conf
# Kernel Security & Hardening
kernel.kptr_restrict = 2
kernel.dmesg_restrict = 1
kernel.yama.ptrace_scope = 3
kernel.unprivileged_bpf_disabled = 1
net.core.bpf_jit_harden = 2
kernel.panic_on_oops = 1
kernel.panic = 10
kernel.kexec_load_disabled = 1
kernel.perf_event_paranoid = 3
kernel.perf_cpu_time_max_percent = 1
kernel.perf_event_max_sample_rate = 1

# Memory & Process Security
kernel.randomize_va_space = 2
fs.suid_dumpable = 0
kernel.core_pattern = |/bin/false
vm.overcommit_memory = 0
vm.overcommit_ratio = 80
vm.max_map_count = 1048576
vm.mmap_min_addr = 65536

# Filesystem Security
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
fs.protected_fifos = 2
fs.protected_regular = 2
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_instances = 256
fs.inotify.max_queued_events = 32768
fs.file-max = 2097152

# Network Security - Core Hardening
net.ipv4.ip_forward = 0
net.ipv6.conf.all.forwarding = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1

# TCP/IP Performance & Security
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_abort_on_overflow = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.core.rmem_default = 262144
net.core.rmem_max = 16777216
net.core.wmem_default = 262144
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 65536 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
net.netfilter.nf_conntrack_max = 1048576
net.netfilter.nf_conntrack_tcp_timeout_established = 1800
net.netfilter.nf_conntrack_generic_timeout = 120
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
net.core.netdev_max_backlog = 5000

# IPv6 Security
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.default.accept_ra = 1
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.default.autoconf = 1

# Rate Limiting & DoS Protection
net.ipv4.icmp_ratelimit = 100
net.ipv4.icmp_ratemask = 6168
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_filter = 1
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv6.neigh.default.gc_thresh1 = 128
net.ipv6.neigh.default.gc_thresh2 = 512
net.ipv6.neigh.default.gc_thresh3 = 1024

# System Performance Optimization
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5
vm.dirty_expire_centisecs = 3000
vm.dirty_writeback_centisecs = 500
vm.swappiness = 10
vm.vfs_cache_pressure = 50
vm.page-cluster = 3
kernel.sched_migration_cost_ns = 5000000
kernel.sched_autogroup_enabled = 1

# Additional Hardening
kernel.sysrq = 0
kernel.shm_rmid_forced = 1
kernel.pid_max = 4194304
kernel.threads-max = 4194304

Detailed Sysctl Categories:

  • Kernel Restrictions: Pointer addresses are hidden (kptr_restrict=2), log buffer access is restricted to root (dmesg_restrict=1), kexec kernel replacement is disabled (kexec_load_disabled=1), and performance logging interfaces are strictly locked down.
  • Process Tracing Security: Yama ptrace scope is set to 3, completely disabling runtime debugging, tracing, and code injection attacks on running processes.
  • BPF Hardening: Unprivileged eBPF access is fully disabled (unprivileged_bpf_disabled=1) and JIT compiling is hardened (net.core.bpf_jit_harden=2) to mitigate kernel exploits.
  • Memory & Layout Protection: Enforces standard ASLR (randomize_va_space=2), restricts minimum virtual memory allocation to prevent NULL pointer dereferences (mmap_min_addr=65536), and blocks core dump memory extraction for setuid binaries (suid_dumpable=0) to prevent data leaks.
  • Filesystem Hardening: Restricts symbolic link and hardlink creation rules in public folders (protected_hardlinks=1, protected_symlinks=1) to prevent race-condition directory traversals.
  • Network Core Security: Disables both IPv4 and IPv6 routing/forwarding, blocks source routing, rejects redirect messages, and enables SYN cookies to protect the system against SYN flood DoS attacks.
  • TCP/IP Optimization & Performance: Uses Google's BBR congestion control algorithm with Fair Queueing (default_qdisc=fq, tcp_congestion_control=bbr) alongside optimized TCP read/write buffer thresholds for high-speed network operations under secure settings.

3. Kernel Module Hardening

Unused or insecure drivers are blocked under /etc/modprobe.d/:

  • Legacy Protocols: AppleTalk, IPX, ATM, CAN Bus, DECnet disabled via /bin/false.
  • Obsolete Devices: Floppy, Firewire, and legacy NIC drivers blocked.
  • Bluetooth: Protocol-level restrictions applied.
  • Hardware Noise: PC Speaker disabled to prevent acoustic side-channel attacks.

4. File System & Permission Management

Almighty Linux enforces the "Least Privilege" principle across the filesystem layer:

  • Global UMASK Policy: Enforced via /etc/profile.d/hardening.sh to restrict permissions of newly created files globally. 
    #!/bin/bash
umask 027
  • Sudo Task Isolation: Hardened via /etc/sudoers.d/hardening. Sudo overrides umasks during root processes while keeping files protected. 
    Defaults umask_override
Defaults umask=0022

    ISO Download & Verification

    Download the latest Almighty Linux ISO from the Download page.

    SHA256 Verification

    After downloading the ISO, verify its integrity using the provided SHA256 checksum:

    sha256sum almightylinux-1.0-amd64.iso

    Compare the output with the checksum provided on the download page. If they match, the file is intact and unmodified.

    USB Writing

    You can write the ISO to a USB drive using any of the following methods:

    dd (Linux / macOS)

    Warning: The dd command will erase ALL data on the target device. Double-check the device path before executing.
    sudo dd if=almightylinux-1.0-amd64.iso of=/dev/sdX bs=4M status=progress && sync

    Replace /dev/sdX with your USB device path (e.g., /dev/sdb). Use lsblk to identify the correct device.

    Ventoy

    1. Download and install Ventoy on your USB drive.
    2. Copy the Almighty Linux ISO file to the Ventoy partition.
    3. Boot from the USB and select the ISO from the Ventoy menu.

    Rufus (Windows)

    1. Download Rufus.
    2. Select your USB device and the Almighty Linux ISO.
    3. Use DD Image mode for best compatibility.
    4. Click Start and wait for the process to complete.

    Booting

    1. Insert the prepared USB drive into the target machine.
    2. Enter the BIOS/UEFI firmware settings (typically via F2, F12, DEL, or ESC during POST).
    3. Set the USB drive as the primary boot device or use the one-time boot menu.
    4. Save settings and reboot.
    5. The Almighty Linux boot menu will appear. Select Live to try the system without installation.

    Debian Installer Installation

    Almighty Linux uses the Debian Installer (standard graphical/text installer) to provide a robust and highly customizable installation experience.

    1. Boot the system using your prepared USB installer drive.
    2. From the bootloader menu, select either Graphical Install (recommended) or Install (text mode).
    3. Configure your installation environment:
      • Language, Region & Keymap: Choose your preferred language, location, and keyboard layouts.
      • Network Setup: Configure active network adapters. Set your system hostname (default: almighty) and domain name.
      • User Credentials: Create a standard non-root user account by entering a full name, username, and password.
      • Partition Disks: Select Guided - use entire disk for automatic setups, or choose Manual to create custom partitions (such as dedicated /boot/efi, /, and swap space). Select your target drive and confirm writing partition changes.
    4. Wait as the installer configures the base system and copies package files to disk.
    5. GRUB Bootloader: Select "Yes" when prompted to install the GRUB bootloader to your primary boot drive to ensure system bootability.
    6. Once the installation is complete, remove the USB drive when prompted and select Continue to reboot into your newly installed Almighty Linux.
    Tip: For advanced security, you can choose to configure Encrypted LVM partitioning during the partition phase to encrypt your entire disk.

    Basic Usage

    Running Tools

    All Almighty tools are installed in /usr/local/bin and can be invoked directly from the terminal.

    The tools can also be accessed via the Menu - Almighty OSINT section. The tools are categorized.

    System Updates

    sudo update
    Caution: As a rolling-release Kali base, review package changes carefully before confirming upgrades. Snapshot your system if possible.

    Almighty OSINT Browser

    Status: Alpha/Development
    Currently in Alpha/Development stage. Not suitable for critical tasks. Some security/privacy features may not function correctly. Use with a Tor router for maximum security.

    A browser developed from scratch based on Chromium / PyQt6 Web Engine. It features built-in OSINT tools and a wide range of user agents.

    Cool Tools

    Almighty Linux includes a collection of ASCII art terminal splash screens. These can be run as commands to display themed terminal logos:

    Command Description
    anon Anonymity-themed terminal splash logo
    eye Eye-figured terminal splash logo
    katana Katana-figured terminal splash logo
    raven1 Raven-themed terminal splash logo (v1)
    raven2 Raven-themed terminal splash logo (v2)
    skull Skull-figured terminal splash logo
    skull2 Alternative skull-figured terminal splash logo
    wing Wing-figured terminal splash logo

    Run any command in the terminal to display the corresponding ASCII art:

    $ skull
$ raven1
$ eye

    Commands

    System utility commands bundled with Almighty Linux:

    Command Description
    almighty-panel System management panel for Almighty Linux configuration and administration.
    almighty-fetch ASCII system information display (neofetch-style) with Almighty branding.
    flatpak-setup Flatpak installation and configuration script.
    mullvad-installer Mullvad Browser and VPN installation script.
    update System update script for upgrading all packages. 
    # Run the system panel
$ almighty-panel

# Show system info
$ almighty-fetch

# Update system
$ sudo update

    Frequently Asked Questions

    What is the base of Almighty Linux?

    Almighty Linux is based on Kali Linux, rebuilt for stability and focused on OSINT operations.

    What distinguishes Almighty Linux from others?

    It comes with many custom-developed OSINT tools, advanced OpSec (Operational Security) modules, specially configured browsers, and security-oriented Hardened Kernel tunings.

    Why was the hybrid structure abandoned?

    The hybrid Debian/Kali structure was replaced to eliminate package conflicts and provide a more stable, unified system architecture.

    Does the distribution have its own repository?

    No. For security reasons and to minimize maintenance overhead, it does not use its own repository system; it draws directly from the Kali repositories.

    The system receives regular updates for security and Kali tools.

    The currency of custom Almighty tools is ensured through periodically released 'Major Update' ISOs. This is a deliberate decision taken to preserve system stability.

    What is the desktop environment?

    MATE. It offers a fast, high-performance, and visually optimized experience.

    What is included in the system?

    • Digital Trackers: Deep information gathering tools via usernames, emails, or images.
    • Visual Analysis: Special software mapping social media networks and data connections.
    • Privacy Shield: Security layers concealing identity during scanning and analysis processes.

    New to cybersecurity; is it suitable?

    Probably not. The distribution requires basic/intermediate level Linux and cybersecurity knowledge.

    As a rolling-release system, regular updates are necessary to maintain security and functionality.

    Furthermore, most tools are not graphical user interface (GUI) based; they rely on traditional terminal/parameter usage.

    Why the name Almighty Linux? What is its meaning?

    The name is derived from "The Almighty" ability possessed by the legendary character Yhwach from the Bleach anime. Yhwach's ability allows seeing all future possibilities. As an OSINT distribution, Almighty Linux has been developed with the philosophy of making all scattered data and hidden connections on the internet "visible."

    Submission of custom tools by developers?

    Yes, conditions:

    • Languages: Only tools written in C, Python, Go, Bash, and Perl are accepted (for integration and analysis ease).
    • Security: Tools must be submitted as source code, not packaged (deb, tar.gz).
    • Quality: Projects that are non-functional, overly simple, easily broken, or copies of existing tools are not accepted.
    • Review: Submitted tools are tested in Sandbox/VM environments and additionally analyzed by models such as Claude Opus.

    How to contact?

    This distribution is under the management of Nixovena Labs. For questions, bug reports, or collaborations: nixovena.org/contact

    How did this distribution emerge?

    The first version was built in early 2025. It originated as a personal project based on Debian/Parrot but was shelved for a period. When rediscovered in the archives, the core structure was found too powerful to be wasted; the system was eventually rebuilt on Kali Linux and released to the community.

    Bug Reports

    Found a bug or unexpected behavior? Please report it through our contact portal:

    Report a Bug

    When reporting, please include:

    • Almighty Linux version and kernel version (uname -a)
    • Steps to reproduce the issue
    • Relevant terminal output or error messages
    • Hardware specifications if relevant

    Contact

    For general inquiries, collaboration proposals, or support requests:

    Contact Us

    Website: nixovena.org