DEV.co
Open-Source Databases · D4Vinci

One-Lin3r

One-Lin3r is a Python-based framework that aggregates over 176 one-liners for penetration testing, privilege escalation, and red-team operations across Windows, Linux, macOS, and BSD systems. It provides an interactive CLI with search, automation, and clipboard features to streamline offensive security workflows.

Source: GitHub — github.com/D4Vinci/One-Lin3r
1.8k
GitHub stars
304
Forks
Python
Primary language
GPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryD4Vinci/One-Lin3r
OwnerD4Vinci
Primary languagePython
LicenseGPL-3.0 — OSI-approved
Stars1.8k
Forks304
Open issues4
Latest releaseUnknown
Last updated2025-12-09
Sourcehttps://github.com/D4Vinci/One-Lin3r

What One-Lin3r is

A modular Python 3.x CLI framework that organizes and executes pre-built shell commands and payloads for penetration testing tasks (reverse shells, bind shells, privilege escalation enumeration, payload dropping). Includes fuzzy command matching, resource file automation, variable interpolation, and a plugin-based architecture for adding custom liners.

Quickstart

Get the One-Lin3r source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/D4Vinci/One-Lin3r.gitcd One-Lin3r# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Authorized Penetration Testing Engagements

Accelerate red-team operations by quickly accessing verified one-liners for shell spawning, lateral movement, and privilege escalation without manual research or typos during time-sensitive assessments.

Security Training and Red-Team Playbooks

Serve as a reference database and automated launcher for teaching offensive techniques in controlled labs or documenting standardized command sequences in organizational pentest procedures.

Rapid Payload Delivery Automation

Automate command execution chains via resource files and history replay to reduce manual keystrokes and human error when deploying multi-stage payloads across heterogeneous target environments.

Implementation considerations

  • Requires Python 3.x runtime and pip/system package manager; Linux distributions may require additional ncurses development libraries (libncurses5-dev on Debian-based systems).
  • Liners are curated from external sources (PayloadsAllTheThings, PowerSploit, blogs); operators must validate payloads against target environments and understand command behavior before executing in live assessments.
  • No built-in sandboxing or dry-run mode; test all one-liners in isolated lab environments first to avoid unintended side effects on target systems.
  • Clipboard automation (copy command) requires a working clipboard API; may require additional OS-level dependencies on headless or containerized systems.
  • Database reload requires reloading framework; plan liner additions/updates during assessment planning, not mid-engagement.

When to avoid it — and what to weigh

  • Defensive or Network Security Focus — This tool is explicitly designed for offensive operations; organizations focused on detection, response, or defensive tooling should prioritize SIEM, EDR, or threat-detection frameworks instead.
  • Unauthorized Testing or Illegal Use — The disclaimer explicitly states the tool is not responsible for misuse. Using against systems without proper authorization violates laws in most jurisdictions and exposes your organization to civil and criminal liability.
  • Compliance-Sensitive Environments — Organizations under strict regulatory oversight (healthcare, finance, PCI-DSS) should validate any offensive tool use with legal and compliance teams; payload delivery and privilege escalation may violate audit requirements.
  • Production Incident Response — One-liners are not designed for safe, forensically-sound incident response; executing untested commands in production environments risks data loss or further system compromise.

License & commercial use

Licensed under GPL-3.0 (GNU General Public License v3.0), a copyleft open-source license requiring that any derivative works or distributions remain open-source under the same license.

GPL-3.0 permits commercial use (including pentesting services), but any modifications or derivative distributions must be released under GPL-3.0 with source code. Selling closed-source versions or embedding without disclosure is not permitted. Requires review by legal team for your specific commercial pentesting delivery model.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

This tool is intentionally designed to execute attack commands; security posture depends on operator discipline and proper authorization. No claims of secure code auditing are made in the data. Consider: (1) One-liners sourced from external projects may contain unvetted or outdated payloads; (2) No signature verification or source integrity checks; (3) Clipboard automation may leak sensitive data if clipboard is monitored; (4) Running in shared environments (Termux on shared devices) may expose command history; (5) No obfuscation or anti-forensics features.

Alternatives to consider

Metasploit Framework

Larger, more integrated payload generation and delivery platform; better for full exploitation workflows and automation. Steeper learning curve and heavier resource footprint than One-Lin3r's lightweight CLI.

PayloadsAllTheThings (GitHub repo)

Raw one-liner reference repository without automation or CLI interface. Suitable for manual research and learning; requires copy-paste workflow but offers transparency and no installation overhead.

Commercial red-team C2 framework with integrated payload delivery and post-exploitation. Significantly more expensive and feature-rich; overkill for simple one-liner execution in smaller assessments.

Software development agency

Build on One-Lin3r with DEV.co software developers

One-Lin3r streamlines offensive security operations with curated command automation. Requires proper scoping, authorization, and legal review. Contact Devco to assess integration with your pentesting services and compliance requirements.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

One-Lin3r FAQ

Can I modify and redistribute One-Lin3r or my own liners?
Under GPL-3.0, you may modify and redistribute One-Lin3r and custom liners, but you must release the modified source code under GPL-3.0. Selling a closed-source fork is not permitted without the original author's permission.
Is One-Lin3r safe to run on production systems?
No. This tool executes attack payloads (reverse shells, privilege escalation commands, droppers) designed to compromise systems. It should only run in authorized lab or engagement environments with proper scoping and approvals.
How do I add custom one-liners?
Create a Python file in the liners folder following the framework structure (documented in the Wiki), then reload the database with the `reload` command. Contributions can be submitted via pull request for inclusion in the main project.
Does One-Lin3r work offline?
Yes. The one-liners database is bundled with the installation and does not require internet connectivity at runtime. The `check` command may require internet to verify updates.

Software developers & web developers for hire

DEV.co helps companies turn open-source tools like One-Lin3r into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source databases stack.

Evaluate One-Lin3r for Your Authorized Pentest Program

One-Lin3r streamlines offensive security operations with curated command automation. Requires proper scoping, authorization, and legal review. Contact Devco to assess integration with your pentesting services and compliance requirements.