One-Lin3r
One-Lin3r is a Python-based framework that aggregates over 176 one-liners for penetration testing, privilege escalation, and red-team operations across Windows, Linux, macOS, and BSD systems. It provides an interactive CLI with search, automation, and clipboard features to streamline offensive security workflows.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | D4Vinci/One-Lin3r |
| Owner | D4Vinci |
| Primary language | Python |
| License | GPL-3.0 — OSI-approved |
| Stars | 1.8k |
| Forks | 304 |
| Open issues | 4 |
| Latest release | Unknown |
| Last updated | 2025-12-09 |
| Source | https://github.com/D4Vinci/One-Lin3r |
What One-Lin3r is
A modular Python 3.x CLI framework that organizes and executes pre-built shell commands and payloads for penetration testing tasks (reverse shells, bind shells, privilege escalation enumeration, payload dropping). Includes fuzzy command matching, resource file automation, variable interpolation, and a plugin-based architecture for adding custom liners.
Get the One-Lin3r source
Clone the repository and explore it locally.
git clone https://github.com/D4Vinci/One-Lin3r.gitcd One-Lin3r# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Python 3.x runtime and pip/system package manager; Linux distributions may require additional ncurses development libraries (libncurses5-dev on Debian-based systems).
- Liners are curated from external sources (PayloadsAllTheThings, PowerSploit, blogs); operators must validate payloads against target environments and understand command behavior before executing in live assessments.
- No built-in sandboxing or dry-run mode; test all one-liners in isolated lab environments first to avoid unintended side effects on target systems.
- Clipboard automation (copy command) requires a working clipboard API; may require additional OS-level dependencies on headless or containerized systems.
- Database reload requires reloading framework; plan liner additions/updates during assessment planning, not mid-engagement.
When to avoid it — and what to weigh
- Defensive or Network Security Focus — This tool is explicitly designed for offensive operations; organizations focused on detection, response, or defensive tooling should prioritize SIEM, EDR, or threat-detection frameworks instead.
- Unauthorized Testing or Illegal Use — The disclaimer explicitly states the tool is not responsible for misuse. Using against systems without proper authorization violates laws in most jurisdictions and exposes your organization to civil and criminal liability.
- Compliance-Sensitive Environments — Organizations under strict regulatory oversight (healthcare, finance, PCI-DSS) should validate any offensive tool use with legal and compliance teams; payload delivery and privilege escalation may violate audit requirements.
- Production Incident Response — One-liners are not designed for safe, forensically-sound incident response; executing untested commands in production environments risks data loss or further system compromise.
License & commercial use
Licensed under GPL-3.0 (GNU General Public License v3.0), a copyleft open-source license requiring that any derivative works or distributions remain open-source under the same license.
GPL-3.0 permits commercial use (including pentesting services), but any modifications or derivative distributions must be released under GPL-3.0 with source code. Selling closed-source versions or embedding without disclosure is not permitted. Requires review by legal team for your specific commercial pentesting delivery model.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Possible |
| Assessment confidence | High |
This tool is intentionally designed to execute attack commands; security posture depends on operator discipline and proper authorization. No claims of secure code auditing are made in the data. Consider: (1) One-liners sourced from external projects may contain unvetted or outdated payloads; (2) No signature verification or source integrity checks; (3) Clipboard automation may leak sensitive data if clipboard is monitored; (4) Running in shared environments (Termux on shared devices) may expose command history; (5) No obfuscation or anti-forensics features.
Alternatives to consider
Metasploit Framework
Larger, more integrated payload generation and delivery platform; better for full exploitation workflows and automation. Steeper learning curve and heavier resource footprint than One-Lin3r's lightweight CLI.
PayloadsAllTheThings (GitHub repo)
Raw one-liner reference repository without automation or CLI interface. Suitable for manual research and learning; requires copy-paste workflow but offers transparency and no installation overhead.
Commercial red-team C2 framework with integrated payload delivery and post-exploitation. Significantly more expensive and feature-rich; overkill for simple one-liner execution in smaller assessments.
Build on One-Lin3r with DEV.co software developers
One-Lin3r streamlines offensive security operations with curated command automation. Requires proper scoping, authorization, and legal review. Contact Devco to assess integration with your pentesting services and compliance requirements.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
One-Lin3r FAQ
Can I modify and redistribute One-Lin3r or my own liners?
Is One-Lin3r safe to run on production systems?
How do I add custom one-liners?
Does One-Lin3r work offline?
Software developers & web developers for hire
DEV.co helps companies turn open-source tools like One-Lin3r into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source databases stack.
Evaluate One-Lin3r for Your Authorized Pentest Program
One-Lin3r streamlines offensive security operations with curated command automation. Requires proper scoping, authorization, and legal review. Contact Devco to assess integration with your pentesting services and compliance requirements.