OneShot is a powerful WiFi WPS penetration testing tool that performs Pixie Dust attacks without requiring monitor mode. Designed for rooted Android devices running Termux and Linux systems.
Install OneShot with a single command on your rooted Android device:
curl -fsSL https://zahidoverflow.github.io/oneshot/install.sh | bash# Auto-scan and attack with Pixie Dust
sudo oneshot -i wlan0 --iface-down -K
# Attack specific network
sudo oneshot -i wlan0 -b AA:BB:CC:DD:EE:FF -K
# Get help
sudo oneshot --help- π Pixie Dust Attack - Advanced WPS PIN recovery
- π’ 3WiFi PIN Generator - Offline WPS PIN generation
- πͺ Online Bruteforce - WPS PIN bruteforce attack
- π‘ Smart Scanner - WiFi network scanner with vulnerability detection
- π― Embedded Database - Built-in vulnerable device database
- π System-Wide Access - Works from any terminal on rooted Android
- π¦ Zero Dependencies - No external files required
- β‘ Fast Installation - Smart dependency checking
- Root Access (Magisk, KernelSU, or APatch)
- Termux (from F-Droid)
- Python 3.6+
- Active WiFi Hardware
- Python 3.6+
- wpa_supplicant
- pixiewps
- iw (wireless tools)
- Root privileges
curl -fsSL https://zahidoverflow.github.io/oneshot/install.sh | bashWhat the installer does:
- β Verifies root access
- β Installs all dependencies (Python, wpa_supplicant, pixiewps, iw)
- β Installs Python modules (wcwidth)
- β Clones OneShot from GitHub
- β Creates global command wrapper
- β
Installs to
/data/adb/binfor system-wide access - β Detects WiFi interface automatically
# Install dependencies
pkg install -y root-repo
pkg install -y git tsu python wpa-supplicant pixiewps iw openssl
pip install wcwidth
# Clone repository
git clone --depth 1 https://github.com/zahidoverflow/oneshot.git
cd oneshot
# Run
sudo python3 oneshot.py -i wlan0 --iface-down -K# Install dependencies
sudo apt install -y python3 python3-pip wpasupplicant iw wget pixiewps
# Install Python module
pip3 install wcwidth
# Download OneShot
git clone --depth 1 https://github.com/zahidoverflow/oneshot.git
cd oneshot
# Run
sudo python3 oneshot.py -i wlan0 -K# Install dependencies
sudo pacman -S wpa_supplicant pixiewps wget python python-pip iw
# Install Python module
pip install wcwidth
# Download OneShot
git clone --depth 1 https://github.com/zahidoverflow/oneshot.git
cd oneshot
# Run
sudo python3 oneshot.py -i wlan0 -K# Run Pixie Dust attack (auto-scans networks)
sudo oneshot -i wlan0 --iface-down -K
# Attack specific BSSID
sudo oneshot -i wlan0 -b 00:90:4C:C1:AC:21 -K
# Online bruteforce with PIN
sudo oneshot -i wlan0 -b 00:90:4C:C1:AC:21 -B -p 1234
# WPS push button connection
sudo oneshot -i wlan0 --pbc
# Loop mode (continuous scanning)
sudo oneshot -i wlan0 -K -lRequired:
-i, --interface <wlan0> : WiFi interface to use
Optional:
-b, --bssid <mac> : Target AP BSSID
-p, --pin <wps pin> : Use specific PIN (4/8 digits)
-K, --pixie-dust : Run Pixie Dust attack
-B, --bruteforce : Run online bruteforce
--pbc : WPS push button connection
Advanced:
-d, --delay <n> : Delay between attempts [0]
-w, --write : Save credentials to file
-F, --pixie-force : Force full Pixiewps range
-X, --show-pixie-cmd : Show Pixiewps command
--vuln-list <file> : Custom vulnerability list
--iface-down : Shutdown interface on exit
-l, --loop : Run in loop mode
-r, --reverse-scan : Reverse network order
--mtk-wifi : MediaTek WiFi driver support
-v, --verbose : Verbose output
This tool is for educational and authorized security testing purposes only.
- β Legal Use: Testing your own networks or with explicit permission
- β Security Research: Authorized penetration testing
- β Educational: Learning about WiFi security vulnerabilities
- β Illegal Use: Unauthorized access to networks you don't own
Unauthorized access to computer networks is illegal in most countries. The developers assume no liability for misuse of this tool.
# Grant root permissions
su
# Or use sudo
sudo oneshot -i wlan0 -K# List available interfaces
sudo iw dev
# Use correct interface name
sudo oneshot -i wlan1 -K# Reinstall with dependencies
curl -fsSL https://zahidoverflow.github.io/oneshot/install.sh | bash# Unblock WiFi
sudo rfkill unblock wifi
# Or disable WiFi in settings and use --iface-down
sudo oneshot -i wlan0 --iface-down -K# Use MTK driver support
sudo oneshot -i wlan0 --mtk-wifi -Kcd ~/oneshot
git pull origin mastercurl -fsSL https://zahidoverflow.github.io/oneshot/install.sh | bash# Remove files
rm -rf ~/oneshot
rm $PREFIX/bin/oneshot
# Remove system binary (rooted Android)
sudo rm /data/adb/bin/oneshot- WPS PIN Generator - Multiple algorithm support (24-bit, 28-bit, 32-bit, vendor-specific)
- Pixie Dust Engine - Offline WPS PIN recovery using Pixiewps
- Network Scanner - iw-based WiFi network detection
- Vulnerability Database - Embedded list of 160+ vulnerable router models
- WPA Supplicant Interface - Direct WPS protocol implementation
- 24-bit PIN, 28-bit PIN, 32-bit PIN
- D-Link PIN, ASUS PIN, Airocon PIN
- Broadcom (6 variants), Realtek (3 variants)
- Cisco, Thomson, Edimax, Upvel
- Static PINs for specific vendors
Contributions are welcome! Please feel free to submit a Pull Request.
git clone https://github.com/zahidoverflow/oneshot.git
cd oneshot
python3 oneshot.py -i wlan0 -K -vPlease include:
- Device/OS information
- Complete error message
- Steps to reproduce
- Output with
-v(verbose) flag
- Documentation: QUICKSTART.md
- Installer Guide: INSTALLER-README.md
- Original Project: drygdryg/OneShot
- Pixiewps: wiire-a/pixiewps
- rofl0r - Initial OneShot implementation (2017)
- drygdryg - Major enhancements and improvements
- Wiire - Pixiewps development
- zahidoverflow - Termux optimization, one-liner installer, system-wide installation
- Monohrom - Testing and bug reports
- Termux Team - Android terminal environment
- Magisk/KernelSU - Root management frameworks
This project is licensed under the MIT License - see below for details.
MIT License
Copyright (c) 2025 zahidoverflow
Original work Copyright (c) 2017 rofl0r
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
- GitHub Repository: https://github.com/zahidoverflow/oneshot
- Issues: https://github.com/zahidoverflow/oneshot/issues
- Discussions: https://github.com/zahidoverflow/oneshot/discussions
- 160+ Vulnerable Router Models in embedded database
- 30+ WPS PIN Algorithms supported
- Zero External Dependencies for operation
- System-Wide Installation on rooted Android
Made with β€οΈ for the security research community
Disclaimer: Use this tool responsibly and ethically. Always obtain proper authorization before testing network security. The authors and contributors are not responsible for any misuse or damage caused by this tool.