OSCP Certificate

The following is an unofficial list of OSCP approved tools that were posted in the PWK/OSCP Prep Discord Server ( https://discord.gg/eG6Nt4x )

Please note it is by no means a complete list of all tools. These are merely tools suggested by other users that are deemed “approved” for the exam.

There will be some tools on here that were not suggested on the Discord server as well.

As a general rule of thumb if a tool can auto-exploit, it is banned on the exam.

List is subject to additions/removals as time goes by.

Last modified September 21, 2020.

Note Taking

CherryTree — https://www.giuspen.com/cherrytree/ (Template: https://411hall.github.io/assets/files/CTF_template.ctb)

KeepNote — http://keepnote.org/

PenTest.ws — https://pentest.ws/

Microsoft OneNote

GitHub Repo

Joplin with TJNull (OffSec Community Manager) template — https://github.com/tjnull/TJ-JPT

Obisidian Mark Down — https://obsidian.md/

Reporting Frameworks

Report Template

Created by whoisflynn — https://github.com/whosiflynn/OSCP-Exam-Report-Template

Created by Noraj — https://github.com/noraj/OSCP-Exam-Report-Template-Markdown

Enumeration

Web Related

Dirsearch — https://github.com/maurosoria/dirsearch

GoBuster — https://github.com/OJ/gobuster

Recursive GoBuster — https://github.com/epi052/recursive-gobuster

wfuzz — https://github.com/xmendez/wfuzz

goWAPT — https://github.com/dzonerzy/goWAPT

ffuf — https://github.com/ffuf/ffuf

Nikto — https://github.com/sullo/nikto

dirb — https://tools.kali.org/web-applications/dirb

dirbuster — https://tools.kali.org/web-applications/dirbuster

Network Tools

File Transfers

Wordlists / Dictionaries

Payload Generators

Reverse Shell Generator — https://github.com/cwinfosec/revshellgen

Windows Reverse Shell Generator — https://github.com/thosearetheguise/rev

MSFVenom Payload Creator — https://github.com/g0tmi1k/msfpc

PHP Reverse Shells

Windows PHP Reverse Shell — https://github.com/Dhayalanb/windows-php-reverse-shell

PenTestMonkey Unix PHP Reverse Shell — http://pentestmonkey.net/tools/web-shells/php-reverse-shell

Terminal Related

Exploits

Exploit-DB — https://www.exploit-db.com/

Windows Kernel Exploits — https://github.com/SecWiki/windows-kernel-exploits

AutoNSE — https://github.com/m4ll0k/AutoNSE

Linux Kernel Exploits — https://github.com/lucyoa/kernel-exploits

Password Brute Forcers

BruteX — https://github.com/1N3/BruteX

Hashcat — https://hashcat.net/hashcat/

John the Ripper — https://www.openwall.com/john/

Post-Exploitation / Privilege Escalation

LinEnum — https://github.com/rebootuser/LinEnum

linprivchecker —https://www.securitysift.com/download/linuxprivchecker.py

Powerless — https://github.com/M4ximuss/Powerless

PowerUp — https://github.com/HarmJ0y/PowerUp

Linux Exploit Suggester — https://github.com/mzet-/linux-exploit-suggester

Windows Exploit Suggester — https://github.com/bitsadmin/wesng

Windows Privilege Escalation Awesome Scripts (WinPEAS) — https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS

Linux Privilege Escalation Awesome Script (LinPEAS) — https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS

GTFOBins (Bypass local restrictions) — https://gtfobins.github.io/

Get GTFOBins — https://github.com/CristinaSolana/ggtfobins

sudo_killer — https://github.com/TH3xACE/SUDO_KILLER

Privilege Escalation Practice

Local Privilege Escalation Workshop — https://github.com/sagishahar/lpeworkshop

Linux Privilege Escalation — https://www.udemy.com/course/linux-privilege-escalation/

Windows Privilege Escalation — https://www.udemy.com/course/windows-privilege-escalation/

Extra Practice