Tools Allowed in OSCP
PWK/OSCP Prep Discord Server ( https://discord.gg/ )
These are merely tools suggested by other users that are deemed “approved” for the exam.
There will be some tools on here that were not suggested on the Discord server as well.
The list is subject to additions/removals as time goes by.
Note Taking
- CherryTree — https://www.giuspen.com/cherrytree/ (Template: https://411hall.github.io/assets/files/CTF_template.ctb)
- KeepNote — http://keepnote.org/
- PenTest.ws — https://pentest.ws/
- Microsoft OneNote
- GitHub Repo
Reporting Frameworks
- Dradis — https://dradisframework.com/academy/industry/compliance/oscp/
- Serpico — https://github.com/SerpicoProject/Serpico
Report Template
- Created by whoisflynn — https://github.com/whosiflynn/OSCP-Exam-Report-Template
Enumeration
- AutoRecon — https://github.com/Tib3rius/AutoRecon
- nmapAutomator — https://github.com/21y4d/nmapAutomator
Web Related
- Dirsearch — https://github.com/maurosoria/dirsearch
- GoBuster — https://github.com/OJ/gobuster
- Recursive GoBuster — https://github.com/epi052/recursive-gobuster
- wfuzz — https://github.com/xmendez/wfuzz
- goWAPT — https://github.com/dzonerzy/goWAPT
- ffuf — https://github.com/ffuf/ffuf
Payload Generators
- Reverse Shell Generator — https://github.com/m0rph-1/revshellgen
- Windows Reverse Shell Generator — https://github.com/thosearetheguise/rev
PHP Reverse Shells
- Windows PHP Reverse Shell — https://github.com/Dhayalanb/windows-php-reverse-shell
- PenTestMonkey Unix PHP Reverse Shell — http://pentestmonkey.net/tools/web-shells/php-reverse-shell
Terminal Related
- tmux — https://tmuxcheatsheet.com/ (cheat sheet)
- tmux-logging — https://github.com/tmux-plugins/tmux-logging
- Oh My Tmux — https://github.com/devzspy/.tmux
- screen — https://gist.github.com/jctosta/af918e1618682638aa82 (cheat sheet)
- Terminator — http://www.linuxandubuntu.com/home/terminator-a-linux-terminal-emulator-with-multiple-terminals-in-one-window
Exploits
- Exploit-DB — https://www.exploit-db.com/
- Windows Kernel Exploits — https://github.com/SecWiki/windows-kernel-exploits
- AutoNSE — https://github.com/m4ll0k/AutoNSE
- Linux Kernel Exploits — https://github.com/lucyoa/kernel-exploits
Brute Forcers
- BruteX — https://github.com/1N3/BruteX
- Hashcat — https://hashcat.net/hashcat/
Post-Exploitation
- LinEnum — https://github.com/rebootuser/LinEnum
- linprivchecker —https://www.securitysift.com/download/linuxprivchecker.py
- Powerless — https://github.com/M4ximuss/Powerless
- PowerUp — https://github.com/HarmJ0y/PowerUp
- Linux Exploit Suggester — https://github.com/mzet-/linux-exploit-suggester
- Windows Exploit Suggester — https://github.com/bitsadmin/wesng
Post-Exploitation AD tools In labs
https://github.com/sense-of-security/ADRecon
https://github.com/hausec/ADAPE-Script
https://github.com/fox-it/mitm6
https://github.com/byt3bl33d3r/CrackMapExec
https://github.com/maaaaz/impacket-examples-windows
https://github.com/ropnop/kerbrute
https://github.com/GhostPack/Rubeus
https://github.com/lgandx/Responder
https://github.com/EmpireProject/Empire
Recent Comments