top of page
Search

What Tools Are Allowed in OSCP Exam: A Complete Guide

  • Writer: oscp training
    oscp training
  • Jan 4
  • 3 min read

The Offensive Security Certified Professional (OSCP) exam is a rigorous and highly respected certification for penetration testers and cybersecurity professionals. One of the key aspects of the OSCP exam is its strict rules regarding tools. Understanding "what tools are allowed in OSCP" is critical for candidates to effectively prepare for and succeed in the exam. This blog explores the allowed tools, providing insights to help you navigate this challenging certification process.


Understanding OSCP Rules on Tools


Offensive Security enforces strict guidelines to ensure that the OSCP exam reflects real-world penetration testing scenarios. The primary goal is to evaluate your ability to think critically and solve problems without relying on automated tools. Hence, you must be aware of the tools allowed and those prohibited during the exam.


General Guidelines


  1. No Automated Exploitation Tools: Automated tools like Metasploit (except for a limited number of uses), Armitage, and SQLmap are generally prohibited.

  2. Focus on Manual Exploitation: Candidates are expected to demonstrate proficiency in manual exploitation techniques.

  3. Allowed Pre-Installed Tools: You can use tools pre-installed on the official Kali Linux distribution unless specifically restricted by Offensive Security.


Key Tools Allowed in OSCP


The following tools are typically allowed in the OSCP exam:


Information Gathering Tools


  1. Nmap: For network scanning and port discovery.

  2. Netcat: For banner grabbing, port redirection, and reverse shells.

  3. Whois: For gathering domain-related information.

  4. Dig: For DNS enumeration and troubleshooting.


Enumeration Tools


  1. Nikto: For web server vulnerability scanning.

  2. Dirb/Dirbuster: For directory and file brute-forcing.

  3. Enum4linux: For SMB and NetBIOS enumeration.

  4. SMBclient: For interacting with SMB shares.


Exploitation Tools


  1. Metasploit Framework: Restricted to two uses during the exam, often for one buffer overflow and one other exploit.

  2. Manual Exploitation Scripts: Custom scripts written in Python, Bash, or similar languages.


Privilege Escalation Tools


  1. LinPEAS: For automated Linux privilege escalation enumeration.

  2. WinPEAS: For Windows privilege escalation enumeration.

  3. GTFOBins: For leveraging common binaries to escalate privileges.


Reverse Shell Tools


  1. Netcat: For setting up reverse shells.

  2. Socat: For advanced tunneling and shell communication.

  3. Custom Python/Bash Scripts: For creating personalized reverse shells.


Miscellaneous Tools


  1. Pwntools: For exploit development and scripting.

  2. Burp Suite (Community Edition): For web application testing.

  3. Hydra: For brute-forcing credentials.


Tools Prohibited in OSCP


While understanding what tools are allowed, you should also know the tools explicitly prohibited during the OSCP exam:


  1. Automated Exploitation Frameworks: Tools like Armitage, AutoSploit, and Cobalt Strike.

  2. Password Cracking Services: Tools like John the Ripper or Hashcat for distributed cracking using external resources.

  3. Third-Party Tools Not Included in Kali: Unless explicitly approved, avoid third-party tools that aren’t part of the default Kali Linux installation.


How to Prepare for OSCP with Allowed Tools


  1. Practice Manual Techniques: Spend time practicing manual exploitation and enumeration methods.

  2. Familiarize Yourself with Kali Linux: Explore all pre-installed tools and their functionalities.

  3. Use Practice Labs: Enroll in the PWK (Penetration Testing with Kali) course and practice in a lab environment that mirrors the exam conditions.

  4. Document Your Process: Keep detailed notes of commands, tools, and techniques to streamline your exam efforts.


Why Tool Restrictions Matter in OSCP


The tool restrictions in OSCP aim to:


  • Enhance Critical Thinking: By focusing on manual techniques, you develop problem-solving skills crucial for real-world scenarios.

  • Level the Playing Field: The restrictions ensure that all candidates rely on their knowledge and not on automation.

  • Prepare for Professional Challenges: In many penetration testing jobs, you may encounter environments where automated tools are unavailable or discouraged.


Conclusion


Understanding "what tools are allowed in OSCP" is vital for success in this challenging exam. Focus on mastering the tools included in the Kali Linux distribution, emphasizing manual exploitation techniques. Avoid prohibited tools and practice rigorously to enhance your skills. By adhering to the guidelines and honing your abilities, you can confidently tackle the OSCP exam and take a significant step forward in your cybersecurity career.


コメント

Hi, I'm Jeff Sherman

I'm a paragraph. Click here to add your own text and edit me. Let your users get to know you.

  • Facebook
  • LinkedIn
  • Instagram

Creativity. Productivity. Vision.

I'm a paragraph. Click here to add your own text and edit me. I’m a great place for you to tell a story and let your users know a little more about you.

Subscribe

bottom of page