search

πŸ“‹OSCP Tools Restrictions

This document provides information about tools that are restricted or allowed in the OSCP exam environment, along with alternatives for restricted tools.

hashtag
Prohibited Tools for OSCP

The following tools are generally NOT allowed on the OSCP exam:

hashtag
Automated Vulnerability Scanners

  • Nuclei ❌ - Automated vulnerability scanner

  • Nessus ❌ - Comprehensive vulnerability scanner

  • OpenVAS ❌ - Open-source vulnerability scanner

  • Nexpose ❌ - Commercial vulnerability scanner

  • Qualys ❌ - Cloud-based vulnerability scanner

hashtag
Automated Exploitation Tools

  • SQLMap ❌ - Automated SQL injection tool

  • Automated form bruteforcing ❌ - Tools that automate web form attacks

  • Mass vulnerability scanners ❌ - Tools that scan for multiple vulnerabilities automatically

hashtag
Commercial Tools

  • Burp Suite Pro ❌ - Only the free Community edition is allowed

  • Cobalt Strike ❌ - Commercial post-exploitation framework

  • Core Impact ❌ - Commercial penetration testing software

hashtag
Specific Tools Mentioned

  • theHarvester ⚠️ - Can be used for information gathering outside the exam environment, but not particularly useful inside the exam

  • OWASP ZAP ⚠️ - Technically allowed but with restrictions on automated scanning features

  • Mimikatz ⚠️ - Full version not allowed, but some techniques can be replicated with allowed PowerShell scripts

  • PowerSploit ⚠️ - Some modules are allowed (like PowerUp), but others that automate exploitation are not

hashtag
Allowed Tools and Alternatives

hashtag
Information Gathering

  • Manual OSINT βœ… - Instead of theHarvester, use manual OSINT techniques

  • Nmap βœ… - For network discovery and service enumeration

hashtag
Web Application Testing

  • Burp Suite Community βœ… - Instead of OWASP ZAP or Burp Pro

  • Manual testing βœ… - For SQL injection instead of SQLMap

  • Custom Python scripts βœ… - For specific, targeted tasks

hashtag
Windows Privilege Escalation

Instead of full Mimikatz or PowerSploit, use:

  • WinPEAS βœ… - Windows Privilege Escalation Awesome Script

  • PowerUp.ps1 βœ… - PowerShell script for finding common Windows privilege escalation vectors

  • Individual PowerShell commands βœ… - For specific tasks like dumping SAM hashes

hashtag
Credential Access

Instead of Mimikatz, use:

  • reg save βœ… - To save SAM and SYSTEM hives

  • Impacket's secretsdump.py βœ… - To extract hashes from registry hives

  • PowerShell commands βœ… - For specific credential extraction tasks

hashtag
Best Practices for OSCP

  1. Focus on manual techniques - OSCP values understanding over automation

  2. Document everything - Show your methodology, not just tool output

  3. Use targeted commands - Instead of broad automated scans

  4. Develop your own scripts - For repetitive tasks or specific exploits

  5. When in doubt, ask - Contact the OSCP support if you're unsure about a specific tool

hashtag
Useful Commands to Replace Restricted Tools

hashtag
Instead of SQLMap

hashtag
Instead of Mimikatz

hashtag
Instead of automated scanners

Remember that OSCP is about demonstrating your understanding of the penetration testing process, not just running tools. The exam is designed to test your ability to perform manual exploitation and think critically about security vulnerabilities.

PreviousInformation GatheringNextLinux Privilege Escalation

Last updated