Provide a high-level overview of the security posture. List the vulnerabilities found and their overall impact on the business. 2. Methodology
**Result**: A clean, well-structured report with working exploits = **PASS**. Missing exploit code or unclear source mapping = **FAIL**.
OffSec provides an official exam report template, which you should download and use as your foundation. While you must adhere to their high-level structure, the depth of your content determines your success. Your report must contain the following core sections: 1. Cover Page and Metadata
The template from noraj/OSCP-Exam-Report-Template-Markdown provides an excellent starting point: “I was tasked with performing a white-box penetration test towards Offensive Security Exam. The focus of this test is to provide a comprehensive assessment of both internal and external vulnerabilities”.
: You have 24 hours after the exam ends to submit. Don't wait until the last minute. oswe exam report
To wrap things up, your should be treated with the exact same level of dedication and precision as your exploit code. By presenting a highly detailed, clean, and easily reproducible document, you ensure that your technical triumph in the labs translates into a passing grade on your certificate.
You must document all of your attacks including all steps, commands issued, and console output in the form of a penetration test report. Make sure to include the source code of your custom exploits in your documentation. .
By treating your OSWE exam report with the same level of precision and rigor as your source code analysis, you ensure that your hard work during the practical challenge translates into a successful certification.
OffSec treats the exam report as a formal penetration testing deliverable. It is not a casual write-up or a collection of unorganized screenshots. The grading team reviews your report to evaluate two distinct skill sets: Provide a high-level overview of the security posture
# Verify verify_url = f"self.target/shell_path?cmd=id" r = admin_session.get(verify_url) if "uid=" in r.text: print("[+] Shell written successfully!") print(f"[+] Output: r.text") return True return False
You must include your final, fully automated Python exploit scripts directly within the report body or an appendix. The scripts must run seamlessly from start to finish, generating the final reverse shell or RCE automatically. Final Review and Submission Checklist
If a step isn't documented, it didn't happen.
When pasting Python code into your report editor, ensure the indentation remains completely intact. Python relies on indentation; if your report breaks the syntax, it technically becomes non-functional code. While you must adhere to their high-level structure,
A successful OSWE report must follow a structured hierarchy. If you use the official OffSec template, do not delete the core sections. If you build your own template, ensure it contains these mandatory elements: 1. Executive Summary
You must create a dedicated section for each target machine. For every machine, break down your exploit chain into these granular sub-sections: A. Vulnerability Identification (Source Code Analysis)
class Exploit: def __init__(self, target_url, luser, lpass): self.target = target_url.rstrip('/') self.session = requests.Session() self.luser = luser self.lpass = lpass