The OSCP examination consists of a virtual network containing targets
of varying configurations and operating systems. At the the start of
the exam, the student receives the exam and connectivity instructions
for an isolated exam network that they have no prior knowledge or
The successful examine will demonstrate their ability to research the
network (information gathering), identify any vulnerabilities and
successfully execute attacks. This often includes modifying exploit
code with the goal to compromise the systems and gain administrative
OSCP certification requires two steps. First, you must complete the Penetration Testing Training with Kali Linux (PWK) course.
This course is self-paced and online and is often referred to as The
Labs in online forums or blogs.
During the labs, you'll have access to 8hrs of videos and 350 pages of course
materials. The most important part of the labs is the hands-on experience you'll
get from the online penetration testing labs (via VPN). At the end of the labs,
you'll conduct a penetration test of the lab environment which will make up
around half of your OSCP certification report.
After you finish the labs and the lab penetration test, you still need to get
certified! This can only be done by passing the 24 hour OSCP test.
In the exam, you have 24 hours on another VPN network to exploit systems,
complete a full penetration test, and submit your report. There's good reason
that the Offsec motto is "Try Harder".
You will have a limited time from the end of your lab time to schedule and
take this unique and challenging ethical hacking certification exam. The OSCP
certification is very challenging and not for the faint-of-heart. However,
earning it is incredibly rewarding and proves to yourself and others that you
have proven, practical penetration testing skills. via OSCP
Why use Dradis?
Rather than using a note taking app to document your findings to use to
manually compile a full report, why not cut out the middleman and use Dradis
throughout the entire process? With this report kit, the notes you take
throughout the labs and exam will be ready to export into your report as soon
as you are finished testing. No manual report generation needed, just click
The above is an overview of the OSCP certification process, visit the OSCP website for more details.
While you're there, don't forget to check out their theme song!
Call Offensive Security from Offensive Security on Vimeo.
Kits make it simple to configure your instance to use the OSCP report using either the web interface (Pro only) or via command line. Detailed instructions on using Dradis kits and creating your own custom kits are available in the Dradis support center.
Uploading a kit (Pro only)
Sign in as an Administrator.
Navigate to Templates > Kit Upload.
Use the Drop zone or the blue Add kit button to select your
Then, just click the green Start button to upload it.
The on-screen log will display all the changes that are being made. Wait until it displays
Worker process completed before moving on.
SCP your kit (e.g.
kit.zip) to your Dradis instance (e.g. to the
Run the following commands in the console as dradispro:
$ cd /opt/dradispro/dradispro/current/
$ RAILS_ENV=production bundle exec thor dradis:setup:kit --file=/tmp/kit.zip
Make sure to update the filename and path to match yours!
$ cd /dradis-ce
$ thor dradis:setup:kit --file=kit.zip
Make sure to update the path to match yours!
This project template is ready to be updated with the results from your Labs and Exam. Unlike the Full Project export, this project template doesn’t contain any Issues or Evidence, just the default Node structure and placeholder Notes that are ready to be updated with your findings.
- In the header of your project, click Upload output from tool
dradis-template-oscp.xml as Dradis::Plugins::Projects::Upload::Template.
- Add Issues and Evidence!
See the Project templates page of the Working with Projects guide for more details on using project templates.
Full Project Export
This is a full project export ready for you to upload to Dradis and export with your report template. This project comes pre-populated with 8 Notes covering report sections from the High-Level summary to the Appendix. And, the project contains 2 sample vulnerabilities to use as a template as you find and document the vulnerabilities you discover during the Labs and Exam.
This report template will generate a report with the following sections:
- Table of contents
- High Level Summary
- Information Gathering
- Service Enumeration
- Penetration: including details on each vulnerability identified in the labs and exam including code samples and screenshots
- Maintaining Access
- House Cleaning
- Additional items not mentioned in the report
- Dradis CE
Place the HTML report template in the
templates/reports/html_export/ folder of your local install.
- Dradis Pro
- Sign in as an Administrator and navigate to Templates > Reports in the header.
- Navigate to the HTML tab and upload the report template.
- From the Projects page, open the OSCP project you created using the project template or full project export.
- Click Export Project in the header and open the HTML export tab
- Select the
dradis_template-oscp.html.erb template and click Export.
See the Creating HTML Reports guide for more details.
Use these templates as a guide when you are creating your own projects. Add them as Note templates to your instance of Dradis so that you can painlessly pre-populate manually-created findings with the correct field names.
- issue.txt: every Issue in your project uses these fields
- evidence.txt: every piece of Evidence in your project uses these fields
- note.txt: every Note in your project (other than the Tester note, see below) uses these fields.
- note-tester: the Tester Note in your project contains a few different fields (e.g. Email) than the regular Note template.
- Dradis CE
Place the .txt files in the templates/notes/ folder of your local
- Dradis Pro
- Upload the templates to Dradis as Note templates using the instructions on the Note Templates page of the Administration guide.