Your shopping cart is empty!
Do not wait until the exam time ends to start writing your report. Documenting as you go prevents missed details and reduces post-exam panic.
after your 48-hour exam window ends. The report is graded on both technical correctness completeness Passing Score: You must earn at least 85 out of 100 points
Results in a Remote Code Execution (RCE) or the intended goal.
The OSWE (OffSec Web Expert) exam report is a professional penetration test documentation that describes your exploitation process for the WEB-300 exam. You have after your 47-hour 45-minute exam session ends to complete and submit this report. Core Report Requirements
A high-level overview of the systems compromised. oswe exam report
A successful OSWP exam report must adhere to a specific structure defined by Offensive Security. While candidates can use their own templates, the content must be exhaustive. Key components typically include:
OffSec enforces strict documentation standards. Failure to meet these can result in zero points, even if you obtained all flags.
: Describe how you bypass filters or sanitization.
If you have time left, step away for an hour, then come back and read your report from the perspective of someone who has never seen the machine. Does it make sense? Final Thoughts Do not wait until the exam time ends
: A brief overview of the vulnerabilities found and the results achieved. Vulnerability Discovery (White-Box) :
I documented every step as I went: the exact requests, the payloads, the timing, and why one approach failed while another succeeded. The exam wasn't a race to the first shell; it was a careful record of reasoning. I took screenshots, saved raw responses, and wrote clear remediation notes—how input validation could be tightened, how templates should be sandboxed, and which configuration flags to change.
Here is the truth that many candidates learn the hard way:
: Ensure your exploit scripts are well-commented and easy to read. The report is graded on both technical correctness
hack for 47 hours and write the report in 1 hour. You will produce garbage.
The most common reason for failure—even for candidates who compromise all networks—is a poor report. Offensive Security evaluates the report based on . If a technical grader cannot follow the report to achieve the same result, the candidate will likely fail. To ensure precision, candidates must: Capture raw command output: Avoid paraphrasing results.
You must include the full, unredacted Python script used to automate the exploitation chain.
The OSWE exam report is a formal penetration testing deliverable. You are acting as a consultant who has successfully compromised two separate machines (or a network of applications) by chaining together multiple vulnerabilities.
This is the core of the report. For each wireless network assigned during the exam (e.g., WEP, WPA2-PSK, WPA2-MGT), the candidate must detail the tools used (such as the Aircrack-ng suite), the specific commands executed, and the resulting output.