Offensive Security Web Assessor

Intermediate 48hr practical + report Pass: 100+ points $1,499

Web application penetration testing — SQL injection, XSS, SSRF, deserialization.

Official Page

IssuerOffSec

Format48hr practical + report

Duration72 hours total

Pass Score100+ points

Valid For3y

Overview Syllabus (7) Tools (7) Cheat Sheets (1) Labs (1)

Recommended Tools

ffuf Essential

Fuzzing

Fast web fuzzer

installsudo apt install ffuf

usageffuf -u http://target/FUZZ -w wordlist.txt -fc 404

Arjun Essential

Parameter

HTTP parameter discovery

installpip3 install arjun

usagearjun -u http://target/api

Nikto Essential

Scanning

Web server vulnerability scanner

installsudo apt install nikto

usagenikto -h http://target -o nikto.txt

Nuclei Essential

Scanning

Template-based vulnerability scanner

installgo install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

usagenuclei -u http://target -t cves/ -t exposures/

SQLMap Essential

SQLi

Automated SQL injection tool

installsudo apt install sqlmap

usagesqlmap -u "http://target?id=1" --dbs --batch

Burp Suite Essential

Web Proxy

HTTP proxy for web app testing

installDownload from portswigger.net

usageConfigure browser proxy 127.0.0.1:8080

Dalfox Essential

XSS

Fast XSS scanner

installgo install github.com/hahwul/dalfox/v2@latest

usagedalfox url "http://target/search?q=test"

XSStrike Essential

XSS

Advanced XSS detection tool

installpip3 install xsstrike

usagepython3 xsstrike.py -u "http://target/search?q=test"

WPScan

CMS

WordPress vulnerability scanner

installsudo gem install wpscan

usagewpscan --url http://target --enumerate u,p,t --api-token TOKEN