OSWE
OffSec

Offensive Security Web Expert

Expert 48hr code review + exploit Pass: 100+ points $1,499

White-box web app testing, source code review, custom exploit chains.

Official Page
IssuerOffSec
Format48hr code review + exploit
Duration72 hours total
Pass Score100+ points
Valid For3y
Overview Syllabus (6) Tools (5) Cheat Sheets (0) Labs (1)
Recommended Tools
Semgrep Essential
Code Analysis

Static analysis for finding security patterns

installpip3 install semgrep
usagesemgrep --config p/php-security src/
GitTools Essential
Code Audit

Git repository extraction tools

installgit clone https://github.com/internetwache/GitTools
usage./gitdumper.sh http://target/.git/ /output; ./extractor.sh /output /extracted
phpggc Essential
Deserialization

PHP gadget chain generator (like ysoserial for PHP)

installgit clone https://github.com/ambionics/phpggc
usage./phpggc -l; ./phpggc Laravel/RCE1 system id
ysoserial Essential
Deserialization

Java deserialization exploit gadget generator

installDownload jar from releases
usagejava -jar ysoserial.jar CommonsCollections1 "id" > payload.ser
jwt_tool Essential
JWT

JWT testing and attacking tool

installgit clone https://github.com/ticarpi/jwt_tool && pip3 install -r requirements.txt
usagepython3 jwt_tool.py <token> -X a
Burp Suite Pro Essential
Web Proxy

Advanced web proxy with scanner

installDownload from portswigger.net
usageActive scan, Intruder, custom extensions