OSCP Report Template: How to Write an OSCP Exam Report That Passes (2026)

What Changed With OSCP+ (2024 Update)

If you are using an old OSCP report template from 2022 or 2023, it is probably outdated. OffSec made significant changes to the exam in late 2024 when they introduced the OSCP+ certification.

The exam now has three independent standalone machines and one Active Directory set with three machines. The AD set is mandatory and worth 40 points. You need 70 points total to pass. The old bonus point system from lab exercises is gone.

This means your report needs a dedicated Active Directory section that documents the full attack chain across multiple machines - something older templates do not include. Our template is built for this updated format.

For a general overview of how professional pentest reports are structured, see our pentest report writing guide.

OSCP Report Structure

OffSec gives you some flexibility in how you format your report, but every passing report includes these sections:

• Cover page with your OS-ID and exam date
• High-level summary of findings and recommendations
• Methodology (information gathering, enumeration, exploitation, post-exploitation, cleanup)
• Independent target walkthroughs (one section per machine)
• Active Directory set walkthrough (all three machines plus the attack chain)
• Appendix with proof file hashes and tool listing

Our downloadable template includes all of these sections pre-formatted and ready to fill in. Red placeholder text shows you exactly where to add your content.

Cover Page

Keep it simple. Include these items and nothing else:

• Title: "Offensive Security Certified Professional - Penetration Test Report"
• Your OS-ID (e.g., OS-12345)
• Your email address
• Exam date
• Report date
• "Confidential" classification

Do not waste time on fancy graphics or layouts. The graders do not care about design. They care about content.

High-Level Summary

This is a short overview written as if you were briefing a client. Even though this is an exam, OffSec wants to see that you can communicate findings at a high level.

Write 2-3 paragraphs covering:

• What you were tasked with (internal penetration test of the exam network)
• What you achieved (which machines you compromised, what access level you obtained)
• High-level recommendations (patch vulnerabilities, improve configurations, enforce strong passwords)

Here is an example:

Keep it professional. Do not use slang or overly casual language. If you need more examples of executive summaries, see our pentest report example post.

Methodology Section

Briefly describe your testing approach. You do not need to write an essay here. A few sentences per phase is enough:

Information Gathering - Describe your reconnaissance approach. Nmap scans, OSINT, DNS enumeration.

Service Enumeration - Describe how you identified specific services and versions. Banner grabbing, directory fuzzing, script scanning.

Penetration - Describe your exploitation approach. Manual exploitation, public exploits, custom scripts.

Post-Exploitation - Describe what you did after gaining access. Privilege escalation, credential harvesting, lateral movement, proof file collection.

House Cleaning - Document everything you changed on the target systems. Files uploaded, accounts created, services modified, persistence mechanisms. In a real engagement you would remove all of these. For the exam, just document them.

Independent Target Walkthroughs

This is where most of your report lives. Each standalone machine gets its own section with the following structure:

Service Enumeration Table

Start each machine with an Nmap scan summary. Include a table with open ports, services, and versions:

Include the full Nmap command you used and a screenshot of the output.

Initial Access

Walk through exactly how you gained your first shell on the machine. This section must include:

• The vulnerability or misconfiguration you exploited
• The exact commands you ran (copy-paste from your terminal)
• Screenshots showing each significant step
• The output proving you gained access

Privilege Escalation

Same structure as initial access but for going from a low-privilege user to root/Administrator:

• What enumeration you did to find the escalation vector
• The vulnerability or misconfiguration exploited
• Exact commands and their output
• Screenshot of root/admin shell

Proof File

End each machine section with a proof table:

Include a screenshot showing the contents of proof.txt (using cat proof.txt) alongside the output of ifconfig or ip addr in the same terminal window. This proves you actually had access to that specific machine.

Active Directory Section

This is the section most outdated templates miss entirely, and it is worth 40 points on the OSCP+ exam.

AD Overview

Start with a high-level description of the AD environment:

• Domain name
• Role of each machine (web server, workstation, domain controller)
• Operating systems
• The overall attack path you took

Per-Machine Walkthrough

Document each AD machine using the same format as independent targets - enumeration, access, proof. But also include:

Lateral movement details: How you moved from one machine to the next. What credentials or tokens you used. What technique (pass-the-hash, WinRM, PSExec, etc.).

AD-specific attacks: Kerberoasting, AS-REP roasting, DCSync, Golden Ticket, etc. Document these clearly.

Attack Chain Summary

This is critical. Write a numbered list showing the complete path from initial access to domain compromise:

The graders need to see that you understand the full attack chain, not just individual machine compromises.

Appendix

Proof and Local Contents Table

A summary table with all flags in one place:

Tool and Payload Listing

List every tool you used with its purpose. This shows professionalism and helps graders understand your approach.

Metasploit Usage

If you used Metasploit, document exactly which target and which module. Remember you can only use Metasploit on one machine during the OSCP exam.

10 Mistakes That Get OSCP Reports Rejected

After talking to dozens of OSCP holders and reviewing community feedback, these are the most common reasons reports get rejected:

1. Missing screenshots. Every major step needs a screenshot. No screenshot means the grader cannot verify your work.

2. Proof file screenshots without IP address. Your proof.txt screenshot must show both the flag contents AND the IP address (ifconfig/ipconfig) in the same terminal. Two separate screenshots do not count.

3. Steps that cannot be reproduced. If you write "I exploited the vulnerability" without showing the exact commands, the grader cannot reproduce it. Write your report as if someone else needs to follow your exact steps.

4. No attack chain for AD. Documenting each AD machine in isolation without showing how you moved between them will lose you points. The attack chain matters.

5. Using Metasploit on more than one machine. You only get one Metasploit use. If your report shows Metasploit on two targets, you will lose points on one of them.

6. Submitting late. You have 24 hours after the exam ends to submit your report. There are no extensions.

7. Wrong file format. Submit a PDF. Not DOCX, not Markdown, not a zip of screenshots. A single PDF file.

8. Skipping the executive summary. It is part of the requirements. Even though it feels pointless for an exam, OffSec wants to see that you can write one.

9. Unclear privilege escalation. Getting root is not enough. Show how you got root. What was the vulnerability? What command did you run? What was the output?

10. No house cleaning section. Even if you did not create any files or accounts, include the section and state that no artifacts were left behind.

Tips for Writing the Report During the Exam

Do not wait until the exam is over to start writing. You have 23 hours and 45 minutes of exam time. Use the last 1-2 hours to start your report while everything is fresh.

Take screenshots as you go. Every command, every output, every proof file. You cannot go back and retake screenshots after the exam VPN disconnects.

Use a template. Do not start from a blank document. Download our OSCP report template before your exam and have it ready.

Write in order. Document each machine right after you finish it. Do not leave all machines for the end.

Copy-paste terminal output. Screenshots are required, but also include the raw command text. This makes your report easier to follow and proves reproducibility.

Sleep. Seriously. Many people fail because they spend all 24 hours hacking and have no energy left to write a coherent report. Budget 4-6 hours for reporting.

Download the OSCP Report Template

Our template is formatted for the 2026 OSCP+ exam and includes every section the graders expect:

• Professional cover page with OS-ID fields
• High-level summary with placeholder text
• Methodology sections pre-filled
• Three independent target sections with enumeration tables, access walkthroughs, and proof tables
• Full Active Directory section with three machine walkthroughs and attack chain summary
• Appendix with proof summary, tool listing, and Metasploit usage tracking

All placeholder text is marked in red so you can easily find and replace it with your own content.

For templates covering real-world client engagements (not exam reports), check out our pentest report templates page.

Convert Your OSCP Skills Into Professional Reports

Once you pass the OSCP, your next challenge is writing reports for actual clients. The exam report format is a great foundation, but client-facing reports need CVSS scoring, executive summaries with business impact, and professional formatting that your exam report does not require. PentestReportAI generates professional client reports from your raw findings in minutes. Paste your Nmap output, Burp results, or manual notes and get a publication-ready PDF or DOCX with CVSS 3.1 auto-scoring, five templates, and AI-generated executive summaries.