Para el OSCP no puedes usar herramientas automáticas como Burp Pro, o escaners como Nexpose, Tenable, etc.
Tampoco te dicen claramente que usar. Hay una lista de recursos recomendados por los que ya pasaron que puede servir de guia. Fue originalmente publicado en discord.

Reporting Frameworks

• Dradis — https://dradisframework.com/academy/industry/compliance/oscp/
• Serpico — https://github.com/SerpicoProject/Serpico

Report Template

• Created by whoisflynn — https://github.com/whosiflynn/OSCP-Exam-Report-Template

Enumeration

• AutoRecon — https://github.com/Tib3rius/AutoRecon
• nmapAutomator — https://github.com/21y4d/nmapAutomator

Web Related

• Dirsearch — https://github.com/maurosoria/dirsearch
• GoBuster — https://github.com/OJ/gobuster
• Recursive GoBuster — https://github.com/epi052/recursive-gobuster
• wfuzz — https://github.com/xmendez/wfuzz
• goWAPT — https://github.com/dzonerzy/goWAPT
• ffuf — https://github.com/ffuf/ffuf

Payload Generators

• Reverse Shell Generator — https://github.com/m0rph-1/revshellgen
• Windows Reverse Shell Generator — https://github.com/thosearetheguise/rev

PHP Reverse Shells

• Windows PHP Reverse Shell — https://github.com/Dhayalanb/windows-php-reverse-shell
• PenTestMonkey Unix PHP Reverse Shell — http://pentestmonkey.net/tools/web-shells/php-reverse-shell

Terminal Related

• tmux — https://tmuxcheatsheet.com/ (cheat sheet)
• tmux-logging — https://github.com/tmux-plugins/tmux-logging
• Oh My Tmux — https://github.com/devzspy/.tmux
• screen — https://gist.github.com/jctosta/af918e1618682638aa82 (cheat sheet)
• Terminator — http://www.linuxandubuntu.com/home/terminator-a-linux-terminal-emulator-with-multiple-terminals-in-one-window

Exploits

• Exploit-DB — https://www.exploit-db.com/
• Windows Kernel Exploits — https://github.com/SecWiki/windows-kernel-exploits
• AutoNSE — https://github.com/m4ll0k/AutoNSE
• Linux Kernel Exploits — https://github.com/lucyoa/kernel-exploits

Brute Forcers

• BruteX — https://github.com/1N3/BruteX
• Hashcat — https://hashcat.net/hashcat/

Post-Exploitation

• LinEnum — https://github.com/rebootuser/LinEnum
• linprivchecker —https://www.securitysift.com/download/linuxprivchecker.py
• Powerless — https://github.com/M4ximuss/Powerless
• PowerUp — https://github.com/HarmJ0y/PowerUp
• Linux Exploit Suggester — https://github.com/mzet-/linux-exploit-suggester
• Windows Exploit Suggester — https://github.com/bitsadmin/wesng

Privilege Escalation Practice

• Local Privilege Escalation Workshop — https://github.com/sagishahar/lpeworkshop