CTFd v3.5.1 releases: Capture The Flag framework

What is CTFd?

CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins and themes.

Features

• Create your own challenges, categories, hints, and flags from the Admin Interface
  • Static & Regex based flags
  • Users can unlock hints for free or with points
  • File uploads to the server or Amazon S3
  • Limit challenge attempts & hide challenges
  • Automatic submission throttling
• Scoreboard with automatic tie resolution
  • Hide Scores from the public
  • Freeze Scores at a specific time
  • Dynamic Scoring
• Scoregraphs comparing the top 10 teams and team progress graphs
• Markdown content management system
• SMTP + Mailgun email support
  • Email confirmation support
  • Forgot password support
• Automatic competition starting and ending
• Team management & hiding
• Customize everything using the plugin and theme interfaces
• Importing and Exporting of CTF data for archival
• And a lot more…

Changelog v3.5.1

General

• The public scoreboard page is no longer shown to users if account visibility is disabled
• Teams created by admins using the normal team creation flow are now hidden by default
• Redirect users to the team creation page if they access a certain pages before the CTF starts
• Added a notice on the Challenges page to remind Admins if they are in Admins Only mode
• Fixed an issue where users couldn’t login to their team even though they were already on the team
• Fixed an issue with scoreboard tie breaking when an award results in a tie
• Fixed the order of solves, fails, and awards to always be in chronological ordering (latest first).
• Fixed an issue where certain custom fields could not be submitted

Admin Panel

• Improved the rendering of Admin Panel tables on mobile devices
• Clarified the behavior of Score Visibility with respect to Account Visibility in the Admin Panel help text
• Added user id and user email fields to the user mode scoreboard CSV export
• Add CSV export for teams+members+fields which is teams with Custom Field entries and their team members with Custom Field entries
• The import process will now catch all exceptions in the import process to report them in the Admin Panel
• Fixed issue where field_entries could not be imported under MariaDB
• Fixed issue where config entries sometimes would be recreated for some reason causing an import to fail
• Fixed issue with Firefox caching checkboxes by adding autocomplete='off' to Admin Panel pages
• Fixed issue where Next selection for a challenge wouldn’t always load in Admin Panel

API

• Improve response time of /api/v1/challenges and /api/v1/challenges/[challenge_id]/solves by caching the solve count data for users and challenges
• Add HEAD /api/v1/notifications to get a count of notifications that have happened.
  • This also includes a since_id parameter to allow for a notification cursor.
  • Unread notification count can now be tracked by themes that track which notifications a user has read
• Add since_id to GET /api/v1/notifications to get Notifications that have happened since a specific ID

Deployment

• Imports have been disabled when running with a SQLite database backend
  • See #2131
• Added /healthcheck endpoint to check if CTFd is ready
• There are now ARM Docker images for OSS CTFd
• Bump dependencies for passlib, bcrypt, requests, gunicorn, gevent, python-geoacumen-city, cmarkgfm
• Properly load SAFE_MODE config from environment variable
• The AWS_S3_REGION config has been added to allow specifying an S3 region. The default is us-east-1
• Add individual DATABASE config keys as an alternative to DATABASE_URL
  • DATABASE_PROTOCOL: SQLAlchemy DB protocol (+ driver, optionally)
  • DATABASE_USER: Username to access DB server with
  • DATABASE_PASSWORD: Password to access DB server with
  • DATABASE_HOST: Hostname of the DB server to access
  • DATABASE_PORT: Port of the DB server to access
  • DATABASE_NAME: Name of the database to use
• Add individual REDIS config keys as an alternative to REDIS_URL
  • REDIS_PROTOCOL: Protocol to access Redis server with (either redis or rediss)
  • REDIS_USER: Username to access Redis server with
  • REDIS_PASSWORD: Password to access Redis server with
  • REDIS_HOST: Hostname of the Redis server to access
  • REDIS_PORT: Port of the Redis server to access
  • REDIS_DB: Numeric ID of the database to access

Plugins

• Adds support for config.json to have multiple paths to add to the Plugins dropdown in the Admin Panel
• Plugins and their migrations now have access to the get_all_tables and get_columns_for_table functions
• Email sending functions have now been seperated into classes that can be customized via plugins.
  • Add CTFd.utils.email.providers.EmailProvider
  • Add CTFd.utils.email.providers.mailgun.MailgunEmailProvider
  • Add CTFd.utils.email.providers.smtp.SMTPEmailProvider
  • Deprecate CTFd.utils.email.mailgun.sendmail
  • Deprecate CTFd.utils.email.smtp.sendmail

Themes

• The beta interface Assets.manifest_css has been removed
• event-source-polyfill is now pinned to 1.0.19.
  • See #2159
  • Note that we will not be using this polyfill starting with the core-beta theme.
• Add autofocus to text fields on authentication pages

Install

1. git clone https://github.com/CTFd/CTFd.git
2. Run ./prepare.sh to install dependencies using apt.
3. Modify CTFd/config.py to your liking.
4. Use python serve.py in a terminal to drop into debug mode.
5. Here are some deployment options
6. You can check out the Getting Started guide for a breakdown of some of the features you need to get started.

Tutorial

Copyright 2015-present CTFd LLC

Source: https://github.com/CTFd