CTFd v3.7 releases: Capture The Flag framework
What is CTFd?
CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins and themes.
Features
- Create your own challenges, categories, hints, and flags from the Admin Interface
- Static & Regex based flags
- Users can unlock hints for free or with points
- File uploads to the server or Amazon S3
- Limit challenge attempts & hide challenges
- Automatic submission throttling
- Scoreboard with automatic tie resolution
- Hide Scores from the public
- Freeze Scores at a specific time
- Dynamic Scoring
- Scoregraphs comparing the top 10 teams and team progress graphs
- Markdown content management system
- SMTP + Mailgun email support
- Email confirmation support
- Forgot password support
- Automatic competition starting and ending
- Team management & hiding
- Customize everything using the plugin and theme interfaces
- Importing and Exporting of CTF data for archival
- And a lot more…
Changelog v3.7
General
- Add ability for users to generate social share links after solving a challenge
- After solving a challenge users can click a “share” button which can generate Twitter, Facebook, LinkedIn links
- Add Scoreboard Brackets feature to have multiple sub-scoreboards within the main scoreboard
- Admins can add a bracket for users/teams which must be selected during the registration process. Within the scoreboard, accounts can be organized by bracket in addition to seeing the full list
- Calculate a files sha1sum on upload for future local change detection purposes
- Allow API clients (CTFd, ctfcli, etc) to control the location of an uploaded file
- Allow challenge CSVs to contain JSON in the hints and flags columns so that admins can import more complex data
- Fix issue where hints could not be unlocked during freeze time
- Use the CTF name to be the default index page name
API
- Add
bracket_name
andbracket_id
to/api/v1/scoreboard
- Add
sha1sum
toGET /api/v1/files
- Add
location
toPOST /api/v1/files
Plugins
- Add ability to control the link target for a page (i.e. open in a new tab) via
register_user_page_menu_bar()
- Add
uploaders.open()
to open a file from an uploader - Adds the optional path field to the
Uploaders.upload()
method to control where files get uploaded to
Themes
- Allow customization of the
<meta>
tag & page title via template files - Exposes
unix_time_to_utc()
as a Jinja filter
Admin Panel
- Migrate Admin Panel from webpack to Vite
- Adds Alpine to Admin Panel for plugins to use to add interactivity
Deployment
- Update base image to
python:3.11-slim-bookworm
- Added prefix option to S3 uploader under
AWS_S3_CUSTOM_PREFIX
- This allows CTFd to store files under a folder of an S3 bucket
- Raise exception if a built-in config is defined in the extra config section in config.ini
- CTFd will wait for an import to complete before starting
- This tries to address issues where starting CTFd during an import can interfere with the import
- Add Pillow version 10.1.0 as a dependency
- Update boto3 version to 1.34.39
- Update isort version to 5.13.2
- Update dataset version to 1.6.2
Install
- git clone https://github.com/CTFd/CTFd.git
- Run ./prepare.sh to install dependencies using apt.
- Modify CTFd/config.py to your liking.
- Use python serve.py in a terminal to drop into debug mode.
- Here are some deployment options
- You can check out the Getting Started guide for a breakdown of some of the features you need to get started.
Tutorial
Copyright 2015-present CTFd LLC
Source: https://github.com/CTFd