CTFd v3.5.1 releases: Capture The Flag framework
What is CTFd?
CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins and themes.
Features
- Create your own challenges, categories, hints, and flags from the Admin Interface
- Static & Regex based flags
- Users can unlock hints for free or with points
- File uploads to the server or Amazon S3
- Limit challenge attempts & hide challenges
- Automatic submission throttling
- Scoreboard with automatic tie resolution
- Hide Scores from the public
- Freeze Scores at a specific time
- Dynamic Scoring
- Scoregraphs comparing the top 10 teams and team progress graphs
- Markdown content management system
- SMTP + Mailgun email support
- Email confirmation support
- Forgot password support
- Automatic competition starting and ending
- Team management & hiding
- Customize everything using the plugin and theme interfaces
- Importing and Exporting of CTF data for archival
- And a lot more…
Changelog v3.5.1
General
- The public scoreboard page is no longer shown to users if account visibility is disabled
- Teams created by admins using the normal team creation flow are now hidden by default
- Redirect users to the team creation page if they access a certain pages before the CTF starts
- Added a notice on the Challenges page to remind Admins if they are in Admins Only mode
- Fixed an issue where users couldn’t login to their team even though they were already on the team
- Fixed an issue with scoreboard tie breaking when an award results in a tie
- Fixed the order of solves, fails, and awards to always be in chronological ordering (latest first).
- Fixed an issue where certain custom fields could not be submitted
Admin Panel
- Improved the rendering of Admin Panel tables on mobile devices
- Clarified the behavior of Score Visibility with respect to Account Visibility in the Admin Panel help text
- Added user id and user email fields to the user mode scoreboard CSV export
- Add CSV export for
teams+members+fields
which is teams with Custom Field entries and their team members with Custom Field entries - The import process will now catch all exceptions in the import process to report them in the Admin Panel
- Fixed issue where
field_entries
could not be imported under MariaDB - Fixed issue where
config
entries sometimes would be recreated for some reason causing an import to fail - Fixed issue with Firefox caching checkboxes by adding
autocomplete='off'
to Admin Panel pages - Fixed issue where Next selection for a challenge wouldn’t always load in Admin Panel
API
- Improve response time of
/api/v1/challenges
and/api/v1/challenges/[challenge_id]/solves
by caching the solve count data for users and challenges - Add
HEAD /api/v1/notifications
to get a count of notifications that have happened.- This also includes a
since_id
parameter to allow for a notification cursor. - Unread notification count can now be tracked by themes that track which notifications a user has read
- This also includes a
- Add
since_id
toGET /api/v1/notifications
to get Notifications that have happened since a specific ID
Deployment
- Imports have been disabled when running with a SQLite database backend
- See #2131
- Added
/healthcheck
endpoint to check if CTFd is ready - There are now ARM Docker images for OSS CTFd
- Bump dependencies for passlib, bcrypt, requests, gunicorn, gevent, python-geoacumen-city, cmarkgfm
- Properly load
SAFE_MODE
config from environment variable - The
AWS_S3_REGION
config has been added to allow specifying an S3 region. The default isus-east-1
- Add individual DATABASE config keys as an alternative to
DATABASE_URL
DATABASE_PROTOCOL
: SQLAlchemy DB protocol (+ driver, optionally)DATABASE_USER
: Username to access DB server withDATABASE_PASSWORD
: Password to access DB server withDATABASE_HOST
: Hostname of the DB server to accessDATABASE_PORT
: Port of the DB server to accessDATABASE_NAME
: Name of the database to use
- Add individual REDIS config keys as an alternative to
REDIS_URL
REDIS_PROTOCOL
: Protocol to access Redis server with (either redis or rediss)REDIS_USER
: Username to access Redis server withREDIS_PASSWORD
: Password to access Redis server withREDIS_HOST
: Hostname of the Redis server to accessREDIS_PORT
: Port of the Redis server to accessREDIS_DB
: Numeric ID of the database to access
Plugins
- Adds support for
config.json
to have multiple paths to add to the Plugins dropdown in the Admin Panel - Plugins and their migrations now have access to the
get_all_tables
andget_columns_for_table
functions - Email sending functions have now been seperated into classes that can be customized via plugins.
- Add
CTFd.utils.email.providers.EmailProvider
- Add
CTFd.utils.email.providers.mailgun.MailgunEmailProvider
- Add
CTFd.utils.email.providers.smtp.SMTPEmailProvider
- Deprecate
CTFd.utils.email.mailgun.sendmail
- Deprecate
CTFd.utils.email.smtp.sendmail
- Add
Themes
- The beta interface
Assets.manifest_css
has been removed event-source-polyfill
is now pinned to 1.0.19.- See #2159
- Note that we will not be using this polyfill starting with the
core-beta
theme.
- Add autofocus to text fields on authentication pages
Install
- git clone https://github.com/CTFd/CTFd.git
- Run ./prepare.sh to install dependencies using apt.
- Modify CTFd/config.py to your liking.
- Use python serve.py in a terminal to drop into debug mode.
- Here are some deployment options
- You can check out the Getting Started guide for a breakdown of some of the features you need to get started.
Tutorial
Copyright 2015-present CTFd LLC
Source: https://github.com/CTFd