CTFd v2.0.4 releases: Capture The Flag framework

What is CTFd?

CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins and themes.



  • Create your own challenges, categories, hints, and flags from the Admin Interface
    • Static & Regex based flags
    • Users can unlock hints for free or with points
    • File uploads to the server or Amazon S3
    • Limit challenge attempts & hide challenges
    • Automatic submission throttling
  • Scoreboard with automatic tie resolution
  • Scoregraphs comparing the top 10 teams and team progress graphs
  • Markdown content management system
  • SMTP + Mailgun email support
    • Email confirmation support
    • Forgot password support
  • Automatic competition starting and ending
  • Team management & hiding
  • Customize everything using the plugin and theme interfaces
  • Importing and Exporting of CTF data for archival
  • And a lot more…

Changelog v2.0.4


  • Block user & team name changes if name changes are disabled (Closes #835)
  • Set accounts to unconfirmed if email is changed while verify_emails is enabled
  • Only allow users to change their email to emails with domains in the whitelist.
  • Add email.check_email_is_whitelisted() to verify that a user’s email is whitelisted.
  • Create a get_config wrapper around the internal _get_config to let us set a default config value (Closes #659)
  • Remove utils.get_app_config() from memoization and also give it a default parameter
  • Move utils.logging.init_logs() into utils.initialization and properly call init_logs() to save logs to the logs folder
  • Block the creation of users/teams from MLC if registration_visibility is private
  • Fix showing incorrect ‘CTF has ended’ error if view_after_ctf is set.
  • Fix creating users from the admin panel while name changes are disabled.


  • /api/v1/teams/<team_id> now coerced to an int (i.e. /api/v1/teams/<int:team_id>)


  • Re-add the LOG_FOLDER envvar to docker-compose so we don’t try to write to the read-only host
  • Stop gunicorn from logging to LOG_FOLDER in docker without explicit opt-in
  • Add ACCESS_LOG and ERROR_LOG envvars to docker to specify where gunicorn will log to
  • Allow DATABASE_URL to contain custom MySQL ports for docker-entrypoint.sh
  • Drop WORKERS count to 1 to avoid dealing with Flask-SocketIO sticky sessions’
  • Install gevent-websocket and use it by default until we have a better solution
  • NOTE: In future releases, websockets functionality will likely be removed. (#852)


  1. git clone https://github.com/CTFd/CTFd.git
  2. Run ./prepare.sh to install dependencies using apt.
  3. Modify CTFd/config.py to your liking.
  4. Use python serve.py in a terminal to drop into debug mode.
  5. Here are some deployment options
  6. You can check out the Getting Started guide for a breakdown of some of the features you need to get started.


Copyright 2015-present CTFd LLC

Source: https://github.com/CTFd