What is CTFd?
CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it’s easy to customize with plugins and themes.
- Create your own challenges, categories, hints, and flags from the Admin Interface
- Static & Regex based flags
- Users can unlock hints for free or with points
- File uploads to the server or Amazon S3
- Limit challenge attempts & hide challenges
- Automatic submission throttling
- Scoreboard with automatic tie resolution
- Hide Scores from the public
- Freeze Scores at a specific time
- Dynamic Scoring
- Scoregraphs comparing the top 10 teams and team progress graphs
- Markdown content management system
- SMTP + Mailgun email support
- Email confirmation support
- Forgot password support
- Automatic competition starting and ending
- Team management & hiding
- Customize everything using the plugin and theme interfaces
- Importing and Exporting of CTF data for archival
- And a lot more…
- Block user & team name changes if name changes are disabled (Closes #835)
- Set accounts to unconfirmed if email is changed while
- Only allow users to change their email to emails with domains in the whitelist.
email.check_email_is_whitelisted()to verify that a user’s email is whitelisted.
- Create a
get_configwrapper around the internal
_get_configto let us set a default config value (Closes #659)
utils.get_app_config()from memoization and also give it a
utils.initializationand properly call
init_logs()to save logs to the logs folder
- Block the creation of users/teams from MLC if registration_visibility is private
- Fix showing incorrect ‘CTF has ended’ error if
- Fix creating users from the admin panel while name changes are disabled.
/api/v1/teams/<team_id>now coerced to an int (i.e.
- Re-add the
LOG_FOLDERenvvar to docker-compose so we don’t try to write to the read-only host
- Stop gunicorn from logging to
LOG_FOLDERin docker without explicit opt-in
ERROR_LOGenvvars to docker to specify where gunicorn will log to
DATABASE_URLto contain custom MySQL ports for
WORKERScount to 1 to avoid dealing with Flask-SocketIO sticky sessions’
gevent-websocketand use it by default until we have a better solution
- NOTE: In future releases, websockets functionality will likely be removed. (#852)
- git clone https://github.com/CTFd/CTFd.git
- Run ./prepare.sh to install dependencies using apt.
- Modify CTFd/config.py to your liking.
- Use python serve.py in a terminal to drop into debug mode.
- Here are some deployment options
- You can check out the Getting Started guide for a breakdown of some of the features you need to get started.
Copyright 2015-present CTFd LLC