Skip to content

Commit

Permalink
merge gssoc20-dev into master (#53)
Browse files Browse the repository at this point in the history
* update to conform with flake8/PEP8 | #47

* Update README.md

* Create CODE_OF_CONDUCT.md (#51)

* 1. psf/black formatting with travis checks, 2. adjust docs, create CONTRIBUTING.md, 3. helper fns for creating admin pass and secret key by itself on run

create admin pass and secret key by itself on run

* Update README.md

Co-authored-by: Aman-Codes <[email protected]>
Co-authored-by: Ankur Chattopadhyay <[email protected]>
  • Loading branch information
3 people authored Apr 19, 2020
1 parent 054bde9 commit f07e323
Show file tree
Hide file tree
Showing 20 changed files with 495 additions and 350 deletions.
4 changes: 3 additions & 1 deletion .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,7 @@ install:
- "pip install -r src/requirements.txt"
- "python src/create_db.py"

before_script:
- black . --check
script:
- pytest --flake8
- flake8 . --count --max-line-length=88 --show-source --statistics
71 changes: 71 additions & 0 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
# Code of Conduct

## Our Pledge

As contributors and maintainers of the RTB-CTF-Framework project, and in the interest
of fostering an open and welcoming community, we pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, sex characteristics, gender identity and expression,
level of experience, education, socio-economic status, nationality, personal
appearance, race, religion, or sexual identity and orientation.

## Our Standards

Examples of behavior that contributes to creating a positive environment
include:

* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members

Examples of unacceptable behavior by participants include:

* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting

## Our Responsibilities

Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.

Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.

## Scope

This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.

## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at our Slack channel. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.

Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.

[homepage]: https://www.contributor-covenant.org

For answers to common questions about this code of conduct, see
https://www.contributor-covenant.org/faq
83 changes: 83 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@

# Contributing to RTB-CTF-Framework

<p align="center">
<a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/graphs/contributors">
<img alt="GitHub contributors" src="https://img.shields.io/github/contributors-anon/abs0lut3pwn4g3/RTB-CTF-Framework?color=red&logo=github&style=for-the-badge">
</a>
<a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Agssoc20">
<img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/gssoc20?color=deeppink&style=for-the-badge">
</a>
</p>

<p align="center">
<a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Aeasy">
<img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/easy?color=seagreen&style=for-the-badge">
</a>
<a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Amedium">
<img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/medium?color=%23e99695&style=for-the-badge">
</a>
<a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Ahard">
<img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/hard?color=%23cc317c%09&style=for-the-badge">
</a>
</p>

## This project makes use of the following Flask libraries

* Flask-blueprints for modularity and clean codebase,
* Flask-admin for Admin views and easy realtime management,
* Flask-SQLAlchemy for SQL models,
* Flask-login for session handling,
* Flask-wtf for responsive forms,
* Flask-mail for mail service,
* Flask-bcrypt for password hashing and security,

## Style Guide

Keeping to a consistent code style throughout the project makes it easier to contribute and collaborate. Please stick to the guidelines in PEP8, [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) and the Google Style Guide unless there’s a very good reason not to.

## Contact

##### 👨 Project Owner

- Eshaan Bansal ([github](https://github.com/eshaan7),[linkedin](https://www.linkedin.com/in/eshaan7/))

##### 👬 Mentors

- Sombuddha Chakravarty ([github](https://github.com/sammy1997),[linkedin](https://www.linkedin.com/in/sombuddha-chakravarty-9482b5131/))

Feel free to ask your queries!! 🙌

##### Slack Channel

- [#proj_root-the-box-ctf-framework](https://app.slack.com/client/TRN1H1V43/CUC71PDD2)

## Where to start ?

See: [Issues](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues) and the following To-do list. Or just ping one of the mentors with new ideas.

> Note: All PRs within the GSSoC'20 period will be merged in the `gssoc20-dev` branch.
## To-do

- [ ] Ideas for additional logging techniques to prevent flag sharing, cheating and such. (Issue: [#7](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/7))
- [ ] Support for *n* number of boxes (accordions? seperate route?). (Issue: [#17](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/17))
- [ ] Rating system: Average Box rating - input, calculate, output. (Issue: [#14](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/14))
- [ ] Dark theme for `admin control` panel. (Issue: [#16](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/16))
- [ ] Testing Password reset functionality, the mail-server setup, etc.
- [ ] More info on `home.html`
- [ ] Need to implement `account.html`
- [ ] Support for more hashes per box (not a priority)

<hr/>

- [x] Freeze Scoreboard automatically past running time specified (Issue: [#3](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/3))
- [x] Adding a `Deploy to Heroku` button. (Issue: [#15](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/15))
- [x] Adding CI, Linting, Formatting specs. (Issue: [#18](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/18))
- [x] db relationship between User and Score Tables (priority | issue: #5)
- [x] isAdmin column in User table and Admin views (priority)
- [x] Notifications
- [x] Use Flask Blueprints
- [x] Finalize black theme?
- [x] Error messages not appearing in `/submit`
- [x] Implement `machine.html` to server a page where one can download/serve machines
154 changes: 60 additions & 94 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,50 +1,80 @@
# RootTheBox CTF Framework

<p align="center">
<a href="https://lgtm.com/projects/g/abs0lut3pwn4g3/RTB-CTF-Framework/context:python">
<img alt="Language grade: Python" src="https://img.shields.io/lgtm/grade/python/g/abs0lut3pwn4g3/RTB-CTF-Framework.svg?logo=lgtm&logoWidth=18"/>
<p >
<a href="https://inventory.rawsec.ml/" target="_blank">
<img height="26px" alt="Rawsec's CyberSecurity Inventory" src="https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_for-the-badge.svg">
</a>
<a href="https://travis-ci.com/abs0lut3pwn4g3/RTB-CTF-Framework">
<img height="26px" src="https://forthebadge.com/images/badges/made-with-python.svg">
</p>
<p style="height:18px">
<a href="https://travis-ci.com/abs0lut3pwn4g3/RTB-CTF-Framework" target="_blank">
<img alt="Build Status" src="https://travis-ci.com/abs0lut3pwn4g3/RTB-CTF-Framework.svg?branch=gssoc20-dev"/>
</a>
</p>

<p align="center">
<a href="https://inventory.rawsec.ml/">
<img alt="Rawsec's CyberSecurity Inventory" src="https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_for-the-badge.svg">
<!-- <a href="https://lgtm.com/projects/g/abs0lut3pwn4g3/RTB-CTF-Framework/context:python">
<img alt="Language grade: Python" src="https://img.shields.io/lgtm/grade/python/g/abs0lut3pwn4g3/RTB-CTF-Framework.svg?logo=lgtm&logoWidth=18"/>
</a> -->
<a href="https://github.com/psf/black" target="_blank">
<img alt="Code style: black" src="https://img.shields.io/badge/code%20style-black-000000.svg"/>
</a>
</p>

<p align="center">
<img src="https://forthebadge.com/images/badges/made-with-python.svg">
</p>

A lightweight, easy to deploy CTF framework(in Flask) for HackTheBox style machines.
A lightweight, easy to deploy CTF framework (in Flask) for HackTheBox style machines.

The main purpose of this project is to serve as a scoring engine and CTF manager.

**Want to see it in action?**

A live demo of the app is available at: <https://rtblivedemo.herokuapp.com/>.

You can login and mess around as 2 users: `admin:admin` and `test:test`(i.e. username:password combinations)
You can login and mess around as 2 users: `admin:admin` and `test:test` (i.e. username:password combinations)

## Features

##### For CTF hosters
* A page to show relevant details about the machine such as name, IP, OS, points and difficulty level.
* Automatic strong password for administrator
* Well implemented controls for administrators providing features such as issuing notifications, database CRUD operations, full fledged logging,
* Simple User Registration/login process, account management, Forgot password functionalities,
* Flag submission (currently 2 flags: user and root),
* Real time scoreboard tracking,
* Easily deployable on Heroku.

##### For Developers & Contributors
* Flask-blueprints for modularity and clean codebase,
* Flask-admin for Admin views and easy realtime management,
* Flask-SQLAlchemy for SQL models,
* Flask-wtf for forms,
* Flask-mail for mail service.

##### For CTF hosters
* A page to show relevant details about the machine such as name, IP, OS, points and difficulty level.
* Well implemented controls for administrators providing features such as issuing notifications, database CRUD operations, full fledged logging,
* Simple User Registration/login process, account management, Forgot password functionalities,
* Flag submission (currently 2 hashes: user and root),
* Real time scoreboard tracking,
* Easily deployable on Heroku.
## Deployment

### Heroku

[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)

or do it manually,

1. Create your heroku app using `heroku` cli tool.

Follow the official guide by Heroku: https://devcenter.heroku.com/articles/getting-started-with-python#prepare-the-app

2. Provision Database add-on.

Add the following add on to your new app: https://elements.heroku.com/addons/heroku-postgresql

3. Creating database instance. In your heroku app directory,

```bash
$ heroku run bash
[heroku]$ python create_db.py
```
4. Your app should be live now. You can run `heroku open` to open it in browser.

### Docker

```bash
$ docker-compose up
```

## How To Use

Expand Down Expand Up @@ -78,36 +108,13 @@ $ cd src/
[venv]$ python run.py
```

### Deployment using Heroku
### Configuration For Your CTF

[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)

or do it manually,

1. Create your heroku app using `heroku` cli tool.

Follow the official guide by Heroku: https://devcenter.heroku.com/articles/getting-started-with-python#prepare-the-app

2. Provision Database add-on.

Add the following add on to your new app: https://elements.heroku.com/addons/heroku-postgresql

3. Creating database instance. In your heroku app directory,

```bash
$ heroku run bash
[heroku]$ python create_db.py
```
4. Your app should be live now. You can run `heroku open` to open it in browser.


## For Your CTF

Using this as simple as anything.
Using this as simple as anything.

1. Just configure your CTF settings in [`config.py`](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/blob/master/src/FlaskRTBCTF/config.py).

2. DO NOT FORGET to change admin credentials from [`create_db.py`](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/blob/master/src/create_db.py)
2. When you run [`create_db.py`](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/blob/master/src/create_db.py), a strong and random 16 char password for the **admin** user is created and set in the environment variable `ADMIN_PASS`. On Heroku, you can reveal this password from your application's dashboard settings.

3. See database instance creation steps under How To Use.

Expand All @@ -117,7 +124,7 @@ Bonus: You can manage the database CRUD operations from admin views GUI as well
## Contributing

<p align="center">
<p>
<a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/graphs/contributors">
<img alt="GitHub contributors" src="https://img.shields.io/github/contributors-anon/abs0lut3pwn4g3/RTB-CTF-Framework?color=red&logo=github&style=for-the-badge">
</a>
Expand All @@ -126,61 +133,20 @@ Bonus: You can manage the database CRUD operations from admin views GUI as well
</a>
</p>

<p align="center">
<a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Aeasy">
<img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/easy?color=seagreen&style=for-the-badge">
</a>
<a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Amedium">
<img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/medium?color=%23e99695&style=for-the-badge">
</a>
<a href="https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues?q=is%3Aopen+is%3Aissue+label%3Ahard">
<img alt="GitHub issues by-label" src="https://img.shields.io/github/issues/abs0lut3pwn4g3/RTB-CTF-Framework/hard?color=%23cc317c%09&style=for-the-badge">
</a>
</p>

Keeping to a consistent code style throughout the project makes it easier to contribute and collaborate. Please stick to the guidelines in PEP8 and the Google Style Guide unless there’s a very good reason not to.
Please see: [Issues](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues) and the following To-do list.

> Note: All PRs within the GSSoC'20 period will be merged in the `gssoc20-dev` branch.

##### 👨 Project Owner

- Eshaan Bansal ([github](https://github.com/eshaan7),[linkedin](https://www.linkedin.com/in/eshaan7/))
- Eshaan Bansal ([github](https://github.com/eshaan7), [linkedin](https://www.linkedin.com/in/eshaan7/))

##### 👬 Mentors

- Sombuddha Chakravarty ([github](https://github.com/sammy1997),[linkedin](https://www.linkedin.com/in/sombuddha-chakravarty-9482b5131/))
- Sombuddha Chakravarty ([github](https://github.com/sammy1997), [linkedin](https://www.linkedin.com/in/sombuddha-chakravarty-9482b5131/))

Feel free to ask your queries!! 🙌

##### Slack Channel
##### Slack Channel for GSSoC 2020

- [#proj_root-the-box-ctf-framework](https://app.slack.com/client/TRN1H1V43/CUC71PDD2)

## To-do

- [ ] Ideas for additional logging techniques to prevent flag sharing, cheating and such. (Issue: [#7](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/7))
- [ ] Support for *n* number of boxes (accordions? seperate route?). (Issue: [#17](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/17))
- [ ] Rating system: Average Box rating - input, calculate, output. (Issue: [#14](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/14))
- [ ] Dark theme for `admin control` panel. (Issue: [#16](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/16))
- [ ] Testing Password reset functionality, the mail-server setup, etc.
- [ ] More info on `home.html`
- [ ] Support for more hashes per box (not a priority)
- [ ] Need to implement `account.html` (not a priority)

<hr/>

- [x] Freeze Scoreboard automatically past running time specified (Issue: [#3](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/3))
- [x] Adding a `Deploy to Heroku` button. (Issue: [#15](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/15))
- [x] Adding CI, Linting, Formatting specs. (Issue: [#18](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/issues/18))
- [x] db relationship between User and Score Tables (priority | issue: #5)
- [x] isAdmin column in User table and Admin views (priority)
- [x] Notifications
- [x] Use Flask Blueprints
- [x] Finalize black theme?
- [x] Error messages not appearing in `/submit`
- [x] Implement `machine.html` to server a page where one can download/serve machines

For further guidelines, Please refer to [CONTRIBUTING.md](CONTRIBUTING.md)

## Screenshots

Expand Down
2 changes: 1 addition & 1 deletion app.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "RootTheBox CTF Framework",
"description": "A lightweight, easy to deploy CTF framework(in Flask) for HackTheBox style machines.",
"description": "A lightweight, easy to deploy CTF framework (in Flask) for HackTheBox style machines.",
"repository": "https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework",
"addons": [
{
Expand Down
2 changes: 1 addition & 1 deletion setup.cfg
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# content of setup.cfg
# content of setup.cfg (deprecated atm)
[tool:pytest]
flake8-ignore = W191
Loading

0 comments on commit f07e323

Please sign in to comment.