A lightweight, easy to deploy CTF framework (in Flask) for HackTheBox style machines.
The main purpose of this project is to serve as a scoring engine and CTF manager.
Want to see it in action?
A live demo of the app is available at: https://rtblivedemo.herokuapp.com/.
You can login and mess around as the admin user admin:admin (i.e. username:password combinations) or register your own.
- Machines listing with fields: name, IP, OS, points and difficulty level.
- Challenges listing with fields: title, description, URL, points.
- Totally configurable settings such running time, organization details, CTF name.
- Automatic strong password for administrator
- Well implemented controls for administrators providing features such as issuing notifications, database CRUD operations, full fledged logging,
- Simple User Registration/login process, account management, Forgot password functionalities,
- Flag submission (currently 2 flags: user and root),
- Real time scoreboard tracking,
- Efficient caching so it's fast
- Easily deployable on Heroku.
Please see INSTALLATION.md.
-
Sign up on Heroku, if you haven't already and click on the below "Deploy to Heroku" button.
-
Give your application an awesome name and optionally specify mail environment variables.
Note: A psuedo-random password for the admin user would be created and set in the config variable
ADMIN_PASS. On Heroku, you can reveal this password from your application's dashboard settings. Same for the Flask application'sSECRET_KEY. -
Open your newly deployed application in the browser, you'll be redirected to login as the
adminuser and do so. -
Finally, you'll want to
/setupthe CTF Settings and,
Bonus: You can manage the database CRUD operations from admin views GUI; change machine settings, issue notifications to users, etc.
For further guidelines, Please refer to CONTRIBUTING.md
Live Demo: https://rtblivedemo.herokuapp.com/ (login with admin:admin)