rCTF is a platform for hosting cybersecurity capture-the-flag competitions.
rCTF keeps deployment simple without locking organizers into one set of services. The platform runs as a single bundle, and its major integrations use replaceable providers with a common configuration format. An event can use only what it needs and change providers later without rewriting the platform.
To get started with rCTF, visit the documentation. A live demo is also available for viewing. If you need help with rCTF, start a discussion.
![]() |
![]() |
|---|---|
![]() |
![]() |
rCTF requires Bun v1.0+.
-
Install dependencies:
bun i
-
Start the development containers:
docker compose -f compose.dev.yml up -d
-
Create
rctf.d/00-development.yamland enter the following configuration:Open me!
ctfName: rCTF Development meta: description: 'Example rCTF instance' imageUrl: 'https://example.com' homeContent: "A description of your CTF. Markdown supported.\n\n<timer></timer>" origin: http://127.0.0.1:5173 divisions: open: Open tokenKey: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= startTime: 0 endTime: 99999999999999 database: sql: host: 127.0.0.1 port: 5432 # host: postgres user: rctf password: DO_NOT_USE_ME database: rctf redis: host: 127.0.0.1 port: 6379 # host: redis password: DO_NOT_USE_ME migrate: before # email: # from: es3n1n@es3n1n.eu # provider: # name: 'emails/smtp' # options: # smtpUrl: 'smtp://es3n1n%es3n1n.eu:password@server.com:587' # ctftime: # clientId: 2288 # clientSecret: secret # instancers: # docker: # name: 'instancers/docker' # options: # authToken: 'changeme!' # apiUrl: 'http://tiny-instancer:1337' # defaultInstancer: docker # captcha: # provider: # name: 'captcha/hcaptcha' # options: # siteKey: 'key' # secretKey: 'secret' # protectedEndpoints: # - register # - recover # - setEmail # - instancerStart # - instancerExtend # - avatarUpload # - adminBotSubmit # bloodBot: # bloodsCount: 1 # destinations: # - provider: # name: 'messages/discord' # options: # url: 'webhook-url' # - provider: # name: 'messages/telegram' # options: # botToken: 'bot-token' # chatId: 1337 # adminBot: # provider: # name: 'admin-bots/rctf-ts' # options: # secretKey: beans # endpoint: 'http://admin-bot:21337' # avatarsModeration: # provider: # name: 'moderation/openai' # options: # apiKey: 'key' # globalSiteTag: 'G-1337' # uploadProvider: # name: 'uploads/gcs' # options: # projectId: project-id # bucketName: bucket-name # credentials: # private_key: |- # key # client_email: me@me.iam.gserviceaccount.com
-
Start the development server:
bun dev
For frontend work, run
bun dev:mockto seed the database with a reproducible set of mock teams, challenges, and solves.



