Skip to content

otter-sec/rctf

Repository files navigation

rCTF

Docs CI Release Container

rCTF is a platform for hosting cybersecurity capture-the-flag competitions.

rCTF keeps deployment simple without locking organizers into one set of services. The platform runs as a single bundle, and its major integrations use replaceable providers with a common configuration format. An event can use only what it needs and change providers later without rewriting the platform.

To get started with rCTF, visit the documentation. A live demo is also available for viewing. If you need help with rCTF, start a discussion.


Preview 1 Preview 2
Preview 3 Preview 4

Development

rCTF requires Bun v1.0+.

  1. Install dependencies:

    bun i
  2. Start the development containers:

    docker compose -f compose.dev.yml up -d
  3. Create rctf.d/00-development.yaml and enter the following configuration:

    Open me!
    ctfName: rCTF Development
    meta:
      description: 'Example rCTF instance'
      imageUrl: 'https://example.com'
    homeContent: "A description of your CTF. Markdown supported.\n\n<timer></timer>"
    
    origin: http://127.0.0.1:5173
    divisions:
      open: Open
    tokenKey: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
    startTime: 0
    endTime: 99999999999999
    
    database:
      sql:
        host: 127.0.0.1
        port: 5432
        # host: postgres
        user: rctf
        password: DO_NOT_USE_ME
        database: rctf
      redis:
        host: 127.0.0.1
        port: 6379
        # host: redis
        password: DO_NOT_USE_ME
      migrate: before
    
    # email:
    #   from: es3n1n@es3n1n.eu
    #   provider:
    #     name: 'emails/smtp'
    #     options:
    #       smtpUrl: 'smtp://es3n1n%es3n1n.eu:password@server.com:587'
    
    # ctftime:
    #   clientId: 2288
    #   clientSecret: secret
    
    # instancers:
    #   docker:
    #     name: 'instancers/docker'
    #     options:
    #       authToken: 'changeme!'
    #       apiUrl: 'http://tiny-instancer:1337'
    # defaultInstancer: docker
    
    # captcha:
    #   provider:
    #     name: 'captcha/hcaptcha'
    #     options:
    #       siteKey: 'key'
    #       secretKey: 'secret'
    #   protectedEndpoints:
    #     - register
    #     - recover
    #     - setEmail
    #     - instancerStart
    #     - instancerExtend
    #     - avatarUpload
    #     - adminBotSubmit
    
    # bloodBot:
    #   bloodsCount: 1
    #   destinations:
    #     - provider:
    #         name: 'messages/discord'
    #         options:
    #           url: 'webhook-url'
    #     - provider:
    #         name: 'messages/telegram'
    #         options:
    #           botToken: 'bot-token'
    #           chatId: 1337
    
    # adminBot:
    #   provider:
    #     name: 'admin-bots/rctf-ts'
    #     options:
    #       secretKey: beans
    #       endpoint: 'http://admin-bot:21337'
    
    # avatarsModeration:
    #   provider:
    #     name: 'moderation/openai'
    #     options:
    #         apiKey: 'key'
    
    # globalSiteTag: 'G-1337'
    
    # uploadProvider:
    #   name: 'uploads/gcs'
    #   options:
    #     projectId: project-id
    #     bucketName: bucket-name
    #     credentials:
    #       private_key: |-
    #         key
    #       client_email: me@me.iam.gserviceaccount.com
  4. Start the development server:

    bun dev

    For frontend work, run bun dev:mock to seed the database with a reproducible set of mock teams, challenges, and solves.

About

rCTF is a platform for hosting cybersecurity capture-the-flag competitions.

Topics

Resources

License

Contributing

Security policy

Stars

75 stars

Watchers

1 watching

Forks

Packages

 
 
 

Contributors