A terminal-based CTF (Capture The Flag) engine with CLI and TUI interfaces for cybersecurity training
Project description
CTF Terminal ๐ฉ
ctf-term - A production-ready, cross-platform terminal CTF engine with both CLI and TUI interfaces. Features local SQLite storage, importable challenge packs (YAML), salted-hash flag verification, hint penalties, and live leaderboards.
Created by: Sherin Joseph Roy โข Co-Founder & Head of Products at DeepMost AI
Features
- ๐ฏ Clean CLI with all essential CTF commands
- ๐ฅ๏ธ Beautiful TUI built with Textual for keyboard-first navigation
- ๐ Secure flag verification using SHA256 salted hashes
- ๐ฆ Pack System - import challenges from YAML files
- ๐ Advanced Leaderboard with hint penalties and first blood bonuses
- ๐ฉธ First Blood - 10% bonus points for being the first solver
- ๐พ Local Storage - SQLite database with proper indexes
- ๐จ Rich Output - beautiful terminal tables and formatting
- ๐ Themes - dark and light modes (TUI)
- โก Fast - optimized for low-end machines
- ๐งช Tested - comprehensive test suite
- ๐ Challenge Stats - tracking solves, hints, and performance
Quick Start
Installation
pipx install ctf-term
Or from source:
git clone <repo>
cd ctf-term
pipx install .
CLI Usage
# Initialize the app
ctf init
# Import a challenge pack
ctf import-pack ~/.ctf/packs/sample.yml
# List challenges
ctf list
ctf list --category crypto
# Show challenge details
ctf show rot13-hello
# Get a hint (view-only, no penalty yet)
ctf hint alice rot13-hello
# Submit a flag
ctf submit alice rot13-hello flag{flap}
# View leaderboard
ctf scoreboard
# Generate flag hash for pack authors
ctf make-flag-hash "flag{example}" "salt"
TUI Usage
# Launch the interactive TUI
ctf tui
Keyboard Shortcuts:
?/F1- Help/- Search challengesc- Filter by categoryu- Switch/create userEnter- Open challenges- Submit flagh- Show hintg- Go to scoreboardt- Toggle themeEsc- Go back / Close dialogsq- Quit
Pack Authoring
YAML Schema
pack: My CTF Pack
version: 1
challenges:
- id: unique-challenge-id
title: Challenge Title
category: crypto # crypto, pwn, web, forensics, misc
description: |
This is the challenge description.
Can be multi-line markdown.
points: 100
salt: "unique-salt-per-challenge"
flag_hash: "sha256(salt:flag)"
hint: "Optional hint text"
hint_penalty: 20
Creating Flag Hashes
# Method 1: Use the CLI tool
ctf make-flag-hash "flag{my_flag}" "my_salt"
# Method 2: Manual calculation
python3 -c "import hashlib; print(hashlib.sha256(b'my_salt:flag{my_flag}').hexdigest())"
Development Mode
For local testing, you can use flag_plain which will be automatically hashed:
challenges:
- id: test-challenge
title: Test Challenge
category: misc
description: "Test description"
points: 50
salt: "s1"
flag_plain: "flag{test}" # Dev only - never commit this!
hint: "This is a hint"
hint_penalty: 10
โ ๏ธ Warning: Never commit packs with flag_plain to version control!
Project Structure
ctf-term/
โโโ src/ctfterm/
โ โโโ __init__.py
โ โโโ cli.py # CLI commands
โ โโโ db.py # Database operations
โ โโโ model.py # Data models
โ โโโ packs.py # Pack import/export
โ โโโ security.py # Flag verification
โ โโโ paths.py # Path resolution
โ โโโ settings.py # Settings management
โ โโโ __main__.py # Python module entrypoint
โ โโโ tui/ # TUI implementation
โ โ โโโ app.py
โ โ โโโ router.py
โ โ โโโ styles.tcss
โ โ โโโ views/
โ โ โโโ widgets/
โ โโโ services/ # Business logic
โ โโโ challenges.py
โ โโโ users.py
โ โโโ scoreboard.py
โ โโโ flags.py
โโโ tests/ # Test suite
โโโ examples/ # Sample packs
โโโ pyproject.toml
Security
- Flags are never stored in plaintext
- Verification uses
SHA256(salt:flag)only - Database stores
saltandflag_hash - No network calls - completely offline
- No dynamic code execution
Development
Setup
git clone <repo>
cd ctf-term
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -e ".[dev]"
Running Tests
pytest
pytest --cov=src/ctfterm --cov-report=html
Code Formatting
ruff check src/ tests/
black src/ tests/
Author & Credits
Sherin Joseph Roy
Co-Founder & Head of Products at DeepMost AI
Sherin is an AI entrepreneur and product leader specializing in enterprise AI systems that connect data, automation, and intelligence. With expertise in scalable, human-centered AI solutions, he focuses on bridging research and application to solve real-world challenges.
Connect & Learn More
- ๐ Portfolio: sherinjosephroy.link
- ๐ผ LinkedIn: linkedin.com/in/sherin-roy-deepmost
- ๐ฆ X (Twitter): @SherinSEF
- ๐ Mastodon: @sherinjoesphroy
- ๐ป GitHub: github.com/Sherin-SEF-AI
- ๐ง Contact: sherinjosephroy.link/contact
About DeepMost AI
DeepMost AI builds enterprise AI systems that help organizations think, decide, and grow through intelligent automation and data-driven solutions.
License
MIT License - see LICENSE file
Contributing
Contributions welcome! Please:
- Fork the repository
- Create a feature branch
- Add tests for new features
- Ensure all tests pass
- Submit a pull request
Acknowledgments
Built with:
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ctf_term-0.1.0.tar.gz.
File metadata
- Download URL: ctf_term-0.1.0.tar.gz
- Upload date:
- Size: 27.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.12.1.2 readme-renderer/44.0 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.7 tqdm/4.67.1 importlib-metadata/8.7.0 keyring/25.6.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6c5ec40c80fbf620cae53b849c4ba20aa007643e53cb9985d489cb501fe6b7d3
|
|
| MD5 |
20702eb1e8b9893c3b45bd67d528b718
|
|
| BLAKE2b-256 |
f96f1e58029e14756d49fde3009e83cacff5a9eb024582619af8709b0369e216
|
File details
Details for the file ctf_term-0.1.0-py3-none-any.whl.
File metadata
- Download URL: ctf_term-0.1.0-py3-none-any.whl
- Upload date:
- Size: 26.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.12.1.2 readme-renderer/44.0 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.7 tqdm/4.67.1 importlib-metadata/8.7.0 keyring/25.6.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
74bd219cda0259055b06c475b699bde8f4c7a97e133ef56b6510b7d08a7eb405
|
|
| MD5 |
8faccdd77f285e897f23d508d87df81a
|
|
| BLAKE2b-256 |
609fb84cdaaf1bdcb7639d8daad74178095e7ddc22ea867f9e658927329dc6a1
|