Skip to main content

A terminal-based CTF (Capture The Flag) engine with CLI and TUI interfaces for cybersecurity training

Project description

CTF Terminal ๐Ÿšฉ

ctf-term - A production-ready, cross-platform terminal CTF engine with both CLI and TUI interfaces. Features local SQLite storage, importable challenge packs (YAML), salted-hash flag verification, hint penalties, and live leaderboards.

Created by: Sherin Joseph Roy โ€ข Co-Founder & Head of Products at DeepMost AI

Features

  • ๐ŸŽฏ Clean CLI with all essential CTF commands
  • ๐Ÿ–ฅ๏ธ Beautiful TUI built with Textual for keyboard-first navigation
  • ๐Ÿ”’ Secure flag verification using SHA256 salted hashes
  • ๐Ÿ“ฆ Pack System - import challenges from YAML files
  • ๐Ÿ† Advanced Leaderboard with hint penalties and first blood bonuses
  • ๐Ÿฉธ First Blood - 10% bonus points for being the first solver
  • ๐Ÿ’พ Local Storage - SQLite database with proper indexes
  • ๐ŸŽจ Rich Output - beautiful terminal tables and formatting
  • ๐ŸŒ— Themes - dark and light modes (TUI)
  • โšก Fast - optimized for low-end machines
  • ๐Ÿงช Tested - comprehensive test suite
  • ๐Ÿ“Š Challenge Stats - tracking solves, hints, and performance

Quick Start

Installation

pipx install ctf-term

Or from source:

git clone <repo>
cd ctf-term
pipx install .

CLI Usage

# Initialize the app
ctf init

# Import a challenge pack
ctf import-pack ~/.ctf/packs/sample.yml

# List challenges
ctf list
ctf list --category crypto

# Show challenge details
ctf show rot13-hello

# Get a hint (view-only, no penalty yet)
ctf hint alice rot13-hello

# Submit a flag
ctf submit alice rot13-hello flag{flap}

# View leaderboard
ctf scoreboard

# Generate flag hash for pack authors
ctf make-flag-hash "flag{example}" "salt"

TUI Usage

# Launch the interactive TUI
ctf tui

Keyboard Shortcuts:

  • ? / F1 - Help
  • / - Search challenges
  • c - Filter by category
  • u - Switch/create user
  • Enter - Open challenge
  • s - Submit flag
  • h - Show hint
  • g - Go to scoreboard
  • t - Toggle theme
  • Esc - Go back / Close dialogs
  • q - Quit

Pack Authoring

YAML Schema

pack: My CTF Pack
version: 1
challenges:
  - id: unique-challenge-id
    title: Challenge Title
    category: crypto  # crypto, pwn, web, forensics, misc
    description: |
      This is the challenge description.
      Can be multi-line markdown.
    points: 100
    salt: "unique-salt-per-challenge"
    flag_hash: "sha256(salt:flag)"
    hint: "Optional hint text"
    hint_penalty: 20

Creating Flag Hashes

# Method 1: Use the CLI tool
ctf make-flag-hash "flag{my_flag}" "my_salt"

# Method 2: Manual calculation
python3 -c "import hashlib; print(hashlib.sha256(b'my_salt:flag{my_flag}').hexdigest())"

Development Mode

For local testing, you can use flag_plain which will be automatically hashed:

challenges:
  - id: test-challenge
    title: Test Challenge
    category: misc
    description: "Test description"
    points: 50
    salt: "s1"
    flag_plain: "flag{test}"  # Dev only - never commit this!
    hint: "This is a hint"
    hint_penalty: 10

โš ๏ธ Warning: Never commit packs with flag_plain to version control!

Project Structure

ctf-term/
โ”œโ”€โ”€ src/ctfterm/
โ”‚   โ”œโ”€โ”€ __init__.py
โ”‚   โ”œโ”€โ”€ cli.py              # CLI commands
โ”‚   โ”œโ”€โ”€ db.py               # Database operations
โ”‚   โ”œโ”€โ”€ model.py            # Data models
โ”‚   โ”œโ”€โ”€ packs.py            # Pack import/export
โ”‚   โ”œโ”€โ”€ security.py         # Flag verification
โ”‚   โ”œโ”€โ”€ paths.py            # Path resolution
โ”‚   โ”œโ”€โ”€ settings.py         # Settings management
โ”‚   โ”œโ”€โ”€ __main__.py         # Python module entrypoint
โ”‚   โ”œโ”€โ”€ tui/                # TUI implementation
โ”‚   โ”‚   โ”œโ”€โ”€ app.py
โ”‚   โ”‚   โ”œโ”€โ”€ router.py
โ”‚   โ”‚   โ”œโ”€โ”€ styles.tcss
โ”‚   โ”‚   โ”œโ”€โ”€ views/
โ”‚   โ”‚   โ””โ”€โ”€ widgets/
โ”‚   โ””โ”€โ”€ services/           # Business logic
โ”‚       โ”œโ”€โ”€ challenges.py
โ”‚       โ”œโ”€โ”€ users.py
โ”‚       โ”œโ”€โ”€ scoreboard.py
โ”‚       โ””โ”€โ”€ flags.py
โ”œโ”€โ”€ tests/                  # Test suite
โ”œโ”€โ”€ examples/               # Sample packs
โ””โ”€โ”€ pyproject.toml

Security

  • Flags are never stored in plaintext
  • Verification uses SHA256(salt:flag) only
  • Database stores salt and flag_hash
  • No network calls - completely offline
  • No dynamic code execution

Development

Setup

git clone <repo>
cd ctf-term
python -m venv venv
source venv/bin/activate  # Windows: venv\Scripts\activate
pip install -e ".[dev]"

Running Tests

pytest
pytest --cov=src/ctfterm --cov-report=html

Code Formatting

ruff check src/ tests/
black src/ tests/

Author & Credits

Sherin Joseph Roy

Co-Founder & Head of Products at DeepMost AI

Sherin is an AI entrepreneur and product leader specializing in enterprise AI systems that connect data, automation, and intelligence. With expertise in scalable, human-centered AI solutions, he focuses on bridging research and application to solve real-world challenges.

Connect & Learn More

About DeepMost AI

DeepMost AI builds enterprise AI systems that help organizations think, decide, and grow through intelligent automation and data-driven solutions.

License

MIT License - see LICENSE file

Contributing

Contributions welcome! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Add tests for new features
  4. Ensure all tests pass
  5. Submit a pull request

Acknowledgments

Built with:

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ctf_term-0.1.0.tar.gz (27.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ctf_term-0.1.0-py3-none-any.whl (26.0 kB view details)

Uploaded Python 3

File details

Details for the file ctf_term-0.1.0.tar.gz.

File metadata

  • Download URL: ctf_term-0.1.0.tar.gz
  • Upload date:
  • Size: 27.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.12.1.2 readme-renderer/44.0 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.7 tqdm/4.67.1 importlib-metadata/8.7.0 keyring/25.6.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.12.3

File hashes

Hashes for ctf_term-0.1.0.tar.gz
Algorithm Hash digest
SHA256 6c5ec40c80fbf620cae53b849c4ba20aa007643e53cb9985d489cb501fe6b7d3
MD5 20702eb1e8b9893c3b45bd67d528b718
BLAKE2b-256 f96f1e58029e14756d49fde3009e83cacff5a9eb024582619af8709b0369e216

See more details on using hashes here.

File details

Details for the file ctf_term-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: ctf_term-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 26.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.12.1.2 readme-renderer/44.0 requests/2.31.0 requests-toolbelt/1.0.0 urllib3/2.0.7 tqdm/4.67.1 importlib-metadata/8.7.0 keyring/25.6.0 rfc3986/2.0.0 colorama/0.4.6 CPython/3.12.3

File hashes

Hashes for ctf_term-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 74bd219cda0259055b06c475b699bde8f4c7a97e133ef56b6510b7d08a7eb405
MD5 8faccdd77f285e897f23d508d87df81a
BLAKE2b-256 609fb84cdaaf1bdcb7639d8daad74178095e7ddc22ea867f9e658927329dc6a1

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page