Tool for creating and running Capture The Flag competitions
Project description
ctfcli
ctfcli is a tool to manage Capture The Flag events and challenges.
ctfcli
provides challenge specifications and templates to make it easier to generate challenges of different categories. It also provides an integration with the CTFd REST API to allow for command line uploading of challenges and integration with CI/CD build systems.
ctfcli
features tab completion, a REPL interface (thanks to Python-Fire) and plugin support for custom commands.
WIP: ctfcli is an alpha project and changes will happen. Be sure to pin versions and read the CHANGELOG when updating.
Installation and Usage
ctfcli can be installed with pip install ctfcli
1. Create an Event
ctfcli turns the current folder into a CTF event git repo. It asks for the base url of the CTFd instance you're working with and an access token.
❯ ctf init
Please enter CTFd instance URL: https://demo.ctfd.io
Please enter CTFd Admin Access Token: d41d8cd98f00b204e9800998ecf8427e
Do you want to continue with https://demo.ctfd.io and d41d8cd98f00b204e9800998ecf8427e [y/N]: y
Initialized empty Git repository in /Users/user/Downloads/event/.git/
This will create the .ctf
folder with the config
file that will specify the URL, access token, and keep a record of all the challenges dedicated for this event.
2. Add challenges
Events are made up of challenges. Challenges can be made from a subdirectory or pulled from another repository. Remote challenges are pulled into the event repo and a reference is kept in the .ctf/config
file.
❯ ctf challenge add [REPO | FOLDER]
❯ ctf challenge add crypto/stuff
❯ ctf challenge add https://github.com/challenge.git
challenge
Cloning into 'challenge'...
remote: Enumerating objects: 624, done.
remote: Counting objects: 100% (624/624), done.
remote: Compressing objects: 100% (540/540), done.
remote: Total 624 (delta 109), reused 335 (delta 45), pack-reused 0
Receiving objects: 100% (624/624), 6.49 MiB | 21.31 MiB/s, done.
Resolving deltas: 100% (109/109), done.
3. Install challenges
Installing a challenge will automatically create the challenge in your CTFd instance using the API.
❯ ctf challenge install [challenge.yml | DIRECTORY]
❯ ctf challenge install buffer_overflow
Found buffer_overflow/challenge.yml
Loaded buffer_overflow
Installing buffer_overflow
Success!
4. Update challenges
Syncing a challenge will automatically update the challenge in your CTFd instance using the API. Any changes made in the challenge.yml
file will be reflected in your instance.
❯ ctf challenge sync [challenge.yml | DIRECTORY]
❯ ctf challenge sync buffer_overflow
Found buffer_overflow/challenge.yml
Loaded buffer_overflow
Syncing buffer_overflow
Success!
The additional flag, --ctfd-name [NAME]
can be passed to optionally sync to a challenge with a different-name in CTFd.
5. Verify & pull challenges
If, at any point, changes may have been made to a challenge through the CTFd UI by an admin. To verify that your challenge.yml file matches remote contents, you can use:
❯ ctf challenge verify [challenge.yml | DIRECTORY] [--verify-files] [--verify-defaults]
If the --verify-files
flag is set, challenge files will be downloaded and the binary files will be compared.
If the --verify-defaults
flag is set, challenge files will be verified to make sure they include default optional keys present on CTFd.
If you want to pull down the latest version of the challenge, and its challenge files, you can use:
❯ ctf challenge verify [challenge.yml | DIRECTORY] [--update_files] [--create-files] [--create_defaults]
If the --update_files
flag is set, the latest version of every file will be redownloaded from CTFd.
If the --create-files
flag is set, any new files added to through the CTFd UI will be downloaded to the same directory as the challenge.yml
file.
If the --create-defaults
flag is set, any optional default values will be added to the challenge.yml
.
This is a destructive action! It will overwrite the local version of challenge.yml
with the version on CTFd!
Challenge Templates
ctfcli
contains pre-made challenge templates to make it faster to create CTF challenges with safe defaults.
ctf challenge new
├── binary
├── crypto
├── programming
└── web
❯ ctf challenge new binary
/Users/user/.virtualenvs/ctfcli/lib/python3.7/site-packages/ctfcli-0.0.1-py3.7.egg/ctfcli/templates/binary/default
name [Hello]: buffer_overflow
❯ ls -1 buffer_overflow
Makefile
README.md
WRITEUP.md
challenge.yml
dist/
src/
Contributions welcome on improving the challenge templates to make CTF challenges better for everyone!
Challenge Specification
ctfcli
provides a challenge specification (challenge.yml
) that outlines the major details of a challenge.
Every challenge generated by or processed by ctfcli
should have a challenge.yml
file.
The specification format has already been tested and used with CTFd in production events but comments, suggestions, and PRs are welcome on the format of challenge.yml
.
Plugins
ctfcli
plugins are essentially additions to to the command line interface via dynamic class modifications. See the plugin documentation page for a simple example.
ctfcli
is an alpha project! The plugin interface is likely to change!
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file reteps-ctfcli-0.0.12.tar.gz
.
File metadata
- Download URL: reteps-ctfcli-0.0.12.tar.gz
- Upload date:
- Size: 32.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.10.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 81b7ecca2565ed4367a56dc7aa67e085c0135eb57e8ad26f2c6208444bdace16 |
|
MD5 | 5f2c3749354bd69d09a9602297a0929c |
|
BLAKE2b-256 | 43d451e65837ab30469378351a1ecbe7dfaf8b14b00a76d24c507304bdaaade1 |
File details
Details for the file reteps_ctfcli-0.0.12-py3-none-any.whl
.
File metadata
- Download URL: reteps_ctfcli-0.0.12-py3-none-any.whl
- Upload date:
- Size: 53.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.10.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e13ae17e4ae17fff21364ca52830a191d1a6febc668d4dc77f2084bbf3e29567 |
|
MD5 | b8b4335adcb6204cb60e24d9d264b375 |
|
BLAKE2b-256 | 6e42298c892ba112e0453f583f677f37950c0c44d2a0077793e0949946fbb58c |