mirror of https://github.com/JohnHammond/CTFd.git
b8d0f80d01
2.2.0 / 2019-12-22
==================
## Notice
2.2.0 focuses on updating the front end of CTFd to use more modern programming practices and changes some aspects of core CTFd design. If your current installation is using a custom theme or custom plugin with ***any*** kind of JavaScript, it is likely that you will need to upgrade that theme/plugin to be useable with v2.2.0.
**General**
* Team size limits can now be enforced from the configuration panel
* Access tokens functionality for API usage
* Admins can now choose how to deliver their notifications
* Toast (new default)
* Alert
* Background
* Sound On / Sound Off
* There is now a notification counter showing how many unread notifications were received
* Setup has been redesigned to have multiple steps
* Added Description
* Added Start time and End time,
* Added MajorLeagueCyber integration
* Added Theme and color selection
* Fixes issue where updating dynamic challenges could change the value to an incorrect value
* Properly use a less restrictive regex to validate email addresses
* Bump Python dependencies to latest working versions
* Admins can now give awards to team members from the team's admin panel page
**API**
* Team member removals (`DELETE /api/v1/teams/[team_id]/members`) from the admin panel will now delete the removed members's Submissions, Awards, Unlocks
**Admin Panel**
* Admins can now user a color input box to specify a theme color which is injected as part of the CSS configuration. Theme developers can use this CSS value to change colors and styles accordingly.
* Challenge updates will now alert you if the challenge doesn't have a flag
* Challenge entry now allows you to upload files and enter simple flags from the initial challenge creation page
**Themes**
* Significant JavaScript and CSS rewrite to use ES6, Webpack, yarn, and babel
* Theme asset specially generated URLs
* Static theme assets are now loaded with either .dev.extension or .min.extension depending on production or development (i.e. debug server)
* Static theme assets are also given a `d` GET parameter that changes per server start. Used to bust browser caches.
* Use `defer` for script tags to not block page rendering
* Only show the MajorLeagueCyber button if configured in configuration
* The admin panel now links to https://help.ctfd.io/ in the top right
* Create an `ezToast()` function to use [Bootstrap's toasts](https://getbootstrap.com/docs/4.3/components/toasts/)
* The user-facing navbar now features icons
* Awards shown on a user's profile can now have award icons
* The default MarkdownIt render created by CTFd will now open links in new tabs
* Country flags can now be shown on the user pages
**Deployment**
* Switch `Dockerfile` from `python:2.7-alpine` to `python:3.7-alpine`
* Add `SERVER_SENT_EVENTS` config value to control whether Notifications are enabled
* Challenge ID is now recorded in the submission log
**Plugins**
* Add an endpoint parameter to `register_plugin_assets_directory()` and `register_plugin_asset()` to control what endpoint Flask uses for the added route
**Miscellaneous**
* `CTFd.utils.email.sendmail()` now allows the caller to specify subject as an argument
* The subject allows for injecting custom variable via the new `CTFd.utils.formatters.safe_format()` function
* Admin user information is now error checked during setup
* Added yarn to the toolchain and the yarn dev, yarn build, yarn verify, and yarn clean scripts
* Prevent old CTFd imports from being imported
|
||
|---|---|---|
| .github | ||
| CTFd | ||
| docs | ||
| migrations | ||
| scripts | ||
| tests | ||
| .codecov.yml | ||
| .dockerignore | ||
| .flaskenv | ||
| .gitignore | ||
| .prettierignore | ||
| .travis.yml | ||
| CHANGELOG.md | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| Vagrantfile | ||
| development.txt | ||
| docker-compose.yml | ||
| docker-entrypoint.sh | ||
| export.py | ||
| import.py | ||
| manage.py | ||
| package.json | ||
| populate.py | ||
| prepare.sh | ||
| requirements.txt | ||
| serve.py | ||
| setup.cfg | ||
| webpack.config.js | ||
| wsgi.py | ||
| yarn.lock | ||
README.md
What is CTFd?
CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's easy to customize with plugins and themes.
Features
- Create your own challenges, categories, hints, and flags from the Admin Interface
- Dynamic Scoring Challenges
- Unlockable challenge support
- Challenge plugin architecture to create your own custom challenges
- Static & Regex based flags
- Custom flag plugins
- Unlockable hints
- File uploads to the server or an Amazon S3-compatible backend
- Limit challenge attempts & hide challenges
- Automatic bruteforce protection
- Individual and Team based competitions
- Have users play on their own or form teams to play together
- Scoreboard with automatic tie resolution
- Hide Scores from the public
- Freeze Scores at a specific time
- Scoregraphs comparing the top 10 teams and team progress graphs
- Markdown content management system
- SMTP + Mailgun email support
- Email confirmation support
- Forgot password support
- Automatic competition starting and ending
- Team management, hiding, and banning
- Customize everything using the plugin and theme interfaces
- Importing and Exporting of CTF data for archival
- And a lot more...
Install
- Install dependencies:
pip install -r requirements.txt- You can also use the
prepare.shscript to install system dependencies using apt.
- You can also use the
- Modify CTFd/config.py to your liking.
- Use
flask runin a terminal to drop into debug mode.
You can use the auto-generated Docker images with the following command:
docker run -p 8000:8000 -it ctfd/ctfd
Or you can use Docker Compose with the following command from the source repository:
docker-compose up
Check out the wiki for deployment options and the Getting Started guide
Live Demo
Support
To get basic support, you can join the CTFd Slack Community:
If you prefer commercial support or have a special project, feel free to contact us.
Managed Hosting
Looking to use CTFd but don't want to deal with managing infrastructure? Check out the CTFd website for managed CTFd deployments.
MajorLeagueCyber
CTFd is heavily integrated with MajorLeagueCyber. MajorLeagueCyber (MLC) is a CTF stats tracker that provides event scheduling, team tracking, and single sign on for events.
By registering your CTF event with MajorLeagueCyber users can automatically login, track their individual and team scores, submit writeups, and get notifications of important events.
To integrate with MajorLeagueCyber, simply register an account, create an event, and install the client ID and client secret in the relevant portion in CTFd/config.py or in the admin panel:
OAUTH_CLIENT_ID = None
OAUTH_CLIENT_SECRET = None
Credits
- Logo by Laura Barbera
- Theme by Christopher Thompson
- Notification Sound by Terrence Martin