mirror of https://github.com/JohnHammond/CTFd.git
bd4900b896
2.4.0 / 2020-05-04
==================
**General**
* Cache user and team attributes and use those perform certain page operations intead of going to the database for data
* After modifying the user/team attributes you should call the appropriate cache clearing function (clear_user_session/clear_team_session)
* Cache user IPs for the last hour to avoid hitting the database on every authenticated page view
* Update the user IP's last seen value at least every hour or on every non-GET request
* Replace `flask_restplus` with `flask_restx`
* Remove `datafreeze`, `normality`, and `banal` dependencies in favor of in-repo solutions to exporting database
**Admin Panel**
* Add bulk selection and deletion for Users, Teams, Scoreboard, Challenges, Submissions
* Make some Admin tables sortable by table headers
* Create a score distribution graph in the statistics page
* Make instance reset more granular to allow for choosing to reset Accounts, Submissions, Challenges, Pages, and/or Notificatoins
* Properly update challenge visibility after updating challenge
* Show total possible points in Statistics page
* Add searching for Users, Teams, Challenges, Submissions
* Move User IP addresses into a modal
* Move Team IP addresses into a modal
* Show User website in a user page button
* Show Team website in a team page button
* Make the Pages editor use proper HTML syntax highlighting
* Theme header and footer editors now use CodeMirror
* Make default CodeMirror font-size 12px
* Stop storing last action via location hash and switch to using sessionStorage
**Themes**
* Make page selection a select and option instead of having a lot of page links
* Add the JSEnum class to create constants that can be accessed from webpack. Generate constants with `python manage.py build jsenums`
* Add the JinjaEnum class to inject constants into the Jinja environment to access from themes
* Update jQuery to 3.5.0 to resolve potential security issue
* Add some new CSS utilities (`.min-vh-*` and `.opacity-*`)
* Change some rows to have a minimum height so they don't render oddly without data
* Deprecate `.spinner-error` CSS class
* Deprecate accessing the type variable to check user role. Instead you should use `is_admin()`
**Miscellaneous**
* Enable foreign key enforcement for SQLite. Only really matters for the debug server.
* Remove the duplicated `get_config` from `CTFd.models`
* Fix possible email sending issues in Python 3 by using `EmailMessage`
* Dont set User type in the user side session. Instead it should be set in the new user attributes
* Fix flask-profiler and bump dependency to 1.8.1
* Switch to using the `Faker` library for `populate.py` instead of hardcoded data
* Add a `yarn lint` command to run eslint on JS files
* Always insert the current CTFd version at the end of the import process
* Fix issue where files could not be downloaded on Windows
|
||
|---|---|---|
| .github | ||
| CTFd | ||
| docs | ||
| migrations | ||
| scripts | ||
| tests | ||
| .codecov.yml | ||
| .dockerignore | ||
| .eslintrc.js | ||
| .flaskenv | ||
| .gitignore | ||
| .prettierignore | ||
| .travis.yml | ||
| CHANGELOG.md | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| Vagrantfile | ||
| development.txt | ||
| docker-compose.yml | ||
| docker-entrypoint.sh | ||
| export.py | ||
| import.py | ||
| manage.py | ||
| package.json | ||
| populate.py | ||
| prepare.sh | ||
| requirements.txt | ||
| serve.py | ||
| setup.cfg | ||
| webpack.config.js | ||
| wsgi.py | ||
| yarn.lock | ||
README.md
What is CTFd?
CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's easy to customize with plugins and themes.
Features
- Create your own challenges, categories, hints, and flags from the Admin Interface
- Dynamic Scoring Challenges
- Unlockable challenge support
- Challenge plugin architecture to create your own custom challenges
- Static & Regex based flags
- Custom flag plugins
- Unlockable hints
- File uploads to the server or an Amazon S3-compatible backend
- Limit challenge attempts & hide challenges
- Automatic bruteforce protection
- Individual and Team based competitions
- Have users play on their own or form teams to play together
- Scoreboard with automatic tie resolution
- Hide Scores from the public
- Freeze Scores at a specific time
- Scoregraphs comparing the top 10 teams and team progress graphs
- Markdown content management system
- SMTP + Mailgun email support
- Email confirmation support
- Forgot password support
- Automatic competition starting and ending
- Team management, hiding, and banning
- Customize everything using the plugin and theme interfaces
- Importing and Exporting of CTF data for archival
- And a lot more...
Install
- Install dependencies:
pip install -r requirements.txt- You can also use the
prepare.shscript to install system dependencies using apt.
- You can also use the
- Modify CTFd/config.py to your liking.
- Use
flask runin a terminal to drop into debug mode.
You can use the auto-generated Docker images with the following command:
docker run -p 8000:8000 -it ctfd/ctfd
Or you can use Docker Compose with the following command from the source repository:
docker-compose up
Check out the wiki for deployment options and the Getting Started guide
Live Demo
Support
To get basic support, you can join the MajorLeagueCyber Community:
If you prefer commercial support or have a special project, feel free to contact us.
Managed Hosting
Looking to use CTFd but don't want to deal with managing infrastructure? Check out the CTFd website for managed CTFd deployments.
MajorLeagueCyber
CTFd is heavily integrated with MajorLeagueCyber. MajorLeagueCyber (MLC) is a CTF stats tracker that provides event scheduling, team tracking, and single sign on for events.
By registering your CTF event with MajorLeagueCyber users can automatically login, track their individual and team scores, submit writeups, and get notifications of important events.
To integrate with MajorLeagueCyber, simply register an account, create an event, and install the client ID and client secret in the relevant portion in CTFd/config.py or in the admin panel:
OAUTH_CLIENT_ID = None
OAUTH_CLIENT_SECRET = None
Credits
- Logo by Laura Barbera
- Theme by Christopher Thompson
- Notification Sound by Terrence Martin