Git Product home page Git Product logo

rtb-ctf-framework's Introduction

RootTheBox CTF Framework

Rawsec's CyberSecurity Inventory forthebadge

A lightweight, easy to deploy CTF framework(in Flask) for HackTheBox style machines.
The main purpose of this project is to serve as a scoring engine and CTF manager.

Want to see it in action ?

A live demo of the app is available at: https://rtblivedemo.herokuapp.com/.
You can login and mess around as 2 users: admin:admin and test:test(i.e. username:password combinations)

Features

For Developers & Contributors
  • Flask-blueprints for modularity and clean codebase,
  • Flask-admin for Admin views and easy realtime management,
  • Flask-SQLAlchemy for SQL models,
  • Flask-wtf for forms,
  • Flask-mail for mail service.
For CTF hosters
  • A page to show relevant details about the machine such as name, IP, OS, points and difficulty level.
  • Well implemented controls for administrators providing features such as issuing notifications, database CRUD operations, full fledged logging,
  • Simple User Registration/login process, account management, Forgot password functionalities,
  • Flag submission (currently 2 hashes: user and root),
  • Real time scoreboard tracking,
  • Easily deployable on Heroku.

How To Use

Requirements

  • Python 3.7.3 or atleast > 3.6.
  • Python Packages: src/requirements.txt.
  • OS Packages: PostgreSQL version 11 or greater, libpq-dev, python3-dev packages. Please refer here.

Installation and first run

  1. Git clone the repo and cd into it
$ git clone https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework
$ cd RTB-CTF-Framework/
  1. Create virtual environment to deal with dependencies and requirements.
$ virtualenv -p /usr/bin/python3 venv
$ source venv/bin/activate
$ cd src/
  1. With virtual environment activated, install requirements, init db and run !
[venv]$ pip install -r requirements.txt 
[venv]$ python create_db.py # Only required on first run
[venv]$ python run.py

Deployment using Heroku

  1. Create your heroku app using heroku cli tool.

    Follow the official guide by Heroku: https://devcenter.heroku.com/articles/getting-started-with-python#prepare-the-app

  2. Provision Database add-on.

    Add the following add on to your new app: https://elements.heroku.com/addons/heroku-postgresql

  3. Creating database instance. In your heroku app directory,

    $ heroku run bash
    [heroku]$ python create_db.py
  4. Your app should be live now. You can run heroku open to open it in browser.

For Your CTF

Using this as simple as anything.

  1. Just configure your CTF settings in config.py.

  2. DO NOT FORGET to change admin credentials from create_db.py

  3. See database instance creation steps under How To Use.

Bonus: You can manage the database CRUD operations from admin views GUI as well as issue notifications.

Warning: If you make any change to config.py logging/config class/score settings. It's highly recommended to create a new DB instance.

Contributing

Please see: issues and the below To-do list.

Note: All PRs within the GSSoC'20 period will be merged in the gssoc20-dev branch.

To-do

  • Freeze Scoreboard automatically past running time specified (Issue: #3)
  • Ideas for additional logging techniques to prevent flag sharing, cheating and such. (Issue: #7)
  • Support for n number of boxes (accordions? seperate route?). (Issue: #17)
  • Rating system: Average Box rating - input, calculate, output. (Issue: #14)
  • Adding a Deploy to Heroku button. (Issue: #15)
  • Dark theme for admin control panel. (Issue: #16)
  • Adding CI, Linting, Formatting specs. (Issue: #18)
  • Testing Password reset functionality, the mail-server setup, etc.
  • More info on home.html
  • Support for more hashes per box (not a priority)
  • Need to implement account.html (not a priority)

  • db relationship between User and Score Tables (priority | issue: #5)
  • isAdmin column in User table and Admin views (priority)
  • Notifications
  • Use Flask Blueprints
  • Finalize black theme?
  • Error messages not appearing in /submit
  • Implement machine.html to server a page where one can download/serve machines

Screenshots

rtb-ctf-framework's People

Contributors

eshaan7 avatar mishrasunny174 avatar mostwanted002 avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.