Mellivora is a CTF engine written in PHP. Want a quick overview? Check out a screenshot gallery on imgur.
- LAMP: PHP 5.5.9+, MySQL 5.5+, Apache 2.2+. Will likely work with other configurations but this is untested.
- Composer dependency manager for PHP.
- Arbitrary categories and challenges.
- Scoreboard with optional multiple team types.
- Manual or automatic free-text submission marking.
- Challenge hints.
- Team progress page.
- Challenge overview page.
- Limit category and challenge exposure to certain times.
- Challenge reveal on parent challenge solve (by any team).
- Optional signup restrictions based on email regex.
- Local or Amazon S3 challenge file upload.
- Optional automatic MD5 append to files.
- Admin management console with competition overview.
- Create/edit front page news.
- Arbitrary menu items and internal pages.
- Optional total number and time-based submission throttling.
- User management with IP correlation.
- Internal log for catching exceptions.
- reCAPTCHA support.
- User-defined or auto-generated passwords on signup.
- User/Email/IP search.
- Configurable caching.
- Caching proxy (like Cloudflare) aware (optional x-forwarded-for trust).
- Optional separate domain for static files.
- Segment analytics support.
- SMTP email support. Bulk or single email composition.
- TOTP two factor auth support.
- CTF Time compatible JSON scoreboard.
- Self-serve and admin password reset.
- and more ...
Mellivora scales well on Amazon Elastic Beanstalk and has support for S3 file storage.
Mellivora is lightweight. And fast. Very fast. Want to run a large competition on an EC2 micro instance? No problem!? See benchmarks.md for some possibly unhelpful benchmarks.
You can find detailed setup instructions in install/README.md.
PRs gladly accepted. Test using Codeception.
This software is licenced under the GNU General Public License v3 (GPL-3). The "include/thirdparty/" directory contains third party code. Please read their LICENSE files for information on the software availability and distribution.