/mellivora

Mellivora is a CTF engine written in PHP

Primary LanguagePHPGNU General Public License v3.0GPL-3.0

Mellivora

Mellivora is a CTF engine written in PHP. Want a quick overview? Check out a screenshot gallery on imgur. Want a quick start? Use Mellivora with Docker.

Mellivora logo

Features

  • Arbitrary categories and challenges.
  • Scoreboard with optional multiple team types.
  • Manual or automatic free-text submission marking.
  • Challenge hints.
  • Team progress page.
  • Challenge overview page.
  • Limit category and challenge exposure to certain times.
  • Challenge reveal on parent challenge solve (by any team).
  • Optional signup restrictions based on email regex.
  • Local or Amazon S3 challenge file upload.
  • Optional automatic MD5 append to files.
  • Admin management console with competition overview.
  • Create/edit front page news.
  • Arbitrary menu items and internal pages.
  • Optional total number and time-based submission throttling.
  • User management with IP correlation.
  • Internal log for catching exceptions.
  • reCAPTCHA support.
  • User-defined or auto-generated passwords on signup.
  • User/Email/IP search.
  • Configurable caching.
  • Caching proxy (like Cloudflare) aware (optional x-forwarded-for trust).
  • Optional separate domain for static files.
  • Segment analytics support.
  • SMTP email support. Bulk or single email composition.
  • TOTP two factor auth support.
  • CTF Time compatible JSON scoreboard.
  • Self-serve and admin password reset.
  • and more ...

Scaling

Mellivora scales well on Amazon Elastic Beanstalk and has support for S3 file storage.

Performance

Mellivora is lightweight. And fast. Very fast. Want to run a large competition on an EC2 micro instance? No problem!? See benchmarks.md for some possibly unhelpful benchmarks.

Installation

Development

Build Status

PRs gladly accepted. Test using Codeception. Read more about testing here.

License

This software is licenced under the GNU General Public License v3 (GPL-3). The "include/thirdparty/" directory contains third party code. Please read their LICENSE files for information on the software availability and distribution.