redpwn/admin-bot
A scalable service for client-side web CTF challenges
Quick Start
GCP
In examples/gcp
, run:
gcloud auth application-default login
terraform init
terraform apply --var "project=$(gcloud config get-value project)"
AWS
In examples/aws
, run:
aws configure
repo=$(aws ecr create-repository --repository-name admin-bot --region us-east-1 --query repository.repositoryUri --output text)
docker pull redpwn/admin-bot-example
docker tag redpwn/admin-bot-example "$repo"
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin "$repo"
docker push "$repo"
terraform init
terraform apply --var "image=$(docker image inspect "$repo" -f '{{ index .RepoDigests 0 }}')"
After applying, Terraform outputs a submit_url
. To submit a URL to the admin bot, visit <submit_url>/one
.
Deployment
- Create a
config.js
file and aDockerfile
.
GCP
- Build and push the image to
gcr.io
orpkg.dev
. - Use the Terraform module to deploy to Cloud Run.
AWS
- Build and push the image to ECR.
- Use the Terraform module to deploy to Fargate and Lambda.
Challenge Configuration
The config.js
file must export a Map
named challenges
.
The key of each entry is its challenge ID. To submit a URL to the admin bot, visit /<challenge id>
.
The value of each entry is an object with properties:
name
: the display name of the challengetimeout
: the timeout in milliseconds for each admin bot visithandler
: a function which returns aPromise
and accepts the submitted URL and a PuppeteerBrowserContext
urlRegex
(optional): a regex to check the URL against (default:/^https?:\/\//
)
To mitigate possible Chrome vulnerabilities, JIT/WebAssembly is disabled.
Terraform Configuration
GCP
Terraform module: redpwn/admin-bot/google
.
Example configuration: examples/gcp/main.tf
.
AWS
Terraform module: redpwn/admin-bot/aws
.
Example configuration: examples/aws/main.tf
.