/ctfscoreboard

Scoreboard for Capture The Flag competitions, used by the Google CTF event

Primary LanguagePythonApache License 2.0Apache-2.0

CTF Scoreboard

This is a basic CTF Scoreboard, with support for teams or individual competitors, and a handful of other features.

Copyright 2016 Google, Inc. This is not an official Google product.

Author: David Tomaschik dwt@google.com

Installation

  1. Install Python with PIP and setuptools. If you'd like to use a virtualenv, set one up and activate it now.

  2. Install the dependencies: pip install -r requirements.txt

  3. Install a database library. For MySQL, consider mysql-python. For Postgres, use psycopg2. (Others may work; untested.)

  4. Write a config.py for your relevant installation.

     SQLALCHEMY_DATABASE_URI = 'mysql://username:password@server/db'
     #SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://username:password@server/db'
     SECRET_KEY = 'Some Random Value For Session Keys'
     TEAM_SECRET_KEY = 'Another Random Value For Team Invite Codes'
     TITLE = 'FakeCTF'
     TEAMS = True
     ATTACHMENT_DIR = 'attachments'
     LOGIN_METHOD = 'local'  # or appengine
    

If you are using plaintext HTTP to run your scoreboard, you will need to add the following to your config.py, so that cookies will work:

    SESSION_COOKIE_SECURE = False

If you are developing the scoreboard, the following settings may be useful for debugging purposes. Not useful for production usage, however.

    COUNT_QUERIES = True
    SQLALCHEMY_ECHO = True 
  1. Create the database:

     python main.py createdb
    
  2. Set up your favorite python application server, optionally behind a webserver. You'll want to use main.app as your WSGI handler. Tested with uwsgi + nginx. Not tested with anything else, let me know if you have success. Sample configs are in doc/.

  3. Register a user. The first user registed is automatically made an admin. You probably want to register your user before your players get access.

  4. Have fun! Maybe set up some challenges. Players might like that more.

Options

SCORING: Set to 'progressive' to enable a scoring system where the total points for each challenge are divided amongst all the teams that solve that challenge. This rewards teams that solve infrequently solved (hard or obscure) challenges.

TITLE: Scoreboard page titles.

TEAMS: True if teams should be used, False for each player on their own team.

SQLALCHEMY_DATABASE_URI: A SQLAlchemy database URI string.

LOGIN_METHOD: Supports 'local' or 'appengine'. 'appengine' uses AppEngine users API.

Development

Test Cases

  • Setup database
  • Create user, verify admin
  • Create category
  • Create challenge
    • With, without attachment
  • Edit challenges
    • Add attachment
    • Delete attachment
  • Download backup
  • Restore backup
  • Create 2nd user, verify not admin
    • Solve challenge
    • Download attachment

Thanks

This project stands on the shoulders of giants. A big thanks to the following projects used to build this:

And many more indirect dependencies.