otter-sec/rctf

GitHub: otter-sec/rctf

rCTF 是一个以单一捆绑包运行、支持可替换 provider 架构的开源 CTF 竞赛平台,帮助组织者快速部署和管理网络安全夺旗赛。

Stars: 26 | Forks: 3

# rCTF [![文档](https://img.shields.io/badge/docs-rctf.osec.io-ca3c41?style=flat-square)][Docs] [![CI](https://img.shields.io/github/actions/workflow/status/otter-sec/rctf/ci.yml?branch=main&label=ci&logo=github&color=404040&style=flat-square)][CI] [![发布](https://img.shields.io/github/v/release/otter-sec/rctf?label=release&logo=github&color=a1a1a1&style=flat-square)][Releases] [![容器](https://img.shields.io/badge/ghcr.io-otter--sec%2Frctf-e5e5e5?logo=docker&logoColor=white&style=flat-square)][Container]
rCTF 是一个用于举办网络安全[夺旗赛]()的平台。 rCTF 保持了部署的简单性,且不会将组织者锁定在一组固定的服务中。该平台作为单一捆绑包运行,其主要集成使用具有通用配置格式的可替换 provider。一个活动可以只使用它所需要的内容,并在以后无需重写平台即可更改 provider。 要开始使用 rCTF,请访问[文档](https://rctf.osec.io)。如果您需要有关 rCTF 的帮助,请[发起一个讨论](https://github.com/otter-sec/rctf/discussions)。 | Preview 1 | Preview 2 | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Preview 3 | Preview 4 | ## 开发 rCTF 需要 [Bun v1.0+](https://bun.sh/)。 1. 安装依赖: bun i 2. 启动开发容器: docker compose -f compose.dev.yml up -d 3. 创建 `rctf.d/00-development.yaml` 并输入以下配置:
点我! ctfName: rCTF Development meta: description: 'Example rCTF instance' imageUrl: 'https://example.com' homeContent: "A description of your CTF. Markdown supported.\n\n" origin: http://127.0.0.1:5173 divisions: open: Open tokenKey: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= startTime: 0 endTime: 99999999999999 database: sql: host: 127.0.0.1 port: 5432 # host: postgres user: rctf password: DO_NOT_USE_ME database: rctf redis: host: 127.0.0.1 port: 6379 # host: redis password: DO_NOT_USE_ME migrate: before # email: # from: es3n1n@es3n1n.eu # provider: # name: 'emails/smtp' # options: # smtpUrl: 'smtp://es3n1n%es3n1n.eu:password@server.com:587' # ctftime: # clientId: 2288 # clientSecret: secret # instancers: # docker: # name: 'instancers/docker' # options: # authToken: 'changeme!' # apiUrl: 'http://tiny-instancer:1337' # defaultInstancer: docker # captcha: # provider: # name: 'captcha/hcaptcha' # options: # siteKey: 'key' # secretKey: 'secret' # protectedEndpoints: # - register # - recover # - setEmail # - instancerStart # - instancerExtend # - avatarUpload # - adminBotSubmit # bloodBot: # bloodsCount: 1 # destinations: # - provider: # name: 'messages/discord' # options: # url: 'webhook-url' # - provider: # name: 'messages/telegram' # options: # botToken: 'bot-token' # chatId: 1337 # adminBot: # provider: # name: 'admin-bots/rctf-ts' # options: # secretKey: beans # endpoint: 'http://admin-bot:21337' # avatarsModeration: # provider: # name: 'moderation/openai' # options: # apiKey: 'key' # globalSiteTag: 'G-1337' # uploadProvider: # name: 'uploads/gcs' # options: # projectId: project-id # bucketName: bucket-name # credentials: # private_key: |- # key # client_email: me@me.iam.gserviceaccount.com
4. 启动开发服务器: bun dev 对于前端工作,运行 `bun dev:mock` 可以使用一组可复现的 mock 队伍、挑战和解题记录来填充数据库。
标签:全栈, 搜索引擎查询, 测试用例, 竞赛平台, 网络安全, 自动化攻击, 请求拦截, 隐私保护