GZ::CTF is an open source CTF platform based on ASP.NET Core, using Docker or K8s as the container deployment backend, providing customizable challenges types, dynamic containers and dynamic scores.
This project originated from the author's idea that the implementation of CTFd is not elegant enough, the dynamic container configuration needs to be implemented by plug-ins, and the front-end is not good-looking. At the same time, in order to hold school CTF and help students from other schools to run their CTF, I wrote one by myself.
GZ::CTF is open source under AGPLv3 license, use and modification are subject to the open source license. Please refer to Quick Start for deployment.
Upgrade and migration considerations:
Create highly customizable challenges
Type of challenges: Static Attachment, Dynamic Attachment, Static Container, Dynamic Container
Dynamic Scores
Curve of scores:
Where is the original score, is the minimum score ratio, is the difficulty coefficient, and is the number of submissions. The first three parameters can be customized to satisfy most of the dynamic score requirements.
Bonus for first three solves: The platform rewards 5%, 3%, and 1% of the current score for the first three solves respectively.
Disable or enable challenges during the competition, and release new challenges at any time.
Dynamic flag sharing detection, optional flag template, leet flag
Teams score timeline, scoreboard. Teams can be grouped
Dynamic container distribution, management, and multiple port mapping methods based on Docker or K8s
Real-time competition notification, competition events and flag submission monitoring, and log monitoring based on SignalR
SMTP email verification, malicious registration protection based on Google ReCaptchav3
Ban specific user, three-level user permission management
Optional team review, invitation code, registration email restriction
Writeup collection, review, and batch download in the platform
Download exported scoreboard, export all submission records
Monitor submissions and major event logs during the competition
Challenges traffic forwarding based on TCP over WebSocket proxy, configurable traffic capture
Cluster cache based on Redis, database storage backend based on PGSQL
Data tracking and monitoring based on Prometheus / OpenTelemetry
Customizable global configuration, platform title, record information
And more...