PentestCTF – Another CTF Framework

Instead of doing my final-year project at University, I made (another) open-source CTF/Lab framework, primarily for my own learning benefit during its development, but also because I realised how powerful a group learning environment like a CTF is and I wanted to deploy one at my University. Keep reading to learn more…

It’s pretty similar to all the other CTFs I’ve seen, although it has a few extra features. Namely:

  • The ability to detect when its own labs are down and show that on the labs page.
  • It has its own accompanying iOS app. Flags from iOS labs can automatically open the main PentestCTF app and submit them.
  • An API. Make your own CLI tool or interface for it, see if I care.
  • A good/simple schema. A lot of CTFs have messy schemas and small improvements to the app are a bit of a headfu** to implement.
  • Achievements. Theres only a few added by default, but they are there and you can make rules to add new ones.
  • Admins don’t need to give you a default password or let you type a password into their “super-user” session. They just send you a link with a token to create your account yourself, and you request another link with a token to make any changes to your account.
  • Game modes. So, the idea is that you instigate a “game mode” to get people in the hacking mood if things slow down. You can create bonus points for things like “most improved over a month” or “most scoreboard overtakes”.

A demo of the site should be live on PentestCTF.com if you want to take a look. Contact me if you want the source. FYI: On the demo site, the labs were thrown on there from various sources; @Strawp, a BAE CTF in 2015 and my friend Guga who has no online presence… props to those guys.