The GZ::CTF project, an open source CTF platform.
GZ::CTF is an open source CTF platform based on ASP.NET Core.
[!IMPORTANT] To save your effort, please read the documentation carefully before using: https://docs.ctf.gzti.me/en
[!WARNING] Since 01/01/2024, the database structure of the
develop
image is no longer compatible with previous versions. If you prefer to use it, please go tov0.17
.During the rapid development of new features, it is not recommended to use the
develop
image for production deployment, and the database structure changes will cause data loss.
Create highly customizable challenges
Type of challenges: Static Attachment, Dynamic Attachment, Static Container, Dynamic Container
Dynamic Scores
Curve of scores:
$$f(S, r, d, x) = \left \lfloor S \times \left[r + ( 1- r) \times \exp\left( \dfrac{1 - x}{d} \right) \right] \right \rfloor $$
Where $S$ is the original score, $r$ is the minimum score ratio, $d$ is the difficulty coefficient, and $x$ is the number of submissions. The first three parameters can be customized to satisfy most of the dynamic score requirements.
Bonus for first three solves: The platform rewards 5%, 3%, and 1% of the current score for the first three solves respectively.
Disable or enable challenges during the competition, and release new challenges at any time.
Dynamic flag sharing detection, optional flag template, leet flag
Teams score timeline, scoreboard. Teams can be grouped
Dynamic container distribution, management, and multiple port mapping methods based on Docker or K8s
Real-time competition notification, competition events and flag submission monitoring, and log monitoring based on SignalR
SMTP email verification, malicious registration protection based on Google ReCaptchav3
Ban specific user, three-level user permission management
Optional team review, invitation code, registration email restriction
Writeup collection, review, and batch download in the platform
Download exported scoreboard, export all submission records
Monitor submissions and major event logs during the competition
Challenges traffic forwarding based on TCP over WebSocket proxy, configurable traffic capture
Cluster cache based on Redis, database storage backend based on PGSQL
Customizable global configuration, platform title, record information
Support metrics and distributed tracing
And more...
Localization support is in progress, please refer to translate.ctf.gzti.me to learn more or participate in the translation work.
Some event organizers have already chosen GZCTF and successfully completed their competitions. Their trust, support, and timely feedback are the primary driving force behind the continuous improvement of GZCTF.
The list is not in any particular order, and PRs are welcome for additions.
Thanks to NanoApe, the organizer of THUCTF 2022, for providing sponsorship and conducting Alibaba Cloud public network stress testing. This helped validate the service stability of the GZCTF standalone instance (16c90g) under the pressure of thousands of concurrent requests and 1.34 million requests in three minutes.