rCTF is a platform for hosting cybersecurity capture-the-flag competitions.
At its core, rCTF is designed for (1) indestructible performance and (2) uniform composition. The platform is intentionally minimal, ships as a single bundled deployment, and exposes every major integration as a swapable provider behind one configuration contract. Organizers start with what their event needs and add what they want through configuration, rather than modification.
To get started with rCTF, visit the documentation. If you need help with rCTF, start a discussion.
 |
 |
|---|---|
 |
 |
rCTF requires Bun v1.0+.
-
Install dependencies:
bun i
-
Start the development containers:
docker compose -f compose.dev.yml up -d
-
Create
rctf.d/00-development.yamland enter the following configuration:Open me!
ctfName: rCTF Development meta: description: 'Example rCTF instance' imageUrl: 'https://example.com' homeContent: "A description of your CTF. Markdown supported.\n\n<timer></timer>" origin: http://127.0.0.1:5173 divisions: open: Open tokenKey: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= startTime: 0 endTime: 99999999999999 database: sql: host: 127.0.0.1 port: 5432 # host: postgres user: rctf password: DO_NOT_USE_ME database: rctf redis: host: 127.0.0.1 port: 6379 # host: redis password: DO_NOT_USE_ME migrate: before # email: # from: es3n1n@es3n1n.eu # provider: # name: 'emails/smtp' # options: # smtpUrl: 'smtp://es3n1n%es3n1n.eu:password@server.com:587' # ctftime: # clientId: 2288 # clientSecret: secret # instancers: # docker: # name: 'instancer/docker-instancer' # options: # authToken: 'changeme!' # apiUrl: 'http://tiny-instancer:1337' # defaultInstancer: docker # captcha: # provider: # name: 'captcha/hcaptcha' # options: # siteKey: 'key' # secretKey: 'secret' # protectedEndpoints: # - register # - recover # - setEmail # - instancerStart # - instancerExtend # - avatarUpload # - adminBotSubmit # bloodBot: # bloodsCount: 1 # destinations: # - provider: # name: 'messages/discord' # options: # url: 'webhook-url' # - provider: # name: 'messages/telegram' # options: # botToken: 'bot-token' # chatId: 1337 # adminBot: # provider: # name: 'admin-bot/rctf-js' # options: # secretKey: beans # endpoint: 'http://admin-bot:21337' # avatarsModeration: # provider: # name: 'moderation/openai' # options: # apiKey: 'key' # globalSiteTag: 'G-1337' # uploadProvider: # name: 'uploads/gcs' # options: # projectId: project-id # bucketName: bucket-name # credentials: # private_key: |- # key # client_email: me@me.iam.gserviceaccount.com
-
Start the development server:
bun dev
For frontend work, run
bun dev:mockto seed the database with a reproducible set of mock teams, challenges, and solves.