Skip to content
Switch branches/tags

Latest commit

# 3.5.0 / 2022-05-09


- Add a next challenge recommendation to challenges
- Add support for only viewing hints after unlocking another hint
- Add size checking and recommendation for images uploaded during setup

**Admin Panel**

- Imports now happen in the background so that admins can watch the status of the import
  - Add progress tracking to backup/export importing
  - Add `GET /admin/import` to see status of import
  - The public user facing portion of CTFd is now disabled during imports
- Fix issue where custom field entries for Users and Teams would be misaligned in the scoreboard CSV export
- Show admins the email server error message when email sending fails
- Fix issue where the current theme cannot be found in list of themes
- Fix page preview so that it accounts for the provided format
- Add links from User/Team Profile IP addresses to a User IP address search page
- Add city geolocation to Team Profile IP addresses


- Add the `count` meta field to the following endpoints:
  - `/api/v1/users/me/solves`
  - `/api/v1/users/me/fails`
  - `/api/v1/users/me/awards`
  - `/api/v1/teams/me/awards`
  - `/api/v1/users/[user_id]/solves`
  - `/api/v1/users/[user_id]/fails`
  - `/api/v1/users/[user_id]/awards`
  - `/api/v1/teams/[team_id]/solves`
  - `/api/v1/teams/[team_id]/awards`
- Improve speed of `/api/v1/teams/me/fails`
- Improve speed of `/api/v1/teams/[team_id]/fails`
- Improve speed of `/api/v1/users/me/fails`
- Improve speed of `/api/v1/users/[user_id]/fails`


- Use Python 3.9 as the default Python version
- Prevent any possible usage of an already existing session ID by checking for duplicates during during session ID generation
- No longer install `python3-dev` in Dockerfile
- docker-compose.yml now uses `nginx:stable` as the image for nginx


- `CTFd._internal.challenge.render` and `CTFd._internal.challenge.renderer` in the `view.js` Challenge type file has been deprecated. Instead Challenge plugins should refer to the `challenge.html` attribute provided by the API. Essentially CTFd is moving to having markdown & HTML rendered by the server instead of rendering on the client.


- Create the [`core-beta` theme]( and begin documenting the creation of themes using Vite
- Add `userName` and `userEmail` to the CTFd init object in `base.html` for easier integration with other JavaScript code
- Add `teamId` and `teamName` to the CTFd init object in `base.html` for easier integration with other JavaScript code
- Adds the `Assets` constant to access front end assets from Jinja templates
- Adds a `views.themes_beta` route to avoid the `.dev`/`.min` extension being added automatically to frontend asset urls


- Fix double logging in `log()` function
- Add `--delete_import_on_finish` to `python import_ctf`
- Fix issue where `field_entries` table could not be imported when moving between MySQL and MariaDB

Git stats


Failed to load latest commit information.
Latest commit message
Commit time

CTFd MySQL CI Linting MajorLeagueCyber Discourse Documentation Status

What is CTFd?

CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's easy to customize with plugins and themes.

CTFd is a CTF in a can.


  • Create your own challenges, categories, hints, and flags from the Admin Interface
    • Dynamic Scoring Challenges
    • Unlockable challenge support
    • Challenge plugin architecture to create your own custom challenges
    • Static & Regex based flags
      • Custom flag plugins
    • Unlockable hints
    • File uploads to the server or an Amazon S3-compatible backend
    • Limit challenge attempts & hide challenges
    • Automatic bruteforce protection
  • Individual and Team based competitions
    • Have users play on their own or form teams to play together
  • Scoreboard with automatic tie resolution
    • Hide Scores from the public
    • Freeze Scores at a specific time
  • Scoregraphs comparing the top 10 teams and team progress graphs
  • Markdown content management system
  • SMTP + Mailgun email support
    • Email confirmation support
    • Forgot password support
  • Automatic competition starting and ending
  • Team management, hiding, and banning
  • Customize everything using the plugin and theme interfaces
  • Importing and Exporting of CTF data for archival
  • And a lot more...


  1. Install dependencies: pip install -r requirements.txt
    1. You can also use the script to install system dependencies using apt.
  2. Modify CTFd/config.ini to your liking.
  3. Use python or flask run in a terminal to drop into debug mode.

You can use the auto-generated Docker images with the following command:

docker run -p 8000:8000 -it ctfd/ctfd

Or you can use Docker Compose with the following command from the source repository:

docker-compose up

Check out the CTFd docs for deployment options and the Getting Started guide

Live Demo


To get basic support, you can join the MajorLeagueCyber Community: MajorLeagueCyber Discourse

If you prefer commercial support or have a special project, feel free to contact us.

Managed Hosting

Looking to use CTFd but don't want to deal with managing infrastructure? Check out the CTFd website for managed CTFd deployments.


CTFd is heavily integrated with MajorLeagueCyber. MajorLeagueCyber (MLC) is a CTF stats tracker that provides event scheduling, team tracking, and single sign on for events.

By registering your CTF event with MajorLeagueCyber users can automatically login, track their individual and team scores, submit writeups, and get notifications of important events.

To integrate with MajorLeagueCyber, simply register an account, create an event, and install the client ID and client secret in the relevant portion in CTFd/ or in the admin panel: