Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!
Ruby HTML CoffeeScript CSS Other
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
app Merge branch 'master' of github.com:mcpa-stlouis/hack-the-arch into dev May 25, 2018
bin Migrating to Rails v5. Beta release candidate 1.3.0 Aug 25, 2016
certs Adding Dockerfile and instructions. See #13 Oct 11, 2016
config Upgrade to Ruby 2.5 and Rails 5.1 Jan 15, 2018
db Upgrade to Ruby 2.5 and Rails 5.1 Jan 15, 2018
lib Initialize repo Jul 29, 2015
log Initialize repo Jul 29, 2015
public Initialize repo Jul 29, 2015
test Upgrade to Ruby 2.5 and Rails 5.1 Jan 15, 2018
vendor/assets Initialize repo Jul 29, 2015
.dockerignore Heroku changes; working toward Dockerfile working with redis (pub/sub) Oct 16, 2016
.env_sample Move .env file; avoid accidentally pushing secrets Feb 17, 2018
.gitignore Move .env file; avoid accidentally pushing secrets Feb 17, 2018
.travis.yml Change from 'bundle exec rake db:migrate' to rails Jan 15, 2018
DOCKER_README.md Update .env file docs Feb 17, 2018
Dockerfile Migrate to alpine image; mount source in container (#41) Feb 17, 2018
Gemfile Migrate to alpine image; mount source in container (#41) Feb 17, 2018
Gemfile.lock Merge branch 'master' of github.com:mcpa-stlouis/hack-the-arch into dev May 25, 2018
LICENSE Initial commit Jul 29, 2015
Procfile Adding sign-in/up/out pages and functionality Aug 30, 2015
README.md Address #42 Feb 17, 2018
Rakefile Initialize repo Jul 29, 2015
ReleaseNotes.md Update ReleaseNotes.md Nov 20, 2016
config.ru Initialize repo Jul 29, 2015
docker-compose.yml Migrate to alpine image; mount source in container (#41) Feb 17, 2018
start_docker.sh Fix check for certs May 26, 2018



Build Status Heroku Code Climate Coverage

This is a scoring server built using Ruby on Rails by the Military Cyber Professionals Association (MCPA). It is free to use and extend under the MIT license (see LICENSE file). The goal of this project is to provide a standard generic scoring server that provides an easy way to add and modify problems and track statistics of a Cyber Capture the Flag event. While it's not recommended, this server can be hosted with your challenges but we do recommend sand-boxing your challenges so they do not affect the scoring server.

Want to see it in action? Live Demo hosted here and screenshots here!

What's different about HackTheArch?

We created this application after using the PicoCTF platform for our annual CTF. It was okay, but we found it lacking some features that we wanted. We wanted a way to be able to offer competitors hints for a cost, and we also wanted a way to create and modify problems from a web interface. We looked around and didn't see any others that met our requirements. CTFd: at the time, had no web admin interface for creating challenges. Root The Box: We didn't like all the extra stuff with the bank accounts and it just seemed too complex for our needs. So we decided to roll our own scoring server and now you can benefit from our hard work! This application implements an optional dynamic hint system which will deduct points for requesting hints and also implements a web interface for creating and modifying hints and challenges. We hope you enjoy this application and are open to feedback so let us know what you like, hate, would like to see added, etc...


  • Ruby version 2.5.0p0
  • Activation and password reset e-mails depend on Heroku SendGrid add-on configuration (this feature can be optionally disabled or easily modified to be used with other mailers)
  • To store challenge pictures in the production environment, you'll need to modify 'config/initializers/carrier_wave.rb' to work with your cloud storage solution
  • See Gemfile for further requirements

Deployment Options

Getting Started

  • For the latest stable release either download the latest tagged release here, or checkout the 'master' branch. For the latest features and a less-stable version, checkout the 'dev' branch.

  • This app is presently designed to be deployed in a heroku environment. We highly recommend this configuration. A few things must be configured to deploy to Heroku:

    1. Create a HOST environment variable that contains the url for your app (e.g., HOST=hackthearch.herokuapp.com).
    2. For mailer support, add the sendgrid addon before deploying (heroku addons:create sendgrid:starter). More info on Sendgrid here.
    3. For live streaming (submissions, chat, etc...), add the Redis To Go addon.
  • It can be deployed outside a heroku environment but will require some alternative for sending account activation e-mails (or alternatively activation e-mails can be disabled in the admin console)

  • To initialize the database, run: bundle exec rake db:seed. After initialization, the admin login credentials will be: admin@gmail.com : password

  • Important: It is highly advised that you immediately change the admin credentials post-deployment

    • While any user may be made an admin, it can only be done manually in the database. This is to prevent privilege escalation through the web interface.
  • For other deployment options, keep reading...


  • A Dockerfile is included along with a docker-compose.yml for deploying a containerized version of HackTheArch. More detailed instructions can be found in: the Docker README.

More configuration details on our project wiki.

Contribute and Contact

Want to help?

  • Want to add a new feature or fix a bug? Check out a branch and submit working code with tests via pull request to merge into the 'dev' branch.
  • Check out the slack channel for more.
  • Test coverage would be a good place to start: here