Skip to content
This repository has been archived by the owner on Jun 6, 2021. It is now read-only.


Repository files navigation


License Latest stable version
Build Status Codecov Dependencies Repository Size
Last Commit Contributors Open Issues Open PRs Rawsec's CyberSecurity Inventory

a CTFd-like Server in go



At start, a config.yaml is generated. You should edit it with the settings you need

The Challenge info Dir shall look like that:

├── chall-1
│   ├── meta.yaml
│   ├──
│   └──
├── chall-2
│   ├── meta.yaml
│   ├──
│   └──

For each Challenge you need a meta.yaml, a and a

The meta.yaml shall look like that:

points: <How many points the challenge should have>
uri: "<Protocol and user of your ssh Challenges (e.g. `ssh://chall-1@%s`>"
deps: [<Dependencies the Challenge has>]
flag: "<The flag>"
author: "<The author of the challenge>"
title: "(optional) the title of the challenge, else the directory name is used"

The and are markdown files (syntax). The contents can only be seen by users who already solved the challenge

Building WTFd yourself

You need to have go, sqlite3 and yarn installed

git clone
cd wtfd

Running WTFd

Now you can finally start wtfd by downloading it from the releases, giving it permissions chmod +x wtfd and running it ./wtfd

WTFd is HTTP only, if you need HTTPS use a reverse proxy like Traefik or nginx

Development notes

To make working with the TypeScript easier, you can do

make js-run

to automatically compile the JS on changes