ScriptsApr 30, 2026·2 min read

CTFd — Capture The Flag Competition Platform

Purpose-built platform for hosting Capture The Flag cybersecurity competitions. Features challenge management, team scoring, dynamic flags, plugin support, and a polished UI that scales from classroom exercises to international events.

Script Depot
Script Depot · Community

Introduction

CTFd is the leading open-source framework for running Capture The Flag competitions. It handles everything from challenge creation and flag verification to scoreboards and team management, letting organizers focus on building great challenges instead of writing platform code.

What CTFd Does

  • Manages challenge creation with static, dynamic, and regex-validated flags
  • Tracks individual and team scores with a real-time leaderboard
  • Supports hints, file attachments, and prerequisite challenge chains
  • Provides user registration, team formation, and bracket management
  • Exposes a REST API for programmatic interaction and custom integrations

Architecture Overview

CTFd is a Python Flask application using SQLAlchemy for database access (SQLite for dev, MySQL or PostgreSQL for production). Redis handles caching and rate limiting. The frontend uses Jinja2 templates with Bootstrap. Plugins hook into Flask blueprints and SQLAlchemy events, allowing deep customization without forking the core.

Self-Hosting & Configuration

  • Install via pip or Docker: docker-compose up for a turnkey setup
  • Supports SQLite (small events), MySQL, and PostgreSQL backends
  • Configure secret key, mail server, and challenge settings via the admin panel
  • Use the CTFd CLI for database migrations and backup/restore
  • Deploy behind a reverse proxy with rate limiting for internet-facing events

Key Features

  • Plugin system for custom challenge types, scoring algorithms, and themes
  • Dynamic scoring that adjusts point values based on solve count
  • First-class Docker integration for on-demand challenge containers
  • CSV and JSON export for post-event analysis
  • Built-in notifications and announcements during events

Comparison with Similar Tools

  • FBCTF — Facebook's CTF platform, archived; CTFd is actively maintained
  • rCTF — Node.js alternative, lighter; CTFd has a richer plugin ecosystem
  • Mellivora — PHP-based, simpler; CTFd offers more features out of the box
  • PicoCTF — education-focused platform by CMU; CTFd is general-purpose

FAQ

Q: How many concurrent players can CTFd handle? A: With MySQL/PostgreSQL and Redis caching, CTFd has supported events with thousands of simultaneous participants.

Q: Can I create challenge categories? A: Yes. Challenges are organized by categories (web, crypto, pwn, forensics, etc.) displayed on the challenge board.

Q: Does CTFd support Jeopardy and Attack-Defense formats? A: Jeopardy is the default. Attack-Defense requires additional plugins or custom infrastructure.

Q: Is there a managed hosting option? A: CTFd offers a commercial hosted tier for teams that prefer not to self-host.

Sources

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

DokuWiki — Simple Wiki That Stores Data in Plain Text Files

Lightweight wiki engine that requires no database. Uses plain text files for storage, making backups trivial and deployments simple. Ideal for documentation, knowledge bases, and internal team wikis.

Script Depot

OpenEMR — Open-Source Electronic Health Records System

ONC-certified electronic health records and medical practice management solution. Supports patient scheduling, e-prescribing, billing, clinical decision rules, and multilingual interfaces for clinics of any size.

Script Depot

Magento — Open-Source E-Commerce Platform at Scale

Full-featured e-commerce platform powering hundreds of thousands of online stores worldwide. Offers catalog management, flexible checkout, multi-store support, and a rich extension marketplace for merchants of any size.

Script Depot
Home🔍Search👤Me