
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
A CLI tool to deploy CTF challenges to a k8 cluster for `csictf`.
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
ctfup is an npm package developed to streamline the deployment of CTF challenges to a kubernetes cluster.
To get a local copy up and running follow these simple steps.
This package is intended to be used in your CI script, or with the appropriate Google Cloud SDK.
npm install npm@latest -g
git clone https://github.com/csivitu/ctfup.git
npm install
├── pwn
│ ├── pwn-challenge-1
│ │ ├── *
│ │ ├──challenge.yml
│ │ ├──Dockerfile
│ │ └──.dockerignore
│ │
│ ├── pwn-challenge-2
│ │ ├── *
│ │ ├──challenge.yml
│ │ ├──Dockerfile
│ │ └──.dockerignore
│ │
│ └── pwn-challenge-3
│
├── crypto
├── forensics
├── linux
├── reversing
├── miscellaneous
├── osint
├── pwn
├── web
└── ctfup.yml
The directories pwn
, crypto
etc. each have sub directories with each sub directory having a challenge.yml
, a Dockerfile
and corresponding .dockerignore
.
ctfup.yml
as per the format.categories:
- "crypto"
- "forensics"
- "linux"
- "reversing"
- "miscellaneous"
- "osint"
- "pwn"
- "web"
registry: "gcr.io/<project name>-<project id>"
challenge.yml
is as follows:# This file represents the base specification of your challenge. It is used by
# other tools to install and deploy your challenge.
# Required sections
name: "challenge name"
author: "author"
# Select a category from:
# - Pwn
# - Web
# - OSINT
# - Linux
# - Crypto
# - Forensics
# - Reversing
# - Miscellaneous
category: category
# This is the challenge description. Make sure you include the
# necessary URLs / netcat strings here.
description: This is a sample description
# This is the number of points awarded for the challenge.
value: 500
type: dynamic
# Number of solves it takes to reach the minimum value.
decay: 450
# Minimum value.
minimum: 100
# Flags specify answers that your challenge use. You should generally provide
# at least one.
# Can be removed if unused
# Accepts strings or dictionaries
flags:
- csictf{this_is_a_sample_flag}
- { type: "static", content: "csictf{another_flag}", data: "asdfasdfsdf" }
# Tags are used to classify your challenge with topics. You should provide at
# least one.
# Can be removed if unused
# Accepts strings
tags:
- web
- sandbox
- js
# Provide paths to files from the same directory that this file is in
# Accepts strings
files:
- dist/source.py
# Hints are used to give players a way to buy or have suggestions. They are not
# required but can be nice.
# Can be removed if unused
# Accepts dictionaries or strings
hints:
- { content: "This hint costs points", cost: 10 }
- This hint is free
# The state of the challenge.
# May be "visible" or "hidden".
# It is "visible" by default.
state: hidden
# Specifies what version of the challenge specification was used.
# Subject to change until ctfcli v1.0.0
version: "0.1"
# The ports to expose. The target port will be used to access the deployed container.
expose:
- containerPort: 9999
targetPort: 30231
The directory containing the challenge.yml
file must also contain a Dockerfile which will be used by GKE.
Setup your preferred CI for your project. In this case, we will use a Github Action.
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: "12"
- run: npm install -g ctfup
yaml
config file, set up the gcloud environment withuses: GoogleCloudPlatform/github-actions/setup-gcloud@master
with:
version: '290.0.1'
service_account_key: ${{ secrets.GKE_SA_KEY }}
project_id: ${{ secrets.GKE_PROJECT }}
Note: use the latest version of the Github Action.
# Configure Docker to use the gcloud command-line tool as a credential
# helper for authentication
- run: |-
gcloud --quiet auth configure-docker
# Get the GKE credentials so we can deploy to the cluster
- run: |-
gcloud container clusters get-credentials "${{ secrets.GKE_CLUSTER_NAME }}" --zone "${{ secrets.GKE_CLUSTER_ZONE }}"
- name: Deploy
run: ctfup -c ctfup.yml .
See the open issues for a list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.
git checkout -b feature/AmazingFeature
)git commit -m 'feat: Add some AmazingFeature'
)git push origin feature/AmazingFeature
)You are requested to follow the contribution guidelines specified in CONTRIBUTING.md while contributing to the project :smile:.
Distributed under the MIT License. See LICENSE
for more information.
Thanks goes to these wonderful people (emoji key):
Rishit Bansal 💻 🚇 | Rohan Mukherjee 💻 🚇 | theProgrammerDavid 📖 |
This project follows the all-contributors specification. Contributions of any kind welcome!
FAQs
A CLI tool to deploy CTF challenges to a k8 cluster.
The npm package ctfup receives a total of 1 weekly downloads. As such, ctfup popularity was classified as not popular.
We found that ctfup demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.