A modular, API-first platform for managing Capture The Flag (CTF) competitions, built with FastAPI (Python) on the backend and Next.js (React) on the frontend.
Developed as part of the IITISoC Cybersecurity project to provide a reliable, user-friendly, and extensible system for CTF event management.
- About
- Features
- Tech Stack
- Installation and setup
- Screenshots
- Future Improvements
- Contributors
- License
Capture The Flag competitions are a fun and educational way to test cybersecurity skills.
Our goal with this project was to create a CTF management platform that:
- Is lightwieght
- Follows API-first architecture
- Has a modern frontend UI
- Supports teams, challenges, scoring, and authentication
- Prioritizes extensibility for future features
The platform is suitable for university-level CTF events, cybersecurity clubs, or even small online competitions.
- User & Team Management (Registration, login, management)
- Challenge Management (Static challenges, scoring logic)
- Role-Based Access Control
- API-first design for flexibility (can support mobile/CLI in the future)
- Email verification flows
Backend
- FastAPI (with Pydantic models)
- SQLAlchemy ORM
- MariaDB/MySQL (Database)
Frontend
- Next.js (React)
- Tailwind CSS
We use uv for python package management and pnpm for node package management. Ensure they are installed. Starting the backend and frontend servers is as simple as running the following commands in respective directories
uv run fastapi dev
and
pnpm dev
Configure the backend at backend/app/config.py.
| Login Page | Dashboard | Scoreboard | AdminPanel |
|---|---|---|---|
 |
 |
 |
 |
- Support for instance-based challenges
- Plugin-based architecture for custom features
- Anti-cheating tools and personalized flags
- Mobile app / CLI support
- Detailed analytics for organizers
- Comprehensive documentation
-
- 240041036
Worked on FastAPI endpoints. Implemented backend authentication flow. Fixed multiple backend issues and implemented multiple DB operations.
-
- 240051003
Frontend layout, theme, pages design, Created Login, Register, Home, Scoreboard, teams, Admin panel, Notifications pages. Set Authentication flow, some backend part, Integration of Admin controls, Scoreboard, Challenges, Teams, Profile, Notifications etc to backend.
-
- 240021019
Pages design user, team, forget password, settings, flag submission logic (fast api rate limitter and redis implementation), some backend endpoints like reset password and send reset password email. Integration of settings, team, user, forget password etc to backend
-
- 240005051
Designed the challenge, profile, and settings pages, implemented them in code, and integrated the profile page with its respective backend endpoints, as well as integrated the challenge page with the backend.
-
- 240004049
Email verification
-
- 240008019
Database models
This project is licensed under the MIT License - see the LICENSE file for details.