Home

Awesome

echoCTF RED logo

ci-tests Documentation Status

echoCTF is a pioneer computer security framework, developed by Echothrust Solutions, for running CyberSecurity exercises and competitions such as Capture the Flag.

echoCTF allows building and running capture the flag competitions for network penetration testing and security auditing on real IT infrastructure. It is also used for security awareness and training purposes, by businesses and educational institutes.

What is echoCTF.RED

echoCTF.RED <sub>(codename Mycenae),</sub> is the first iteration of our online long running CTF service, based on the applications from this repository.

It is a free online service that offers a controlled environment, based on real-life systems and services, to train and sharpen your offensive and defensive security skills. Scan, brute-force and do whatever it takes to attack the systems and solve the real-life security scenarios to gain points.

For more information about our competitions visit https://echoCTF.com/ or if you'd rather see a live example of our platform feel free to visit https://echoCTF.RED/

Our main goals for echoCTF include:

Quick start

$ git clone https://github.com/echoCTF/echoCTF.RED.git
$ cd echoCTF.RED
$ docker pull echothrust/echoctf.red-db:latest
$ docker pull echothrust/echoctf.red-backend:latest
$ docker pull echothrust/echoctf.red-frontend:latest
$ docker pull echothrust/echoctf.red-vpn:latest
$ docker-compose up

NOTE: The following ports will be binded localy 1194/udp, 8080/tcp, 8082/tcp, 3306/tcp, 11211/tcp. If any of these ports are already in use the applications will fail to start.

Please note that the docker images are intended for development and testing use only. For production environments we suggest to use the provided playbooks (under ansible/runonce) to setup the systems.

For more details check the echoCTF.RED@ReadTheDocs :notebook_with_decorative_cover:

Screenshots :eyes::candy:

<table> <tr> <td> <center> <img title="Admin page target update form" src="docs/screenshots/target-update-form.png" width="400px" /> Admin page target update </center> </td> <td><center> <img title="Guest user target view" src="docs/screenshots/target-guest-view.png" width="400px" /> Guest player target view</center> </td> <td><center> <img title="Admin page target statistics" src="docs/screenshots/target-averages.png" width="400px" /> Admin page target solving stats</center> </td> </tr> <tr> <td colspan="2"><img src="https://user-images.githubusercontent.com/4373752/208010729-fd75b7a5-0f12-4aec-b30f-f7169d1eddbd.png" title="Detailed view of Target Network" /></td> <td><img src="docs/screenshots/networks-listing.png" title="Target Networks listing" /></td> </tr> </table>

Features

The list of features supported by the platform is really massive, the most interesting are as following:

NOTE: Dynamic firewall support and network tracking of players is not support on the docker-compose versions.

Disclaimer

The documents and guides in this repository are only examples and are not meant to be used to setup production environments.

Special care should be taken with securing and restring access to your setups.

Apply common logic when copy pasting commands and files :)

echoCTF is software that comes with absolutely no warranties whatsoever. By using echoCTF, you take full responsibility for any and all outcomes that result.

Keep in mind that the system comes up with absolutely no data. This means that it is up to you to create targets, challenges, rules, instructions and any other details you require.