HC's Capture the Flag site

Capture the Flag gameserver

Want to do your own CTF? No problem.

The task of a CTF gameserver is to rate teams by periodically distributing and collecting data fragments (i.e., flags) to services, by allowing teams to report captured flags, and by providing interfaces for advisory submission and rating.

This gameserver has the following dependencies:

  • Java Runtime Environment 1.6 or higher.
  • Postgresql 8.1 or higher. The postgresql server does not have to run on the same machine as the gameserver runs on; however, the installation script requires the postgresql client software to be installed. (psql in particular)
  • python2.5 or newer on remote peers. Also if you want to use the testscript template to base your testscripts on, you need python.
  • UNIX (tested on FreeBSD, solaris and linux)

The gameserver consists of three parts: The service checker periodically distributes and collects flags to determine service states and to award defensive points accordingly.

The score bot telnet server listenes for tcp connections and provides a flag+advisory reporting interface, as well as an administrator's console.

The page generator periodically regenerates static .html files to be served using a webserver. (You may use publicfile for that purpose) In addition to that, it updates stats tables and regenerates the scoringdata.xml file which can be used by third party tools.


The following documents are available:




These may be useful to CTF teams


You have to write a small testscript for every service you want the gameserver to check.

Read more about how to write testscripts.




  • Increased stability for large CTFs,
  • totally customizable HTML header and footer,
  • nicer installation script,
  • advisory RSS feed,
  • XML data generation (useful for vizualization),
  • testscript template in python (you may use any other language, though).

Technical notes

The scoring bot is stateless; you may kill and restart the processes at any time. All settings are immediately stored in and loaded from the database. You may even start the service checker on multiple machines simultaneously, as long as secure communication to the database server can be guaranteed. (For performance reasons, the connection to the DB is not encrypted.) With usual setups, that shouldn't be a problem.

Development snapshot

Is now hosted on github.

Powered by FreeBSD

$Id: index.html 542 2009-05-09 17:29:30Z root $ Impressum