OpenSec Atlas

Name: web-ctf-container
Author: HightechSec

web-ctf-container: An Open Source Educational Resource for Web Security | OpenSec Atlas

Back to Browse

Web Security

Educational Resource

web-ctf-container

A Dockerized training platform offering six distinct web-based CTF challenges designed to teach and practice web security exploitation techniques.

View on GitHub

About This Tool

A training platform with different Scenarios of CTF Web Challenges

Primary Use Case

This tool is primarily used by security enthusiasts, educators, and penetration testers to practice and teach web security vulnerabilities in a controlled environment. It provides hands-on experience through Capture The Flag (CTF) style challenges that simulate real-world web attacks. Users can deploy it locally using Docker or on private servers for training purposes.

Key Features

Contains six different web challenge scenarios for CTF training
Docker containerized for easy deployment and isolation
Editable flags within challenges for customization
Can be installed on local or public web servers (not recommended for public exposure)
Includes a simple web interface with index.php and challenge folders
GPL licensed and freely available on Docker Hub and GitHub

Insights & Recommendations

This tool is intentionally vulnerable and should never be deployed on public-facing servers to avoid exploitation. It is designed solely for educational and training purposes in a controlled environment. Users should customize flags before deployment to maintain challenge integrity.

Installation

Install Docker from http://docker.com
Run the container using: docker run --name web-ctf -d -it -p 80:80 hightechsec/web-ctf-container
To install manually, clone the repo: git clone https://github.com/HightechSec/web-ctf-container
Change the flags in all flag.php files inside each challenge folder
Copy index.php and all challenge folders to your web server directory
Alternatively, build the Docker image manually with: docker build -t "web-ctf-container" .
Run the built image with: docker run --name web-ctf -d -it -p 80:80 web-ctf-container

Usage

docker run --name web-ctf -d -it -p 80:80 hightechsec/web-ctf-container

Runs the pre-built Docker container exposing port 80 for web access

docker exec -ti web-ctf bash

Accesses the running container's shell to modify challenge files

nano flag.php

Edits the flag.php file inside the container to change challenge flags

git clone https://github.com/HightechSec/web-ctf-container

Clones the repository for manual installation or customization

docker build -t "web-ctf-container" .

Builds the Docker image locally from the cloned repository

docker run --name web-ctf -d -it -p 80:80 web-ctf-container

Runs the locally built Docker image

Smart Usage Notes

Integrate this platform into purple team exercises to simulate realistic web attack scenarios and improve collaboration between red and blue teams.Use the containerized environment to safely train junior penetration testers on web exploitation techniques without risk to production systems.Customize flags and challenge difficulty to align training with organizational threat models and skill levels.Combine with automated vulnerability scanners to validate detection capabilities of blue team tools in a controlled environment.Deploy locally or in isolated lab networks to enhance secure hands-on learning without exposure to public internet risks.