web-ctf-container
by HightechSec
A Dockerized training platform offering six distinct web-based CTF challenges designed to teach and practice web security exploitation techniques.
A training platform with different Scenarios of CTF Web Challenges
Primary Use Case
This tool is primarily used by security enthusiasts, educators, and penetration testers to practice and teach web security vulnerabilities in a controlled environment. It provides hands-on experience through Capture The Flag (CTF) style challenges that simulate real-world web attacks. Users can deploy it locally using Docker or on private servers for training purposes.
- Contains six different web challenge scenarios for CTF training
- Docker containerized for easy deployment and isolation
- Editable flags within challenges for customization
- Can be installed on local or public web servers (not recommended for public exposure)
- Includes a simple web interface with index.php and challenge folders
- GPL licensed and freely available on Docker Hub and GitHub
Installation
- Install Docker from http://docker.com
- Run the container using: docker run --name web-ctf -d -it -p 80:80 hightechsec/web-ctf-container
- To install manually, clone the repo: git clone https://github.com/HightechSec/web-ctf-container
- Change the flags in all flag.php files inside each challenge folder
- Copy index.php and all challenge folders to your web server directory
- Alternatively, build the Docker image manually with: docker build -t "web-ctf-container" .
- Run the built image with: docker run --name web-ctf -d -it -p 80:80 web-ctf-container
Usage
>_ docker run --name web-ctf -d -it -p 80:80 hightechsec/web-ctf-containerRuns the pre-built Docker container exposing port 80 for web access
>_ docker exec -ti web-ctf bashAccesses the running container's shell to modify challenge files
>_ nano flag.phpEdits the flag.php file inside the container to change challenge flags
>_ git clone https://github.com/HightechSec/web-ctf-containerClones the repository for manual installation or customization
>_ docker build -t "web-ctf-container" .Builds the Docker image locally from the cloned repository
>_ docker run --name web-ctf -d -it -p 80:80 web-ctf-containerRuns the locally built Docker image
- Integrate this platform into purple team exercises to simulate realistic web attack scenarios and improve collaboration between red and blue teams.
- Use the containerized environment to safely train junior penetration testers on web exploitation techniques without risk to production systems.
- Customize flags and challenge difficulty to align training with organizational threat models and skill levels.
- Combine with automated vulnerability scanners to validate detection capabilities of blue team tools in a controlled environment.
- Deploy locally or in isolated lab networks to enhance secure hands-on learning without exposure to public internet risks.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about web-ctf-container. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
caddy
caddyserver/caddy
Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
nginx
nginx/nginx
The official NGINX Open Source repository.
nginxconfig.io
digitalocean/nginxconfig.io
⚙️ NGINX config generator on steroids 💉
SafeLine
chaitin/SafeLine
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
DOMPurify
cure53/DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
anubis
TecharoHQ/anubis
Weighs the soul of incoming HTTP requests to stop AI crawlers