Code Auditor CTF
A web-based Capture The Flag (CTF) platform offering unparalleled depth and breadth in source code auditing challenges. With the largest collection of real-world C/C++ vulnerability examples available anywhere, users analyze authentic code snippets, identify sophisticated security flaws, and master secure coding practices through hands-on experience.
Our comprehensive training environment features thousands of meticulously curated challenges spanning the entire vulnerability spectrum – from classic buffer overflows to the most obscure memory corruption bugs. No other platform provides this level of completeness in source code security education.
Features
- Vulnerability Challenges: Practice identifying various CWEs (Common Weakness Enumerations) in C/C++ code snippets.
- Multiple Difficulty Levels: Challenges categorized by difficulty (Easy, Medium, Hard, Insane – Note: Current implementation might be simplified).
- Code Diff View: Compare vulnerable code side-by-side with a fixed version.
- User Authentication: Secure user registration, login, and logout functionality using Flask-Login.
- Persistent Progress: User scores and completed challenges are tracked in a database.
- User Profiles: View individual scores and completion stats.
- Leaderboard: See how you rank against other auditors!
- Educational Content: Dedicated “Learn” section with comprehensive resources on vulnerability identification.
- Modern UI: Dark theme with Tailwind CSS for landing/auth pages and Prism.js for code highlighting.
- Extensive Challenge Dataset: Features over 7000+ challenges derived from real C/C++ code snippets. (Based on the excellent MegaVul dataset by Icyrockton).
Tech Stack
- Backend:
- Python 3
- Flask (Web Framework)
- Flask-Login (User Session Management)
- Werkzeug (Password Hashing, WSGI utilities)
- SQLite (Database)
- Gunicorn (Production WSGI Server – Recommended)
- Frontend:
- HTML5
- CSS3 (including custom styles)
- Tailwind CSS (for specific pages like landing/auth)
- Vanilla JavaScript (DOM manipulation, API calls)
- Prism.js (Syntax Highlighting)
