README
ΒΆ
πͺ CookieFarm
CookieFarm is an Attack/Defense CTF framework inspired by DestructiveFarm, developed by the Italian team ByteTheCookies. Its strength lies in a hybrid Go + Python architecture and a zero-distraction philosophy:
π― Your only task is to write the exploit!
CookieFarm automates exploit distribution, flag submission, and result monitoring β allowing you to focus entirely on building powerful exploits.
π§ Prerequisites
Make sure you have the following installed:
- β Python 3+
- β Docker
βοΈ Architecture Overview
βΆοΈ Getting Started
π₯οΈ Starting the Server
-
Create an
.envfile in the server directory to configure the environment settings:# Server configuration DEBUG=false # Enable debug mode for verbose logging PASSWORD=SuperSecret # Set a strong password for authentication CONFIG_FILE=true # Set if the server takes the config from config.yml in the filesystem; otherwise, do not set the variable PORT=8080 # Define the port the server will listen on
β οΈ For production environments, set
DEBUG=falseand use a strong, unique password
- Start the server with Docker Compose:
docker compose up --build
π For more configuration details, refer to the server documentation.
π» Using the Client & Running Exploits
- Run the installation :
pip install cookiefarm
After installation, the
ckccommand is available globally in your terminal (or in your virtual environment if you are using one).
-
Log in and configure the client:
ckc config login -P SuperSecret -h 192.168.1.10 -p 8000 -u your_username -
Install the Python helper module and create a new exploit template:
ckc exploit create -n your_exploit_nameThis will generate
your_exploit_name.pyin~/.cookiefarm/exploits/. -
Run your exploit:
ckc exploit run -e your_exploit_name.py -p 1234 -t 120 -T 40
π For more usage examples, check out the client documentation.
π€ Contributing
We welcome contributions, suggestions, and bug reports! See CONTRIBUTING.md for details on how to get involved.
π Star History
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
client
command
|
|
|
client/cmd
Package cmd contains commands for the CookieFarm client
|
Package cmd contains commands for the CookieFarm client |
|
server
command
Package main is the entry point for the API server.
|
Package main is the entry point for the API server. |
|
internal
|
|
|
client/api
Package api provides functions to interact with the CookieFarm server API.
|
Package api provides functions to interact with the CookieFarm server API. |
|
client/config
Package config provides functions to manage the CookieFarm client configuration globally.
|
Package config provides functions to manage the CookieFarm client configuration globally. |
|
client/exploit
Package exploit provides functions to parse flags from JSON output.
|
Package exploit provides functions to parse flags from JSON output. |
|
client/websockets
Package websockets used for communicating with the server via WebSocket protocol
|
Package websockets used for communicating with the server via WebSocket protocol |
|
server/config
Package config for configuration management
|
Package config for configuration management |
|
server/server
Package server initializes and configures the HTTP server for CookieFarm, including routing, static file serving, and debug settings.
|
Package server initializes and configures the HTTP server for CookieFarm, including routing, static file serving, and debug settings. |
|
server/sqlite
Package sqlite provides some basic functionality for interacting with a SQLite database.
|
Package sqlite provides some basic functionality for interacting with a SQLite database. |
|
pkg
|
|
|
logger
Package logger provides functions to manage the CookieFarm client logging.
|
Package logger provides functions to manage the CookieFarm client logging. |