explaingit

probiusofficial/ctf-theory-exam

Analysis updated 2026-05-18

4PythonAudience · ops devopsLicense

TLDR

A self-contained Docker platform that generates and grades randomized theory exams for CTF cybersecurity competitions, with tamper-evident scoring.

Mindmap

mindmap
  root((CTF Theory Exam))
    What it does
      Randomized theory exams
      Server side timer
      Tamper evident scoring
    Tech stack
      Python
      Flask
      SQLite
      Docker
    Use cases
      Run CTF theory rounds
      Verify submitted scores
      Inject platform flags
    Audience
      CTF organizers
    License
      MIT

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run a timed theory exam for a CTF competition inside a single Docker container

USE CASE 2

Generate a unique randomized exam per player from a question bank

USE CASE 3

Verify submitted scores independently to catch tampering

USE CASE 4

Display a CTF flag automatically after a player submits their exam

What is it built with?

PythonFlaskSQLiteDockerHMAC-SHA256

How does it compare?

probiusofficial/ctf-theory-examadeliox/klein-head-swapats4321/ragit
Stars444
LanguagePythonPythonPython
Setup difficultymoderatemoderate
Complexity3/52/5
Audienceops devopsdesignerdeveloper

Figures from each repo's GitHub metadata at analysis time.

In plain English

CTF Theory Exam is a containerized online exam platform built for CTF (Capture The Flag) competitions, cybersecurity contests where participants solve technical puzzles to earn points. This platform handles the theory knowledge portion of such events, where players answer questions rather than solve technical challenges directly. The platform generates a unique exam paper for each player by randomly drawing questions from 8 knowledge modules. It supports four question types: single-choice, multiple-choice, true/false, and fill-in-the-blank. A 60-minute countdown timer runs on the server side so the frontend cannot tamper with it, and once a player submits their exam, either manually or when time runs out, the container instance locks so they cannot re-take it. To prevent score fraud, the platform uses HMAC-SHA256 to create a tamper-evident verification token attached to each result. A standalone script lets competition organizers independently verify that a submitted score and time are genuine, which is important for catching players who might try to alter screenshots of their results. After submission, the platform automatically displays a CTF FLAG, a short text string players copy and submit to the competition's main scoring platform to earn points. It supports dynamic FLAG injection from several popular CTF platforms via environment variables. The whole system ships as a self-contained Docker container with no external dependencies: one image, one container, one complete exam environment. It is built in Python using Flask and SQLite. The license is MIT.

Copy-paste prompts

Prompt 1
Help me deploy this CTF theory exam platform as a Docker container
Prompt 2
Explain how the HMAC-SHA256 score verification prevents cheating
Prompt 3
Show me how to configure dynamic FLAG injection for my CTF platform
Prompt 4
Walk me through adding new questions to the 8 knowledge modules

Frequently asked questions

What is ctf-theory-exam?

A self-contained Docker platform that generates and grades randomized theory exams for CTF cybersecurity competitions, with tamper-evident scoring.

What language is ctf-theory-exam written in?

Mainly Python. The stack also includes Python, Flask, SQLite.

Who is ctf-theory-exam for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.