cybermouflons / ovisbot Goto Github PK
View Code? Open in Web Editor NEWDiscord bot focused on managing and organising CTFs / Security stuff
License: GNU General Public License v3.0
Discord bot focused on managing and organising CTFs / Security stuff
License: GNU General Public License v3.0
!ctf setcreds
is used to set the shared credentials for a particular CTF however, a common issue that has been raised was that members couldn't find the link to login. As such, it would be useful to change the structure of the setcreds command as follows:
!ctf setcreds <username> <password> [<ctf_link>]
Note that the CTF link is optional at the moment to avoid confusion.
when a challenge is solved a notification must be sent into the general channel so that everyone can see it
It would be more appropriate to store the bot's configuration in the database such that each new install can be fully customisable and persistent. Also, this is the foundation for customizability through a discord channel.
The help commands returns a huge response..
It would be nicer if it was split to core, ctf, ctftime, misc so if you run
!help ctf
would return only help for commands in the ctf extension.
At the moment, useful progress for a challenge is being lost in channel conversations and pinning is not convenient for referring back + not all members have pinning permissions.
CodiMD is an open-source platform for writing and sharing notes in real-time. There is a hosted version of CodiMD here (https://notes.status.im/)
Thus, it would be useful if for each new challenge added a new guest notebook is created that is linked back to the discord channel. Any useful progress, summary, code snippets and exploits can then be added to the notebook decoupled from the conversations such that new members that join the challenge can quickly be up to date with the status of the challenge.
Send a welcome message from Kyrio Zolo when a new challenge channel is created so that the creator can find it easily.
When a member uses the !ctf status command, the number of solved and unsolved challenges must be shown like this:
testctf: Description [X Member] (active) [ 3 solved / 7 total ]
Help pages with the documentation for commands should be generated and attached to !help automatically.
These should be populated from the documentation of each command function
!ctftime rank
should return our rank from https://ctftime.org/team/81678
!ctftime writeups <ID>
should return the list of submitted writeups for each challenge of specified CTF Event as acquired from ctftime.org API
Let the bot run polls and present the result.
Only moderators should be able to start a poll.
Archiving of CTF channels is currently performed manually.
It would be more convenient to implement a scheduled archiving process automatically for each finished CTFs.
The time until archiving should be possible to set from the bot settings.
A ctf attempt command extension to add the user to all challenges.
Within CTF channel:
!challenge new -n <challenge_name> -t <tag1,tag2,> -p
!challenge remove -n <challenge_name> (or id?) -A (admin only)
!challenge list
[Pending Emoji] id1 Challenge1 web,crypto 1337 | 2 kouroupettoi looking at it: kostis, giannis
[Done Emoji] id2 Challenge2 stego 420 | Ekanonise ta o kathigitis o kostis
...
!challange start -n challenge_name (or id?)
Ate Peppo mou!
!challenge abandon -n challenge_name (or id?)
Pellos pou en na ksanagorasei diastimoploio pou ton Kitsio.
!challenge solved -n challenge_name (or id?) -f
O! Inta orea kantila!
To make it easier to view the credentials for the CTF, they should be pinned in the CTF channel.
It would be handy to create a command that integrates with Wolfram Alpha API. This would allow for short computational queries through the bot. i.e. timezone conversion, general question, arithmetic computation etc.
Possible command structure could be:
!wolfram <query>
Although there is a limit of 2000 API calls per month for the free plan, they are probably more than enough for the demands of the bot.
Now that internationalisation is supported, we must update all the strings to be English by default and provide a cypriot equivalent for the CY locale setting.
Bot should send a welcome message to new members.
Develop a collection of commands around organising and managing meetups
New functionality must be added for editing and deleting challenges.
Command structure should something like:
!ctf renamechall <name> <new_name>
!ctf deletechall <name>
Develop commands to perform seamless hash cracking with hashcat in the backend.
Should be developed as a plugin for modularity. Apply limits on:
Currently, zolos only reacts on commands sent. It is convenient to act to edited commands as well to allow fixing typos on commands sent
Bot assumes that any categories other than text and voice channels are CTF categories and therefore CTFs are enumerated as such. It would be more robust to enumerate CTFs using the database instead of the channel categories.
Add a restart always policy in docker compose so that container is restarted in case of failure
Title self-explanatory.
There should be a !ctf leave command that removes the ctf role from members
A challenge specific command unsolve must be added to enable rollback of accidental solve commands and/or forgetting to mention teammates
It would be convenient to reengineer the bot such that it supports plugin architecture.
Utils command output such as ltos
or hex2str
need to be inserted within a codeblock to avoid automatic discord formatting.
A ctftime wirteups command would fetch a number of recent writeups from ctftime. This will be good for random studying and easy fetch of writeups and will be the foundation for a writeup subscribe feature in the future.
Zolos should be able to grab urls shared in any channel (using a regex to match the URI) and post it to a dedicated channel #links (only zolos should have write permissions to that channel) for archive purposes.
Use websites like sploitus.com, exploit-db to search for exploits. This can be useful during CTFs and pentesting
eg: !searchploit wordpress
From a list of known "payloads" such as pentestmonkey, dynamically configure code with LHOST,LPORT and send it back in the channel.
eg: !rshell 127.0.0.1 4444
Find attack payloads for XSS, SQLi, XXE, ...
eg: !payload SQLi MySQL
Use hashid
python module to identify hash format, and try to crack them using websites like crackstation.net
eg: !hashcrack 098f6bcd4621d373cade4e832627b4f6
Use various tools such whois, nslookup, traceroute, ... to provide information about a target
eg !recon website.com
Admins should be able to toggle maintenance mode which will effectively disable commands of the group and return a maintenance message instead.
This is to allow for more controlled update/testing whilst in production.
Ideally, the bot should be tested in test/stage environments but you know... shit happens...
Currently, the project uses the convention requirements.txt file to define dependencies.
As a result, it becomes difficult to separate development from runtime dependencies. It would be possible to create a separate requirements.dev.txt file but this would add unnecessary maintenance burden.
A more ideal solution is to use a more feature-complete dependencies manager like Pipenv or Poetry. In general, poetry has demonstrated superior performance however Pipenv has a larger community and I am also more familiar with it as well.
When a challenge is solved with more than 1 member, they should be displayed in status and congratz messages as well.
A new command ("archive") should be added which archives old CTF details and deletes channels/roles from the server
Allow members to link their hack the box profiles.
Use that to show leaderboard, ranking, stats.
!ctftime current
should return the list of active/running CTFs as acquired by the ctftime.org API.
It would be convenient to add reminder and alarm functionality in the utility commands.
The idea is to be able to set reminders for yourself, the whole team or specific roles.
The command can have the following structure
!utils reminder <reason> <timedelta> [<scope>]
The "scope" argument is for choosing whether the reminder is for the whole team of specific individuals
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.