Skip to content

feat: Lab/CTF creation mode for building custom security challenges #107

Open
Open
feat: Lab/CTF creation mode for building custom security challenges#107
@dogancanbakir

Description

@dogancanbakir
dogancanbakir
opened on Jan 6, 2026

Summary

Add the ability for users to create and manage custom labs, similar to platforms like HackTheBox, TryHackMe, or CTF competitions, using vt as the underlying infrastructure.

Use Cases

  • Security trainers creating custom lab environments for workshops
  • CTF organizers spinning up challenge infrastructure
  • Companies building internal security training programs
  • Educators designing hands-on security courses

Proposed Features

1. Lab Configuration File (lab.yaml)

Define a lab with multiple templates, objectives, and hints:

name: "SQL Injection Basics"
description: "Learn SQL injection from basics to advanced"
difficulty: easy
duration: 2h

challenges:
  - id: challenge-1
    template: vt-dvwa
    objective: "Find the admin password using SQL injection"
    hints:
      - "Try single quote in the input field"
      - "UNION SELECT can help you extract data"
    flag: "FLAG{sql_injection_master}"
    points: 100

  - id: challenge-2
    template: vt-juice-shop
    objective: "Bypass the login page"
    flag: "FLAG{authentication_bypassed}"
    points: 200

2. CLI Commands

# Create a new lab from config
vt lab create --config lab.yaml

# Start a lab session
vt lab start --name "SQL Injection Basics"

# List available labs
vt lab list

# Check progress / submit flags
vt lab submit --challenge challenge-1 --flag "FLAG{...}"

# Stop all lab containers
vt lab stop --name "SQL Injection Basics"

# Export lab for sharing
vt lab export --name "SQL Injection Basics" --output lab.zip

3. Lab Filtering & Discovery

# Filter labs by difficulty
vt lab list --difficulty easy

# Filter by tags
vt lab list --tags web,sqli

# Filter by estimated duration
vt lab list --duration 1h

4. Progress Tracking

  • Track completed challenges per lab
  • Score/points system
  • Time tracking for speedrun mode
  • Leaderboard export (for CTF competitions)

Benefits

  • Reusable: Labs can be shared and reused across teams
  • Portable: Export/import labs for offline use
  • Scalable: Run multiple instances for competitions
  • Integrated: Leverages existing vt-templates ecosystem

Open Questions

  • Should labs support multi-user sessions with isolated environments?
  • Integration with flag submission APIs for CTF platforms?
  • Support for dynamic flag generation?

Related

  • vt-templates repository for base vulnerable environments
  • Could integrate with existing CTF frameworks (CTFd, etc.)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions