CookieFarm
CookieFarm is a Attack/Defense CTF framework inspired by DestructiveFarm, developed by the Italian team ByteTheCookies. What sets CookieFarm apart is its hybrid Go+Python architecture and "zero distraction" approach: Your only task: write the exploit logic!
Install / Use
/learn @ByteTheCookies/CookieFarmREADME
🍪 CookieFarm
CookieFarm is an Attack/Defense CTF framework inspired by DestructiveFarm, developed by the Italian team ByteTheCookies. Its strength lies in a hybrid Go + Python architecture and a zero-distraction philosophy:
🎯 Your only task is to write the exploit!
CookieFarm automates exploit distribution, flag submission, and result monitoring — allowing you to focus entirely on building powerful exploits.
🔧 Prerequisites
Make sure you have the following installed:
- ✅ Python 3+
- ✅ Docker
<!-- ## 📁 Repository Structure | Directory | Description | |------------------|-------------| | [`client/`](./docs/client/README.md) | Handles exploit creation and flag submission | | [`server/`](./docs/server/README.md) | Manages exploit distribution, flag collection, and monitoring | --- -->
⚙️ Architecture Overview
<div align="center"> <img width="800px" height="auto" src="assets/arch_farm.png" alt="Architecture Diagram"> </div>▶️ Getting Started
🖥️ Starting the Server
-
Create an
.envfile in the server directory to configure the environment settings:# Server configuration DEBUG=false # Enable debug mode for verbose logging PASSWORD=SuperSecret # Set a strong password for authentication CONFIG_FILE=true # Set if the server takes the config from config.yml in the filesystem; otherwise, do not set the variable PORT=8080 # Define the port the server will listen on BACKEND_URL=http://server:8080 # URL for the backend service (Is used by the frontend to connect to the server)
⚠️ For production environments, set
DEBUG=falseand use a strong, unique password
- Start the server with Docker Compose:
docker compose up --build
📘 For more configuration details, refer to the server documentation.
💻 Using the Client & Running Exploits
- Run the installation :
pip install cookiefarm
After installation, the
ckccommand is available globally in your terminal (or in your virtual environment if you are using one).
-
Log in and configure the client:
ckc config login -P SuperSecret -h 192.168.1.10 -p 8000 -u your_username -
Install the Python helper module and create a new exploit template:
ckc exploit create -n your_exploit_nameThis will generate
your_exploit_name.pyin~/.cookiefarm/exploits/. -
Run your exploit:
ckc exploit run -e your_exploit_name.py -n CookieService -t 120 -T 40
📘 For more usage examples, check out the client documentation.
🤝 Contributing
We welcome contributions, suggestions, and bug reports! See CONTRIBUTING.md for details on how to get involved.
