Skip to main content

Application Target


Application Target Challenges are only available on Hosted or Self-Hosted Enterprise CTFd Instances


Application Target Challenges are heavily beta. If your challenge workload does not currently work please reach out to us.

Application Target challenges allow users to deploy a per-account instance of an application. For example if a challenge requires that every participant must have their own instance of a given website, Application Target challenges allow for that. Each Application Target challenge instance can be deployed, redeployed, and accessed by their respective owners. Note that any user with knowledge of the URL/hostname will be able to access the challenge instance.

Defining an Application

Application Target Challenges use a subset of the docker-compose.yml format.

For example, the following is an example of a valid docker-compose.yml file but also a valid application spec for an Application Target challenge:

version: "3.9"
image: nginx
- 80
image: redis


Application Targets will take challenges whose ports are defined in the spec and map public URLs to those ports. For example the port 80 specified for nginx will be mapped to a subdomain on for Hosted CTFd instances.

Services that are internal to the application should not have any ports listed in the spec.