ExploitFarm is an advanced tool designed to manage exploits and flag submissions in Attack-Defense CTF competitions. It combines a Python library with a command-line interface (CLI), providing flexibility and efficiency for managing CTF tasks. This documentation provides a comprehensive overview of its features, installation, and usage.
-
Multi-Threaded Execution: Utilize a pool of worker threads for efficient exploit execution.
-
Exploit Management: Initialize, push, pull, and version control exploit source code.
-
Attack Groups: Collaborate and manage group-based attacks.
-
Integrated Status Monitoring: View real-time server and current execution statuses.
Install ExploitFarm via pip:
pip3 install -U xfarm && xfarm --install-completionFor Windows, use:
python -m xfarmPrerequisites:
- Python 3.8+
- Compatible with Linux, macOS, and Windows.
- Ensure you have
pipinstalled.
ExploitFarm provides both programmatic and CLI access to its features.
The Python library allows developers to integrate ExploitFarm functionality into their scripts:
import random
from exploitfarm import *
host = get_host() # Retrieves the server host (from environment variables or configuration)
print(f"Connected to {host}")
flags = [random_str(32) + "=" for _ in range(10)]
print(f"Submitting flags: {flags}")
submit_flags(flags)The Store class provides a key-value storage system for exploits, allowing you to save and retrieve centralized data during execution.
The key value store is different for each exploit id. You can use it to store some data you need to save and change for every exploit execution.
from exploitfarm import Store
store = Store()
# Set a value
store.set("example_key", {"example": "data"})
# Get a value (if not exists returns None)
data = store.get("example_key")
print(data)
# Delete a key
store.delete("example_key")
# List all keys
keys = store.keys()
print(keys)Methods:
get(key: str, timeout: int = HTTP_TIMEOUT) -> bytes: Retrieve a value by key.set(key: str, value: bytes, timeout: int = HTTP_TIMEOUT): Store a value by key.delete(key: str, timeout: int = HTTP_TIMEOUT): Delete a key.keys(timeout: int = HTTP_TIMEOUT) -> list[str]: List all stored keys.
Environment Variables Required:
XFARM_REMOTE_URL: Base URL for the exploit storage API.XFARM_EXPLOIT_ID: Unique identifier for the exploit.XFARM_LOGIN_TOKEN: Authentication token for secure access.
The CLI is the primary way to interact with ExploitFarm for exploit and attack management.
xfarm [COMMAND] [OPTIONS]Use --help to view available commands and options:
xfarm --helpThese options are applicable to all commands:
-h,--help: Display help information for a command.-I,--no-interactive: Disable interactive configuration mode (default: interactive).-v,--version: Show the version of the ExploitFarm client.
Run an exploit from the specified path:
xfarm start [OPTIONS] PATHOptions:
PATH: The directory containing the exploit (default: current directory).--pool-size, -p: Fixed size for the thread pool (default:10 * CPU cores).--submit-pool-timeout: Timeout (in seconds) for the submission pool (default: 3).--test, -t: Test the exploit without submission.--test-timeout: Timeout for exploit testing (default: 30 seconds).--no-auto-push, -n: Prevent automatic source push.--push-message, -m: Custom message for the source push.
Example:
xfarm start ./my_exploit --pool-size 20 --testRetrieve the status of the server or specific components:
xfarm status [WHAT]Options:
WHAT: Specify the status type (default:status). Available options include:status: General server status.submitters: Submission system details.services: Active services.exploits: Exploit statuses.flags: Flag submission statistics.teams: Team information.clients: Client configuration details.
Example:
xfarm status exploitsEdit client settings:
xfarm config edit [OPTIONS]Options:
--address: Server address.--port: Server port.--nickname: Client nickname.--https: Use HTTPS (default: False).
Example (no interactive mode):
xfarm -I config edit --address example.com --port 443 --https --nicknameReset all client settings to their default values:
xfarm config resetAuthenticate with the server:
xfarm config login [OPTIONS]Options:
--password: Provide the password directly.--stdin: Read the password from stdin.
Logout from the server:
xfarm config logoutSet up a new exploit project:
xfarm exploit init [OPTIONS]Options:
--edit, -e: Edit the configuration interactively.--name: Exploit name.--service: Associated service UUID.--language: Programming language.
Upload the exploit source code to the server:
xfarm exploit push [OPTIONS]Options:
--message, -m: Commit message.--force, -f: Force push even with an old commit has the same source.
Get details about the exploit source:
xfarm exploit info [OPTIONS]Options:
--raw, -r: Display raw JSON response.
Update to the latest commit:
xfarm exploit update [OPTIONS]Options:
--force, -f: Force update.
Download the exploit source:
xfarm exploit download [OPTIONS]Options:
--folder, -f: Specify target folder.--commit-uuid: Commit ID (default: latest).
Create a new group for collaborative attacks (and also join in it if in interactive mode):
xfarm group create [OPTIONS]Options:
--name: Group name.--current-commit: Use the current exploit commit.--submit-pool-timeout: Timeout for submission pooling.
Join an existing attack group:
xfarm group join [OPTIONS]Options:
--group: Group ID.--queue: Queue number for the group.--trigger-start: Start the attack after joining.
Environment variables can simplify configuration:
XFARM_HOST: Server address.XFARM_PORT: Server port.XFARM_INTERACTIVE: Enable or disable interactive mode.XFARM_REMOTE_URL: API Base URL for remote exploit storage.XFARM_EXPLOIT_ID: Unique identifier for the exploit.XFARM_LOGIN_TOKEN: Authentication token for secure access.
- Use
--testto verify exploits before running them in production. - Regularly push changes to the server for version control (they are auto-pushed on attack start anyway).
- Collaborate using attack groups for efficient resource utilization if the attack is heavy to execute.