CookieFarm is an Attack/Defense CTF framework inspired by DestructiveFarm, developed by the Italian team ByteTheCookies. Its strength lies in a hybrid Go + Python architecture and a zero-distraction philosophy:
🎯 Your only task is to write the exploit!
CookieFarm automates exploit distribution, flag submission, and result monitoring — allowing you to focus entirely on building powerful exploits.
Make sure you have the following installed:
- ✅ Python 3+
- ✅ Docker
-
Create an
.envfile in the server directory to configure the environment settings:# Server configuration DEBUG=false # Enable debug mode for verbose logging PASSWORD=SuperSecret # Set a strong password for authentication CONFIG_FILE=true # Set if the server takes the config from config.yml in the filesystem; otherwise, do not set the variable PORT=8080 # Define the port the server will listen on
⚠️ For production environments, setDEBUG=falseand use a strong, unique password
- Start the server with Docker Compose:
docker compose up --build
📘 For more configuration details, refer to the server documentation.
- Run the installation :
pip install cookiefarmAfter installation, the
ckccommand is available globally in your terminal (or in your virtual environment if you are using one).
-
Log in and configure the client:
ckc config login -P SuperSecret -h 192.168.1.10 -p 8000 -u your_username
-
Install the Python helper module and create a new exploit template:
ckc exploit create -n your_exploit_name
This will generate
your_exploit_name.pyin~/.cookiefarm/exploits/. -
Run your exploit:
ckc exploit run -e your_exploit_name.py -p 1234 -t 120 -T 40
📘 For more usage examples, check out the client documentation.
We welcome contributions, suggestions, and bug reports! See CONTRIBUTING.md for details on how to get involved.