The One Request CTF event was hosted from February 27th to March 2nd, 2025 by APIsec University. The application utilized in the event is available in this repository, with minimal modifications, for educational purposes.
For example, the challenge descriptions and flag validation functionality were added directly to the application for public release.
The easiest way to run the application is via Docker and Docker Compose. Run the following commands to start the application on your system:
git clone https://github.com/apisec-university/one-request.git
cd one-request
docker compose up -d The application should now be available on http://localhost:8000.
To stop the application, run docker compose down from the repo directory.
To run the application locally, you will need to have Python3 installed on your system. Python 3.10+ is recommended.
Run the following commands to start the application:
poetry install
poetry shell
poetry run devThe application should now be available on http://localhost:8000.
To verify application can be solved using the included solve.py script, run the following commands:
poetry install
poetry run solveNumerous write-ups on how to complete the CTF are available online from the original event.
Want yours included here? Submit a PR or message us in Discord!
- MRE Security:
- The Pentesting Ninja:
Data is stored in the SQLite database at data/one_request.sqlite3.
To reset the application to a fresh start, checkout the database file to it's original state.
git checkout -- data/one_request.sqlite3If you wish to generate new data for the application, the gen_data.py script can be used.
rm data/one_request.sqlite3
poetry install
poetry shell
alembic upgrade head
python scripts/gen_data.py