The exploit farm that stays out of your way.
CookieFarm is an A/D CTF framework with a Go server, Python client SDK, and zero-config flag submission. Write the exploit. We handle the rest.
Live Dashboard
Monitor your exploits in real-time with a clean, responsive interface
Flag Submission
Automatic deduplication and submission to the scoreboard every tick
Charts & Analytics
Visualize your performance with detailed charts and analytics
Easy Configuration
Configure your in the dashboard and let CookieFarm handle the rest
Features
Everything handled. Nothing in the way.
Go Client and Server Core
High-performance scheduler written in Go. Handles exploit parallelism, flag collection and timed execution cycles without breaking a sweat.
Python SDK
A dead-simple client library. Import, subclass, write your attack logic. That's it.
Zero Distraction
No YAML sprawl. No boilerplate. Your only job is the exploit function.
Auto Flag Submission
Flags are detected, deduplicated, and submitted to the scoreboard automatically every tick.
Live Dashboard
Monitor exploit runs, flag counts and errors from a clean web UI in real time.
Team-Ready
Designed for competition environments. Deploys fast, scales with your team.
SDK
Write an exploit in under 10 lines.
CookieFarm's Python SDK handles everything from target iteration to flag submission. Just decorator exploit_manager, and run.
#!/usr/bin/env python3
import requests
from cookiefarm import exploit_manager
@exploit_manager
def exploit(ip: str, port: int, name: str):
base_url = f"http://{ip}:{port}"
r = requests.get(f"{base_url}/get-flag")
print(r.text)
# run: ckc exploit run -e exploit -n serviceArchitecture
Simple by design.
Python Exploit
You write this
Go Server
CookieFarm runs this
Scoreboard
Flags land here