{"id":22002982,"url":"https://github.com/rssnyder/sandbox","last_synced_at":"2026-04-22T16:33:38.702Z","repository":{"id":108372461,"uuid":"380816581","full_name":"rssnyder/sandbox","owner":"rssnyder","description":null,"archived":false,"fork":false,"pushed_at":"2021-06-27T18:56:53.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-07T15:45:28.802Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rssnyder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-27T18:56:52.000Z","updated_at":"2021-06-27T18:56:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"3c258bad-a430-4fe8-82d5-c4aa2cf07588","html_url":"https://github.com/rssnyder/sandbox","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":"jstrieb/ctf-collab","purl":"pkg:github/rssnyder/sandbox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rssnyder%2Fsandbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rssnyder%2Fsandbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rssnyder%2Fsandbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rssnyder%2Fsandbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rssnyder","download_url":"https://codeload.github.com/rssnyder/sandbox/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rssnyder%2Fsandbox/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32145715,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-22T15:33:03.595Z","status":"ssl_error","status_checked_at":"2026-04-22T15:30:42.712Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-29T23:42:13.518Z","updated_at":"2026-04-22T16:33:33.694Z","avatar_url":"https://github.com/rssnyder.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Introduction\n\nCreate an ephemeral, collaborative programming environment inside GitHub\nActions; conveniently save data with git. Particularly useful for solving\nCapture The Flag\n([CTF](https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security))\nproblems.\n\nLess technically: this is kind of like Google Docs for working on hacking\ncompetitions collaboratively.\n\n# Quick start\n\n[Create a repo from the\ntemplate](https://github.com/jstrieb/ctf-collab-template/generate). Do the rest\nof the steps from within your copy of the repository. The link to create a copy\nof the repository will only work for users logged into GitHub.\n\nIn all cases, the username is `runner` and the password is `ctf`.\n\n## Connect With Tor\n\nConnecting over Tor is the most secure way to use the server, and doesn't\nrequire signing up for any service. It does, however, require downloading the\nTor Browser Bundle. It also runs with noticeably higher latency than using the\nalternative, non-Tor connection method.\n\n0. [Create a repo from the\n   template](https://github.com/jstrieb/ctf-collab-template/generate). Many of\n   the following links will only work from within your copy of the repository.\n   Creating a copy only works for users logged into GitHub.\n1. Download and run the [Tor Browser\n   Bundle](https://www.torproject.org/download/).\n2. Navigate to the [\"Run Collaborative CTF Environment\"\n   workflow](../../actions?query=workflow%3A\"Run+Collaborative+CTF+Environment\").\n3. Start the server using the button in the top right (\"Run workflow\").\n4. View the output; wait for it to print the connection information.\n5. SSH in or connect from the Web using the connection information printed\n   during the Action run. Note: whether connection to the `.onion` address\n   using the browser or SSH, Tor Browser must be running.\n6. Tor browser has a default setting that causes text to be illegible in `ttyd`\n   and/or its dependency `xterm.js`. To fix this, go to `about:config` in the\n   address bar, and set `privacy.resistFingerprinting` to `false`.\n\n## Connect With ngrok (Without Tor)\n\nConnecting over ngrok instead of Tor is a less secure, but lower-latency way to\nconnect to the server running on GitHub Actions. This method of connecting\ndoesn't require downloading Tor, but it does require signing up for ngrok.\n\n0. [Create a repo from the\n   template](https://github.com/jstrieb/ctf-collab-template/generate). Many of\n   the following links will only work from within your copy of the repository.\n   Creating a copy only works for users logged into GitHub.\n1. [Sign up for ngrok](https://dashboard.ngrok.com/get-started/setup).\n2. [Copy your ngrok\n   Authtoken](https://dashboard.ngrok.com/auth/your-authtoken).\n3. Navigate to the [\"Run Collaborative CTF Environment\"\n   workflow](../../actions?query=workflow%3A\"Run+Collaborative+CTF+Environment\").\n4. Paste in your ngrok Authtoken when you start the server using the button in\n   the top right (\"Run workflow\").\n   - To avoid pasting the Authtoken every time, paste it into a secret called\n     `NGROK_TOKEN` under the [Secrets](../../settings/secrets/actions) settings\n     area. It will be saved here and used automatically.\n5. View the output; wait for it to print the connection information.\n6. SSH in or connect from the Web using the connection information printed\n   during the Action run.\n\n## Once Connected\n\n- By default, the collaborative environment uses `tmux` with \u003ckbd\u003eCtrl\u003c/kbd\u003e +\n  \u003ckbd\u003eA\u003c/kbd\u003e as the \"prefix,\" and a few other custom keys that can be viewed\n  in [.tmux.conf](dotfiles/.tmux.conf)\n  - Read a [good introduction to\n    `tmux`](https://www.hamvocke.com/blog/a-quick-and-easy-guide-to-tmux/)\n  - Press \u003ckbd\u003eCtrl\u003c/kbd\u003e + \u003ckbd\u003eA\u003c/kbd\u003e and then \u003ckbd\u003ec\u003c/kbd\u003e to open a new\n    window\n  - Press \u003ckbd\u003eCtrl\u003c/kbd\u003e + \u003ckbd\u003eA\u003c/kbd\u003e and then \u003ckbd\u003en\u003c/kbd\u003e to go to the\n    next window and \u003ckbd\u003eCtrl\u003c/kbd\u003e + \u003ckbd\u003eA\u003c/kbd\u003e and then \u003ckbd\u003ep\u003c/kbd\u003e to go\n    to the previous window\n  - Press \u003ckbd\u003eCtrl\u003c/kbd\u003e + \u003ckbd\u003eA\u003c/kbd\u003e and then \u003ckbd\u003e|\u003c/kbd\u003e to split the\n    current pane vertically (this is a vertical bar \"|\" – not the letter \"L\" or\n    \"i\")\n  - Press \u003ckbd\u003eCtrl\u003c/kbd\u003e + \u003ckbd\u003eA\u003c/kbd\u003e and then \u003ckbd\u003eS\u003c/kbd\u003e to split the\n    current pane horizontally (this is a *capitalized* \"S\" – `tmux` cares about\n    capitalization)\n  - Press \u003ckbd\u003eCtrl\u003c/kbd\u003e + \u003ckbd\u003eA\u003c/kbd\u003e and then one of the arrow keys to move\n    to the pane in that direction\n- By default, `tmux` adjusts the size of a window to accommodate the smallest\n  viewer\n  - Every window is the same size for all viewers, at all times\n  - To make the window adjust to the largest client instead of the smallest,\n    press \u003ckbd\u003eCtrl\u003c/kbd\u003e + \u003ckbd\u003eA\u003c/kbd\u003e and then \u003ckbd\u003eG\u003c/kbd\u003e (must be capital\n    \"G\")\n  - Be careful! This will mean that some of the window is difficult or\n    impossible to see for the viewer with the smaller client\n- Use the `quit` command to terminate the server for all connected users\n  - Alternatively, the workflow can be canceled from within the GitHub web\n    interface\n- Create folders in the repo (`~/ctf`) for each CTF to stay organized\n  - Save any changes by committing using `git` within the `~/ctf` folder\n  - The default identity associated with commits is anonymous\n- Theoretically, unlimited users can connect at once via Tor, and up to 40 can\n  connect using ngrok for free\n  - Practically, the real upper-limit is probably far lower\n  - Every new user connects using the same link/connection information\n  - Additional users do not need GitHub accounts to connect or commit to the\n    repository from within the environment\n  - Each user can create their own windows independently, or switch to windows\n    created by other users\n  - All connected users have passwordless `sudo` capabilities\n- If you regularly install packages, add them to the [GitHub Actions\n  workflow](./.github/workflows/run-server.yml#L35) so they are installed every\n  time the environment starts up\n  - The default packages that are installed in the environment can be viewed\n    [here](./.github/workflows/run-server.yml#L35)\n\n\u003cdetails\u003e\n\n\u003csummary\u003e\u003cb\u003eGraphical Server\u003c/b\u003e\u003c/summary\u003e\n\n**Don't use the graphical workflow unless absolutely necessary!**\n\n0. [Create a repo from the\n   template](https://github.com/jstrieb/ctf-collab-template/generate). Many of\n   the following links will only work from within your copy of the repository.\n   Creating a copy only works for users logged into GitHub.\n1. [Sign up for ngrok](https://dashboard.ngrok.com/get-started/setup).\n2. [Copy your ngrok\n   Authtoken](https://dashboard.ngrok.com/auth/your-authtoken).\n3. Navigate to the [\"Run Graphical RDP CTF Environment (Ubuntu GNOME)\"\n   workflow](../../actions?query=workflow%3A\"Run+Graphical+RDP+CTF+Environment+(Ubuntu+GNOME)\").\n4. Paste in your ngrok Authtoken when you start the server using the button in\n   the top right (\"Run workflow\").\n   - To avoid pasting the Authtoken every time, paste it into a secret called\n     `NGROK_TOKEN` under the [Secrets](../../settings/secrets/actions) settings\n     area. It will be saved here and used automatically.\n5. View the output; wait for it to print the connection information.\n6. Connect to the HTTP link in your browser or paste the connection link into\n   your [remote desktop (RDP)\n   client](https://en.wikipedia.org/wiki/Remote_Desktop_Protocol).\n   - On Windows, press the start button and search for \"Remote Desktop\n     Connection\" – the client should be installed by default.\n   - On Linux [Remmina](https://remmina.org/how-to-install-remmina/) is a\n     well-regarded RDP client.\n\n\u003c/details\u003e\n\n# Who This Project is For\n\nThis project is for those with limited access to compute resources – students\nin particular. By making it possible to connect from the web and over Tor, the\nproject is designed to be accessible to those who are behind a firewall and/or\nare unable to install software on the computer they are using. For example,\nsomeone who wants to participate in a CTF competition, but is using\nshared computers in a library or a school computer lab.\n\n## Be a Good Citizen\n\nThis project uses generously-offered, free resources in a way that was likely\nnot intended by GitHub. Please do not abuse them.\n\nI claim no responsibility for how you use this project. Based on my reading of\nGitHub's:\n\n- [Terms of\n  Service](https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-terms-of-service#the-github-terms-of-service)\n- [Acceptable Use\n  Policy](https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-acceptable-use-policies)\n- and [Actions Usage\n  Policy](https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-additional-product-terms)\n\nI have concluded that using this Actions workflow to do productive work,\nparticularly if you don't have the ability to run a Linux computer of your own,\nis probably permissible if done in good faith, and with an effort made to\nreduce excessive resource consumption. For example, don't use the graphical\nworkflows unless absolutely necessary, because they are considerably more\nresource intensive to set up and run, and don't leave the workflows running\nwhen not using them.\n\nThat being said, I may be reading the policies wrong, and GitHub has the right\nto change them at any time. In particular, if this use of GitHub Actions is\nabused, it is likely that future ability to do things like this will be limited\nby GitHub. **If you like it, don't ruin it for others.**\n\nNote: typical users get [3,000 minutes of private Actions\ntime](https://docs.github.com/en/free-pro-team@latest/actions/reference/usage-limits-billing-and-administration#usage-limits)\nper month per user. This project can quickly run up that time if you are not\ncareful. Check your own usage [here](https://github.com/settings/billing) to\nsee how close to the limit you are. Also note that actions stop automatically\nafter 6 hours.\n\n# Known Issues\n\n- **Problem:** Tor browser loads the hidden service indefinitely, never\n  connecting\n\n  **Solution:** Restart Tor browser\n- **Problem:** The web interface text is illegible when using Tor browser or\n  Firefox\n\n  **Solution:** Disable the `privacy.resistFingerprinting` setting in\n  `about:config`\n- **Problem:** The \"Display connection info and sleep\" workflow step fails when\n  trying to display ngrok connection information\n\n  **Solution:** The ngrok authtoken supplied either as input to the workflow,\n  or as a repository secret is invalid or corrupted\n- **Problem:** Connecting to the server using SSH over Tor fails\n\n  **Solution:** Make sure Tor browser is running while the command is run. If\n  it is still not working, try the command on port `9050` instead of `9150`\n- **Problem:** Tor fails to bind to the port when running the workflow\n\n  **Solution:** Run the action again. If it continues to fail, [open an\n  issue](https://github.com/jstrieb/ctf-collab-template/issues/new)\n- **Problem:** The web interface does not work with tor2web sites like\n  [tor2web.io](https://tor2web.io) or [onion.sh](https://onion.sh)\n\n  **Solution:** Use Tor browser and do not use tor2web sites\n\n# How to Read This Code\n\n- The vast majority of the code is contained in a single, [primary GitHub\n  Actions workflow](./.github/workflows/run-server.yml), which sets up the\n  environment and displays connection details to the user. This file is fairly\n  well-commented, and most design decisions should have included justification.\n  For readability, I have\n  tried to use long command-line options where possible. There may be more\n  information in the commit history, for example [this\n  commit](https://github.com/jstrieb/ctf-collab-template/commit/47148f0ecc78c755cd69e5f09d76a4fc94530df9)\n  justifies switching from [tmate.io](https://tmate.io) to ngrok and Tor.\n- The [`dotfiles`](./dotfiles) directory contains configuration files for many\n  programs running in the collaborative environment.\n  - [`install.sh`](./dotfiles/install.sh) copies dotfiles to the proper\n    locations\n  - [`.tmux.conf`](./dotfiles/.tmux.conf) contains custom shortcuts for `tmux`\n  - [`.bashrc`](./dotfiles/.bashrc) is pretty minimal, but contains a few\n    useful command aliases\n  - [`ttyd_run.sh`](./dotfiles/ttyd_run.sh) is run every time a new user\n    connects via SSH or the Web interface and is responsible for opening a new\n    `tmux` session that uses one common set of windows for all clients\n\n# Acknowledgments\n\nThanks to my good friend Logan Snow ([@lsnow99](https://github.com/lsnow99))\nfor testing, fixing bugs, and other contributions!\n\nThis project makes use of several great software packages that have made their\nservices available for free:\n\n- [Tor](https://www.torproject.org/)\n- [ngrok](https://ngrok.com)\n- [ttyd](https://github.com/tsl0922/ttyd)\n- [tmux](https://en.wikipedia.org/wiki/Tmux)\n- [GitHub Actions](https://github.com/features/actions)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frssnyder%2Fsandbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frssnyder%2Fsandbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frssnyder%2Fsandbox/lists"}