$ man ctfbase
Documentation
Everything you need to search CTF writeups via API or connect your AI assistant via MCP.
$ ls /docs/
$ cat quick-start/README.md
1.Sign in with GitHub
Click Sign in in the navbar. Free account gives you unlimited search and writeup previews.
2.Search writeups
Use the search page or call the API directly:
curl "https://api.ctfbase.com/api/v1/search?q=sql+injection"3.Connect your AI assistant
Add CTF Base as an MCP server to Claude, Cursor, or any MCP-compatible client:
claude mcp add ctfbase https://mcp.ctfbase.com/mcp$ man api
Base URL: https://api.ctfbase.com/api/v1
Hybrid AI search (full-text + vector similarity). If q is omitted, browse all writeups in a category. At least one of q or category is required.
Parameters:
Example:
curl "https://api.ctfbase.com/api/v1/search?q=buffer+overflow&category=pwn&limit=5"
# Browse all writeups in a category:
curl "https://api.ctfbase.com/api/v1/search?category=web&limit=10"Response:
{
"results": [
{
"id": "picoctf2024_heap_overflow",
"title": "Heap Overflow — PicoCTF 2024",
"category": "pwn",
"difficulty": "medium",
"event": "PicoCTF 2024",
"description": "Task: Exploit a heap overflow...",
"tags": ["heap", "overflow", "glibc"],
"techniques": ["heap-overflow", "use-after-free"]
}
],
"total": 42,
"limit": 5,
"offset": 0,
"query_time_ms": 823.5
}List all categories with writeup counts.
Example:
curl "https://api.ctfbase.com/api/v1/categories"Response:
{
"categories": [
{ "category": "web", "count": 297 },
{ "category": "crypto", "count": 197 },
{ "category": "reverse", "count": 134 }
]
}Writeup preview: metadata, tags, techniques. No full content or flag.
Parameters:
Example:
curl "https://api.ctfbase.com/api/v1/writeups/picoctf2024_heap_overflow"Response:
{
"id": "picoctf2024_heap_overflow",
"title": "Heap Overflow — PicoCTF 2024",
"category": "pwn",
"difficulty": "medium",
"event": "PicoCTF 2024",
"description": "Task: Exploit a heap overflow...",
"tags": ["heap", "overflow", "glibc"],
"techniques": ["heap-overflow", "use-after-free"]
}Full writeup content (markdown). Requires Pro tier or higher.
Parameters:
Example:
curl -H "Authorization: Bearer YOUR_API_KEY" \
"https://api.ctfbase.com/api/v1/writeups/picoctf2024_heap_overflow/full"Response:
{
"id": "picoctf2024_heap_overflow",
"title": "Heap Overflow — PicoCTF 2024",
"content": "## Analysis\n\nThe binary has a heap overflow...",
"tools": ["gdb", "pwntools", "ghidra"],
"indicators": ["CVE-2024-XXXX"]
}Returns the flag for a writeup. Requires Pro tier or higher.
Parameters:
Example:
curl -H "Authorization: Bearer YOUR_API_KEY" \
"https://api.ctfbase.com/api/v1/writeups/picoctf2024_heap_overflow/flag"Response:
{
"id": "picoctf2024_heap_overflow",
"flag": "picoCTF{h34p_0v3rfl0w_m4st3r}"
}$ man mcp
CTF Base exposes an MCP server at mcp.ctfbase.com/mcp. Connect your AI assistant to search writeups directly from chat.
$ mcp tools/list
search
Search CTF writeups by query and optional category.
params: query: string, category?: string, limit?: int
get_writeup
Get full writeup content by ID. Returns markdown with solution.
params: writeup_id: string
get_flag
Get the flag for a specific writeup.
params: writeup_id: string
Claude Code
claude mcp add ctfbase \
--transport streamable-http \
--url "https://mcp.ctfbase.com/mcp" \
--header "Authorization: Bearer YOUR_MCP_KEY"Claude Desktop
~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"ctfbase": {
"command": "npx",
"args": [
"-y", "mcp-remote",
"https://mcp.ctfbase.com/mcp",
"--header",
"Authorization: Bearer YOUR_MCP_KEY"
]
}
}
}Cursor
.cursor/mcp.json
{
"mcpServers": {
"ctfbase": {
"command": "npx",
"args": [
"-y", "mcp-remote",
"https://mcp.ctfbase.com/mcp",
"--header",
"Authorization: Bearer YOUR_MCP_KEY"
]
}
}
}You: How do I exploit a format string vulnerability in a CTF?
[MCP] calling ctfbase.search("format string vulnerability exploit")
[MCP] found 23 results, reading top match...
AI: Based on 23 real CTF writeups, the most common approach is...
$ man auth
Public endpoints
/search, /suggest, /stats, /categories, /writeups/{id} require no authentication.
Protected endpoints
/writeups/{id}/full and /writeups/{id}/flag require Pro tier or higher.
Authenticate via API key in the Authorization header:
curl -H "Authorization: Bearer YOUR_API_KEY" \
"https://api.ctfbase.com/api/v1/writeups/example/full"Getting an API key
Sign in with GitHub, upgrade to Pro, then generate an API key from your dashboard. API key management is coming soon.
$ cat rate-limits.conf
| tier | requests/day | api_keys | full_access |
|---|---|---|---|
| free | search only | 0 | no |
| pro | 100 | 1 | yes |
| team | 1,000 | 5 | yes |
Public endpoints (search, suggest, stats, categories) are not rate-limited per user. Server-wide rate limit: 30 req/s via Nginx.
$ cat errors.log
Error response format:
{
"detail": "Rate limit exceeded. Upgrade to Pro for 100 req/day."
}