Skip to content

PoCInnovation/Nexus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.github
.github
 
 
Docker
Docker
 
 
levels
levels
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

NEXUS

NEXUS is a portable and immersive CTF system where you face off against a conversational AI embodying a "final boss". Solve cybersecurity challenges while NEXUS reacts to your every move in real time.

How does it work?

NEXUS merges a classic technical CTF with an interactive narrative driven by an adaptive AI.

In practice:

  • You identify yourself via an NFC badge (Mifare Classic 1K)
  • NEXUS challenges you through multiple Dockerized challenges (web, crypto, reverse, pwn, steganography, prompt injection, lockpicking…)
  • Every action that impacts the system triggers a reaction from NEXUS: tone shift, ASCII art change, difficulty adjustment
  • A real-time scoreboard tracks your progress and ranks you against other players

The AI adapts across 3 difficulty levels and will never give you hints, it's here to defeat you.

Getting Started

Prerequisites

  • Raspberry Pi 5 (8 GB RAM)
  • Touchscreen connected via micro-HDMI
  • NFC reader + Mifare Classic 1K badges
  • Docker & Docker Compose installed on the Pi

Quickstart

Start each challenge level individually using Docker Compose:

# Level 1 — Web panel (port 5000)
docker compose -f levels/level1/docker-compose.yml up -d

# Level 2 — SSH escalation (port 2222) + SQL injection panel (port 5001)
docker compose -f levels/level2/docker-compose.yml up -d

# Level 3 — NEXUS CIPHER multi-vulnerability chain (port 5002)
docker compose -f levels/level3/docker-compose.yml up -d

Usage

Challenge structure

levels/
├── level1/          ← Web panel — XSS & SQLi (port 5000)
│   ├── Dockerfile
│   ├── docker-compose.yml
│   └── app/
├── level2/
│   ├── ssh/         ← SSH + privilege escalation (port 2222)
│   └── sqli/        ← SQL injection vault (port 5001)
└── level3/          ← NEXUS CIPHER — Path Traversal, JWT Forgery, Blind SQLi & SSTI chain (port 5002)
    ├── Dockerfile
    ├── docker-compose.yml
    └── app/

Each level directory contains a writeup (.md) describing the vulnerability chain and solution.

Get involved

You're invited to join this project! Check out the contributing guide.

If you're interested in how the project is organized at a higher level, please contact the current project manager.

Our PoC team ❤️

Developers


Aurélien Schirmann
[Developer's name]

Manager


Timothée Pasteau-Berthaud

Organization

LinkedIn logo Instagram logo Twitter logo Discord logo

Website logo

🚀 Don't hesitate to follow us on our different networks, and put a star 🌟 on PoC's repositories

Made with ❤️ by PoC

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

Generated from PoCInnovation/open-source-project-template