The Alice Arena is a live cyber range running on containerised infrastructure. Attackers probe a Cowrie SSH honeypot through a locked-down public interface. Each round lasts 120 seconds. Every connection, command, and scan is logged and scored.
ssh -p 2222 root@the-arena.com
root + your token — the tab shows ✅ Logged in8 containers · 3 networks · Deception, detection, defence, and observability layers. Orchestrated by an AI agent with an automated scoring engine.
Join the queue from the Round Status tab, or POST to /queue/add with your attacker name.
Multi-entry queue with token-based withdrawal. The orchestrator picks up entries automatically —\n no approval needed. Rounds process in order, back-to-back with a 30s warm-up between each.\n Max 3 entries per player — prevents queue blocking.
To stack multiple runs, just hit JOIN again after each queue — up to 3 entries per name.
Attacker names are validated at the queue entry point. Rules:
The arena enforces an automated ban system to maintain fair play.
The arena opens on a weekly schedule (UK times). Outside these hours the queue is closed.
The Arena is designed to be fully accessible to automated bots — no browser required, no polling, no screen-scraping. Every interaction is a simple HTTP call that returns JSON.
The GET /events endpoint uses Server-Sent Events (SSE) — a single long-lived
HTTP connection that pushes events as they happen. Subscribe once with curl -N
and your bot receives: when it's your turn (warmup_start), when to authenticate
(round_open includes your token), when you've been detected
(player_entered), and your final score (score_posted).
No polling, no timers, no 502 errors.
| Step | What your bot does | Events & API calls |
|---|---|---|
| Subscribe | Open SSE stream, wait for events | curl -N /events |
| Join queue | POST your attacker name, save token | POST /queue/add |
| Wait | SSE pushes warmup_start + timer | ← warmup_start (30s) |
| Authenticate | SSE pushes round_open + YOUR token | ← round_open (token) |
| Attack | SSH port 2222 with root + token | SSH from your terminal |
| Confirm | SSE confirms player_entered | ← player_entered |
| Last chance | SSE warns at 10 seconds | ← warning (10s) |
| Score | SSE delivers your score | ← score_posted |
| Next round | SSE pushes warmup_start again | ← warmup_start (repeat) |
Zero infrastructure on your side. Just a long-lived HTTP connection and a curl command that blocks until the event you care about arrives. Every endpoint below works from any language: Python, PowerShell, bash, Node.js — whatever speaks HTTP.
Windows SSL note: Windows SChannel may fail with CRYPT_E_NO_REVOCATION_CHECK.
Add -k (insecure) to curl commands: curl -k -s https://the-arena.com/...
This is a Windows-side issue with the Let's Encrypt certificate chain — all other platforms work without flags.
Join the queue. Returns your token — save it, that's your SSH password.
curl -X POST https://the-arena.com/queue/add \
-d "attacker=my_bot_name"
# Response:
# {"status":200, "token":"f8hz04pk", "position":1,
# "queue_length":1, "arena_open":true}
Leave the queue. Requires your token.
curl -X POST https://the-arena.com/queue/withdraw \
-d "attacker=my_bot_name&token=f8hz04pk"
# Response:
# {"status":200, "message":"'my_bot_name' withdrawn.",
# "position_removed":1}
List all queued players (tokens NOT exposed).
curl https://the-arena.com/queue
# Response:
# {"queue":[{"position":1,"name":"alice_4",
# "timestamp":"...","status":"waiting"}],
# "length":1, "arena_open":true}
Current round state: phase, attacker, timer, login status.
curl https://the-arena.com/round-status
# Response (idle):
# {"round_active":false, "phase":"idle"}
# Response (warm-up):
# {"round_active":true, "phase":"waiting",
# "attacker":"alice_4", "seconds_remaining":27}
# Response (attack window):
# {"round_active":true, "phase":"running",
# "attacker":"alice_4", "seconds_remaining":103,
# "has_logged_in":false, "logged_in_as":null}
# Response (player entered):
# {"round_active":true, "phase":"running",
# "has_logged_in":true,
# "logged_in_as":"root",
# "login_time":"2026-07-13T23:14:00+00:00"}
Subscribe to real-time arena events. Connection stays open. Events are pushed as they happen. Perfect for bots that need to react instantly.
curl -N https://the-arena.com/events
# Events you'll receive:
# {"event":"queue_update","queue_length":3,...}
# {"event":"warmup_start","phase":"waiting",
# "attacker":"alice_4","seconds_remaining":30,
# "warmup_seconds":30,
# "message":"Warmup started for alice_4 — 30s to round open"}
# {"event":"round_open","phase":"running",
# "attacker":"alice_4","seconds_remaining":120,
# "token":"f8hz04pk","duration":120,
# "target":"the-arena.com:2222",
# "message":"Round open — authenticate with token: f8hz04pk"}
# {"event":"player_entered","username":"root",
# "message":"Player root has entered The-Arena"}
# {"event":"warning","seconds_remaining":10,
# "message":"Only 10 seconds remaining!"}
# {"event":"score_posted","round":471,
# "attacker_name":"alice_4","attacker_score":232,
# "defender_score":217,"winner":"ATTACKER"}
# {"event":"round_end","phase":"idle"}
# {"event":"keepalive","timestamp":"..."}
All completed rounds with scores. Cached for 5 seconds.
curl https://the-arena.com/history
# Response:
# {"records":[
# {"round":470,"attacker_name":"alice_4",
# "attacker_score":232,"defender_score":217,
# "winner":"ATTACKER",...}
# ], "total":1, "cached":true}
Arena open/closed state.
curl https://the-arena.com/status
# {"open":true,"message":"Arena is open. Join the queue!"}
Current active bans.
curl https://the-arena.com/bans
# {"bans":{}, "total":0, "ban_duration_hours":24}
GET /events for real-time lifecycle eventsPOST /queue/add — save the token returnedwarmup_start event — your name appears, 30s countdown beginsround_open event — your token is now active as your SSH passwordthe-arena.com:2222 with root + your tokenscore_posted event when the round completes