dargslan-security-quiz 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Dargslan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,51 @@
+# 🔒 Dargslan Cybersecurity Quiz
+
+[![npm](https://img.shields.io/npm/v/dargslan-security-quiz)](https://www.npmjs.com/package/dargslan-security-quiz)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)
+
+**Interactive Cybersecurity quiz right in your terminal.** Test your knowledge of penetration testing, forensics, cryptography, web security, incident response, and compliance.
+
+## Quick Start
+
+```bash
+npx dargslan-security-quiz
+```
+
+## Features
+
+- 🎯 **32+ expert questions** across 6 categories
+- 🌐 **Network Security** — firewalls, IDS/IPS, DDoS, Zero Trust
+- 🔐 **Cryptography** — symmetric/asymmetric, hashing, PFS, certificates
+- 🎯 **Penetration Testing** — Nmap, Metasploit, privilege escalation, reverse shells
+- 🚨 **Incident Response** — NIST framework, forensics, IoCs
+- 🕸️ **Web Security** — SQLi, XSS, CSRF, OWASP Top 10, WAF
+- 📜 **Compliance** — GDPR, SOC 2, CIA triad, least privilege, risk assessment
+- 🏆 **4 game modes** — Quick, Full, By Category, Speed Round
+- 💡 Detailed explanations after each answer
+- 📖 Personalized book recommendations
+- 🚀 Zero dependencies
+
+## Who Is This For?
+
+- 🎓 **OSCP/CEH/CompTIA Security+** certification candidates
+- 💼 **Security analyst** interview prep
+- 🔍 **Penetration testers** staying sharp
+- 📚 **Students** learning cybersecurity
+
+## More Tools
+
+- 🐧 `npx dargslan-linux-quiz` — General Linux
+- ⚙️ `npx dargslan-sysadmin-quiz` — System Administration
+- 🐳 `npx dargslan-devops-quiz` — DevOps & Cloud
+- 📖 `npx linux-cheatsheet-cli` — Command Reference
+- 🛡️ `npx server-hardening-checklist` — Security Audit
+
+## Learn More
+
+- 📚 [210+ IT eBooks](https://dargslan.com/books)
+- 📄 [260+ Cheat Sheets](https://dargslan.com/cheat-sheets)
+- 📝 [IT Blog](https://dargslan.com/blog)
+
+## License
+
+MIT — [dargslan.com](https://dargslan.com)

package/index.js

@@ -0,0 +1,127 @@
+#!/usr/bin/env node
+
+const readline = require('readline');
+
+const c = {
+  reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
+  red: '\x1b[31m', green: '\x1b[32m', yellow: '\x1b[33m',
+  blue: '\x1b[34m', magenta: '\x1b[35m', cyan: '\x1b[36m', white: '\x1b[37m',
+  bgGreen: '\x1b[42m', bgRed: '\x1b[41m',
+};
+
+const CATEGORIES = [
+  { name: 'Network Security', icon: '🌐' },
+  { name: 'Cryptography', icon: '🔐' },
+  { name: 'Penetration Testing', icon: '🎯' },
+  { name: 'Incident Response', icon: '🚨' },
+  { name: 'Web Security', icon: '🕸️' },
+  { name: 'Compliance & Governance', icon: '📜' },
+];
+
+const QUESTIONS = [
+  { category: 0, difficulty: 1, question: 'What does a firewall do?', options: ['Speeds up internet', 'Filters network traffic based on rules', 'Encrypts data', 'Manages users'], answer: 1, explanation: 'Firewalls control traffic flow by allowing or blocking packets based on IP, port, and protocol rules.' },
+  { category: 0, difficulty: 1, question: 'What is a VPN?', options: ['A virus scanner', 'An encrypted tunnel for secure communication over public networks', 'A firewall type', 'A DNS server'], answer: 1, explanation: 'VPNs encrypt traffic between endpoints, protecting data in transit and masking the user\'s IP address.' },
+  { category: 0, difficulty: 2, question: 'What is a DDoS attack?', options: ['Data theft', 'Overwhelming a target with traffic from many sources', 'Password cracking', 'SQL injection'], answer: 1, explanation: 'Distributed Denial-of-Service attacks use botnets to flood targets with traffic, making services unavailable.' },
+  { category: 0, difficulty: 2, question: 'What does an IDS do?', options: ['Blocks attacks', 'Detects and alerts on suspicious network activity', 'Encrypts traffic', 'Manages certificates'], answer: 1, explanation: 'Intrusion Detection Systems (IDS) monitor and alert. IPS (Prevention Systems) can also block threats automatically.' },
+  { category: 0, difficulty: 3, question: 'What is network segmentation?', options: ['Splitting cables', 'Dividing a network into isolated zones to limit lateral movement', 'Load balancing', 'DNS partitioning'], answer: 1, explanation: 'Segmentation limits blast radius — if one zone is compromised, attackers cannot easily reach other segments.' },
+  { category: 0, difficulty: 3, question: 'What is Zero Trust Architecture?', options: ['No security needed', 'Never trust, always verify — authenticate every request regardless of location', 'Zero-cost security', 'No firewall needed'], answer: 1, explanation: 'Zero Trust assumes no implicit trust. Every access request is verified with identity, device, and context checks.' },
+  { category: 1, difficulty: 1, question: 'What is encryption?', options: ['Data compression', 'Converting data to an unreadable format using a key', 'Data deletion', 'File copying'], answer: 1, explanation: 'Encryption protects data confidentiality. Symmetric (AES) uses one key; asymmetric (RSA) uses key pairs.' },
+  { category: 1, difficulty: 2, question: 'What is the difference between symmetric and asymmetric encryption?', options: ['No difference', 'Symmetric uses one shared key; asymmetric uses a public/private key pair', 'Asymmetric is weaker', 'Symmetric is newer'], answer: 1, explanation: 'Symmetric (AES) is faster for bulk data. Asymmetric (RSA/ECC) is used for key exchange and digital signatures.' },
+  { category: 1, difficulty: 2, question: 'What is a hash function?', options: ['An encryption method', 'A one-way function producing a fixed-size digest from any input', 'A key generator', 'A compression algorithm'], answer: 1, explanation: 'Hashes (SHA-256, bcrypt) are irreversible. Used for password storage, integrity verification, and digital signatures.' },
+  { category: 1, difficulty: 3, question: 'What is a digital certificate?', options: ['A PDF document', 'A cryptographic file binding a public key to an identity, signed by a CA', 'An email attachment', 'A license key'], answer: 1, explanation: 'X.509 certificates enable TLS/SSL. Certificate Authorities (CAs) verify identity and sign certificates.' },
+  { category: 1, difficulty: 3, question: 'What is Perfect Forward Secrecy (PFS)?', options: ['Unlimited encryption', 'Ensuring session keys cannot be compromised even if long-term keys are exposed', 'Faster encryption', 'No key needed'], answer: 1, explanation: 'PFS uses ephemeral Diffie-Hellman keys per session. Past communications stay safe even if the server key is compromised.' },
+  { category: 2, difficulty: 1, question: 'What is penetration testing?', options: ['Stress testing servers', 'Authorized simulated attacks to find security vulnerabilities', 'Network monitoring', 'Code review'], answer: 1, explanation: 'Pentesters simulate real-world attacks with authorization to identify and report vulnerabilities before malicious actors.' },
+  { category: 2, difficulty: 2, question: 'What is Nmap used for?', options: ['File transfer', 'Network discovery and port scanning', 'Password cracking', 'Web scraping'], answer: 1, explanation: '`nmap` discovers hosts, open ports, services, and OS versions. Essential reconnaissance tool for pentesters.' },
+  { category: 2, difficulty: 2, question: 'What is Metasploit?', options: ['A firewall', 'A penetration testing framework for developing and executing exploits', 'An antivirus', 'A VPN'], answer: 1, explanation: 'Metasploit provides tools for vulnerability scanning, exploit development, and post-exploitation in authorized tests.' },
+  { category: 2, difficulty: 3, question: 'What is privilege escalation?', options: ['Getting admin access legitimately', 'Exploiting flaws to gain higher-level permissions than initially granted', 'User registration', 'Access control'], answer: 1, explanation: 'Privilege escalation (vertical: user→root, horizontal: user→another user) is a key post-exploitation technique.' },
+  { category: 2, difficulty: 3, question: 'What is a reverse shell?', options: ['A bash alias', 'A connection where the target machine connects back to the attacker', 'A protected shell', 'An SSH tunnel'], answer: 1, explanation: 'Reverse shells bypass firewalls by having the victim initiate an outbound connection to the attacker\'s listener.' },
+  { category: 2, difficulty: 2, question: 'What are the phases of a penetration test?', options: ['Plan, Code, Deploy', 'Reconnaissance, Scanning, Exploitation, Post-exploitation, Reporting', 'Design, Build, Test', 'Install, Configure, Monitor'], answer: 1, explanation: 'The 5 phases ensure systematic testing: recon gathers info, scanning finds vulns, exploitation proves them, reporting documents all.' },
+  { category: 3, difficulty: 1, question: 'What is an incident in cybersecurity?', options: ['A bug report', 'A security event that compromises confidentiality, integrity, or availability', 'A system update', 'A user complaint'], answer: 1, explanation: 'Incidents range from malware infections to data breaches. Every organization needs an incident response plan.' },
+  { category: 3, difficulty: 2, question: 'What are the phases of incident response?', options: ['Detect, Fix, Forget', 'Preparation, Detection, Containment, Eradication, Recovery, Lessons Learned', 'Alert, Block, Report', 'Scan, Patch, Monitor'], answer: 1, explanation: 'The NIST 6-phase framework ensures structured, repeatable incident handling with continuous improvement.' },
+  { category: 3, difficulty: 2, question: 'What is the first priority when a breach is detected?', options: ['Delete all logs', 'Contain the threat to prevent further damage', 'Notify the press', 'Shut down everything'], answer: 1, explanation: 'Containment limits damage — isolate affected systems, block attacker IPs, revoke compromised credentials.' },
+  { category: 3, difficulty: 3, question: 'What is digital forensics?', options: ['Deleting evidence', 'Collecting, preserving, and analyzing digital evidence from incidents', 'Hacking back', 'Data recovery'], answer: 1, explanation: 'Forensics follows chain of custody, creates forensic images, and analyzes artifacts without modifying original evidence.' },
+  { category: 3, difficulty: 3, question: 'What are Indicators of Compromise (IoCs)?', options: ['Performance metrics', 'Artifacts that indicate a system has been breached (IPs, hashes, domains)', 'Audit logs', 'User reports'], answer: 1, explanation: 'IoCs include malicious IPs, file hashes, registry changes, unusual network patterns. Shared via STIX/TAXII standards.' },
+  { category: 4, difficulty: 1, question: 'What is SQL injection?', options: ['Database backup', 'Inserting malicious SQL code through user input to manipulate databases', 'A query optimizer', 'Database migration'], answer: 1, explanation: 'SQLi exploits unsanitized input. Prevent with parameterized queries, prepared statements, and input validation.' },
+  { category: 4, difficulty: 2, question: 'What is Cross-Site Scripting (XSS)?', options: ['Server-side scripting', 'Injecting malicious scripts into web pages viewed by other users', 'CSS styling', 'API testing'], answer: 1, explanation: 'XSS allows attackers to execute JavaScript in victims\' browsers. Prevent with output encoding and CSP headers.' },
+  { category: 4, difficulty: 2, question: 'What is CSRF (Cross-Site Request Forgery)?', options: ['Code signing', 'Tricking authenticated users into performing unwanted actions', 'SSL certificate fraud', 'DNS spoofing'], answer: 1, explanation: 'CSRF exploits browser cookies to perform actions as the victim. Prevent with anti-CSRF tokens and SameSite cookies.' },
+  { category: 4, difficulty: 3, question: 'What is the OWASP Top 10?', options: ['Top 10 websites', 'A regularly updated list of the most critical web application security risks', 'Top 10 antivirus tools', 'Top 10 programming languages'], answer: 1, explanation: 'OWASP Top 10 (2021): Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration...' },
+  { category: 4, difficulty: 3, question: 'What is a WAF (Web Application Firewall)?', options: ['A coding framework', 'A filter that protects web apps by inspecting HTTP traffic for attacks', 'A VPN', 'A CDN'], answer: 1, explanation: 'WAFs (ModSecurity, Cloudflare, AWS WAF) inspect requests for SQLi, XSS, and other attacks at the application layer.' },
+  { category: 5, difficulty: 1, question: 'What is GDPR?', options: ['A programming language', 'EU regulation protecting personal data and privacy', 'A network protocol', 'A security tool'], answer: 1, explanation: 'GDPR requires organizations to protect EU citizens\' data with consent, breach notification, and right to erasure.' },
+  { category: 5, difficulty: 2, question: 'What is the CIA triad?', options: ['A spy agency model', 'Confidentiality, Integrity, and Availability — core security principles', 'Certificate, Identity, Authentication', 'Cloud, Infrastructure, Application'], answer: 1, explanation: 'CIA triad: Confidentiality (prevent unauthorized access), Integrity (prevent tampering), Availability (ensure access).' },
+  { category: 5, difficulty: 2, question: 'What is the principle of least privilege?', options: ['Give everyone admin access', 'Grant only the minimum permissions needed to perform a task', 'Remove all permissions', 'Use root for everything'], answer: 1, explanation: 'Least privilege reduces attack surface — users and processes only get permissions they absolutely need.' },
+  { category: 5, difficulty: 3, question: 'What is SOC 2 compliance?', options: ['A coding standard', 'An audit framework for service organizations covering security, availability, and privacy', 'A network certification', 'A firewall standard'], answer: 1, explanation: 'SOC 2 audits verify trust service criteria: security, availability, processing integrity, confidentiality, and privacy.' },
+  { category: 5, difficulty: 3, question: 'What is a risk assessment?', options: ['Performance review', 'Identifying, analyzing, and evaluating threats to determine appropriate controls', 'Network scan', 'Code review'], answer: 1, explanation: 'Risk assessments combine asset value, threat likelihood, and vulnerability severity to prioritize security investments.' },
+];
+
+const BOOKS = {
+  low: [
+    { title: 'Cybersecurity Fundamentals', url: 'https://dargslan.com/book/cybersecurity-fundamentals' },
+    { title: 'Network Security Basics', url: 'https://dargslan.com/book/network-security-basics' },
+  ],
+  mid: [
+    { title: 'Linux System Hardening', url: 'https://dargslan.com/book/linux-system-hardening' },
+    { title: 'Linux Security Essentials', url: 'https://dargslan.com/book/linux-security-essentials' },
+  ],
+  high: [
+    { title: 'Ethical Hacking', url: 'https://dargslan.com/book/ethical-hacking' },
+    { title: 'Mastering Kali Linux', url: 'https://dargslan.com/book/mastering-kali-linux' },
+  ],
+};
+
+function shuffle(a){const b=[...a];for(let i=b.length-1;i>0;i--){const j=Math.floor(Math.random()*(i+1));[b[i],b[j]]=[b[j],b[i]];}return b;}
+function ask(rl,q){return new Promise(r=>rl.question(q,a=>r(a.trim())));}
+
+async function main(){
+  const rl=readline.createInterface({input:process.stdin,output:process.stdout});
+  console.log(`\n${c.bold}${c.cyan}  ╔══════════════════════════════════════════════════╗`);
+  console.log(`  ║${c.white}   🔒  DARGSLAN CYBERSECURITY QUIZ  🎯              ${c.cyan}║`);
+  console.log(`  ║${c.dim}${c.white}   Pentest, forensics, web security & more        ${c.cyan}║`);
+  console.log(`  ╚══════════════════════════════════════════════════╝${c.reset}\n`);
+  console.log(`${c.dim}  Powered by dargslan.com — 210+ IT eBooks${c.reset}\n`);
+
+  console.log(`  ${c.green}[1]${c.reset} Quick (10)  ${c.yellow}[2]${c.reset} Full (32)  ${c.cyan}[3]${c.reset} Category  ${c.red}[4]${c.reset} Speed\n`);
+  const mode=parseInt(await ask(rl,`  ${c.bold}Choice [1-4]: ${c.reset}`))||1;
+
+  let qs;
+  if(mode===2)qs=shuffle(QUESTIONS);
+  else if(mode===3){
+    console.log('');CATEGORIES.forEach((cat,i)=>console.log(`  [${i+1}] ${cat.icon} ${cat.name}`));
+    const ci=(parseInt(await ask(rl,`\n  ${c.bold}Category [1-6]: ${c.reset}`))||1)-1;
+    qs=shuffle(QUESTIONS.filter(q=>q.category===ci));
+  }else if(mode===4)qs=shuffle(QUESTIONS).slice(0,15);
+  else qs=shuffle(QUESTIONS).slice(0,10);
+
+  if(!qs.length){console.log('  No questions!');rl.close();return;}
+
+  let correct=0;const labels=['A','B','C','D'];
+  for(let i=0;i<qs.length;i++){
+    const q=qs[i];const cat=CATEGORIES[q.category];
+    const stars=q.difficulty===1?'★☆☆':q.difficulty===2?'★★☆':'★★★';
+    const dc=q.difficulty===1?c.green:q.difficulty===2?c.yellow:c.red;
+    console.log(`\n${c.dim}${'─'.repeat(60)}${c.reset}`);
+    console.log(`  ${c.bold}Q${i+1}/${qs.length}${c.reset} | ${cat.icon} ${cat.name} | ${dc}${stars}${c.reset}`);
+    console.log(`\n  ${c.bold}${q.question}${c.reset}\n`);
+    q.options.forEach((o,j)=>console.log(`  ${c.cyan}${labels[j]}${c.reset}) ${o}`));
+    let ans;
+    if(mode===4){
+      console.log(`\n  ${c.yellow}⏱ 15 seconds!${c.reset}`);
+      ans=await Promise.race([ask(rl,`\n  ${c.bold}Answer [A-D]: ${c.reset}`),new Promise(r=>setTimeout(()=>r(''),15000))]);
+    }else ans=await ask(rl,`\n  ${c.bold}Answer [A-D]: ${c.reset}`);
+    const ai=labels.indexOf(ans.toUpperCase());
+    if(ai===q.answer){correct++;console.log(`  ${c.bgGreen}${c.white}${c.bold} ✓ CORRECT ${c.reset}`);}
+    else console.log(`  ${c.bgRed}${c.white}${c.bold} ✗ WRONG ${c.reset} Answer: ${labels[q.answer]}) ${q.options[q.answer]}`);
+    console.log(`  ${c.dim}💡 ${q.explanation}${c.reset}`);
+  }
+
+  const pct=Math.round(correct/qs.length*100);const sc=pct>=80?c.green:pct>=60?c.yellow:c.red;
+  console.log(`\n${c.bold}${c.cyan}  ═══════════ RESULTS ═══════════${c.reset}`);
+  console.log(`\n  Score: ${sc}${c.bold}${correct}/${qs.length} (${pct}%)${c.reset}\n`);
+  const books=pct>=80?BOOKS.high:pct>=60?BOOKS.mid:BOOKS.low;
+  console.log(`  ${c.bold}Recommended:${c.reset}`);
+  books.forEach(b=>console.log(`  📖 ${b.title}\n     ${c.cyan}${b.url}${c.reset}`));
+  console.log(`\n  📚 210+ eBooks: ${c.cyan}https://dargslan.com/books${c.reset}`);
+  console.log(`  📄 Cheat Sheets: ${c.cyan}https://dargslan.com/cheat-sheets${c.reset}`);
+  console.log(`\n${c.dim}  Made with ❤ by Dargslan — dargslan.com${c.reset}\n`);
+  rl.close();
+}
+main().catch(console.error);

package/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "dargslan-security-quiz",
+  "version": "1.0.0",
+  "description": "Interactive Cybersecurity quiz in your terminal. 40+ questions on penetration testing, forensics, compliance, incident response, encryption, and more.",
+  "main": "index.js",
+  "bin": {
+    "dargslan-security-quiz": "./index.js",
+    "security-quiz": "./index.js"
+  },
+  "keywords": [
+    "cybersecurity", "security", "quiz", "terminal", "cli", "pentest",
+    "penetration-testing", "forensics", "incident-response", "encryption",
+    "compliance", "oscp", "comptia", "security-plus", "ethical-hacking",
+    "learning", "certification", "practice"
+  ],
+  "author": "Dargslan <info@dargslan.com> (https://dargslan.com)",
+  "license": "MIT",
+  "homepage": "https://dargslan.com",
+  "repository": { "type": "git", "url": "https://github.com/Dargslan/dargslan-security-quiz" },
+  "engines": { "node": ">=14.0.0" },
+  "files": ["index.js", "README.md", "LICENSE"]
+}