███╗   ██╗███████╗████████╗██████╗ ██████╗ ███████╗ █████╗ ██╗  ██╗███████╗██████╗
████╗  ██║██╔════╝╚══██╔══╝██╔══██╗██╔══██╗██╔════╝██╔══██╗██║ ██╔╝██╔════╝██╔══██╗
██╔██╗ ██║█████╗     ██║   ██████╔╝██████╔╝█████╗  ███████║█████╔╝ █████╗  ██████╔╝
██║╚██╗██║██╔══╝     ██║   ██╔══██╗██╔══██╗██╔══╝  ██╔══██║██╔═██╗ ██╔══╝  ██╔══██╗
██║ ╚████║███████╗   ██║   ██████╔╝██║  ██║███████╗██║  ██║██║  ██╗███████╗██║  ██║
╚═╝  ╚═══╝╚══════╝   ╚═╝   ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝

Penetration Testing Simulator

All targets, companies, IPs and exploits are entirely fictional.

Educational simulation based on CompTIA Security+ / PenTest+ methodology.

---

---

Overview

NETBREAKER is a single-file, browser-based cybersecurity simulation game. Players work through a fictional darknet as a penetration tester, discovering targets, running recon, exploiting vulnerabilities, escalating privileges, and exfiltrating data — all using commands modelled on real-world tools and CompTIA Security+ / PenTest+ methodology.

No installation. No server. No dependencies beyond a modern browser. No outside connections other than Google Fonts. Open the HTML file and play.

Educational Context

NETBREAKER is designed as an interactive reference for the CompTIA Security+ and PenTest+ certification tracks. Every command, technique, and CVE in the game maps to a real concept:

• Recon phase — passive (sniffer) vs. active (nmap, gobuster) information gathering, OSINT
• Exploitation — CVE research, service fingerprinting, authenticated vs. unauthenticated attack paths
• Web application testing — OWASP Top 10 categories: SQLi, XSS, IDOR, LFI, CSRF, auth bypass
• Post-exploitation — privilege escalation vectors (sudo, SUID, cron, token impersonation), persistence, lateral movement, data exfiltration
• OPSEC — log clearing, IP rotation, covert channels (DNS exfil), detection evasion

---

Features

Terminal Emulator

A full in-browser terminal with command history (arrow keys), tab-autocomplete, a scrollable output buffer, and a persistent prompt that reflects your current session context (handle@nb:~$ locally, user@domain:/path$ on a target).

Every command has a manual page accessible via man <command>. Type help for a categorised command reference with the full attack chain at the top.

Five Panes

| Pane | Function | |------|----------| | TERM | Primary terminal — all commands run here | | BROWSER | In-game web browser with form interaction, vulnerability indicators, and browser tools | | FILES | Interactive filesystem explorer for local virtual files and connected target filesystems | | NET | SVG force-directed network map showing all targets, their status, and relationships | | CVE-DB | Searchable vulnerability database that grows as you discover CVEs via nmap |

Browser Pane Tools

• INTERCEPT — Burp Suite–style request capture. Pause any HTTP request, edit headers and body, then forward, drop, or send modified.
• cURL Builder — Construct custom HTTP requests with method, headers, and body. Detects SQLi, LFI, and auth bypass patterns in responses.
• FUZZER — Automatically tests all input fields on the current page for SQLi, XSS, LFI, and IDOR.
• COOKIES — Inspect and modify session cookies and role tokens.
• DIFF — Side-by-side baseline vs. modified response comparison to confirm exploit success.

Network Map

Force-directed SVG graph rendered with a custom physics simulation (repulsion, spring forces, center pull). Nodes are sized by target difficulty and coloured by compromise status — undiscovered, discovered, shell, rooted. Hosts running miners display an amber ring. Hover for a tooltip; click to open the target modal with attack suggestions and contract status.

CVE Database

Nine base entries covering the core fictional CVEs used in the game. Running nmap -sV -sC on targets dynamically discovers up to ten additional entries (including simulated versions of Baron Samedit, PwnKit, Dirty Pipe, Shellshock, BlueKeep, and others). Newly found CVEs are badged NEW in the database and immediately usable with exploit.

Economy and Progression

Credits are earned through gameplay — not handed to the player at start. Every meaningful action pays out:

| Action | Reward | |--------|--------| | Scan discovers a host | +10c per host | | nmap finds a CVE | +15c per vulnerability | | gobuster run | +20c | | Sniffer deployed | +30c | | Web or SSH login | +40–50c | | Exploit — shell | +75c | | Root shell | +150c | | Privilege escalation | +100c | | Contracts | +200c to +30,000c | | Mining (per 30s tick) | +8c to +80c per rig |

REP unlocks harder targets. Credits unlock tools. Mining provides compound passive income as you root more hosts.

Mining System

Deploy an XMR miner on any rooted host with deploy miner <ip>. Income is credited every 30 seconds. Rates scale with target difficulty (easy=8c, med=18c, hard=35c, elite=80c per tick). Buying the Mining Pool from the shop doubles all rates. The topbar shows live income rate and the miners command lists all active rigs.

OPSEC and Wanted System

A 0–5 star wanted level rises with noisy actions (exploiting IDS-protected targets, brute force, HTTP exfil). At three stars, an IDS alert bar appears. Tools and commands to manage heat:

• clearlogs — wipe local traces, −1 wanted (free)
• clearlogs <ip> — wipe remote logs, −2 wanted (requires Log Cleaner tool)
• rotateip — rotate attacker IP, break active traces, −2 wanted (requires IP Rotator)
• VPN Chain — passive, reduces wanted gain rate by 60%
• TOR Router — passive, prevents wanted gain entirely; required for elite targets

Virtual File System

Local virtual files accessible via cat or the FILES pane at any time, no connection required:

| File | Contents | |------|----------| | walkthrough.txt | Quick-start guide and topic index | | walkthrough-targets.txt | Full walkthroughs for all 7 targets | | walkthrough-web.txt | SQLi, XSS, IDOR, LFI, CSRF technique guide | | walkthrough-opsec.txt | Wanted system, log clearing, evasion | | walkthrough-mining.txt | Mining setup, rates, economy progression | | exploits.txt | Quick exploit reference | | tools.txt | Installed tools and their commands |

Script Editor

editor opens a script editor with four built-in templates (port scanner, privilege check, DNS exfil, reverse shell). Scripts are saved per-operative and executable with run <name>. Target filesystem scripts (e.g. /opt/scripts/monitor.sh) can also be executed with run when connected and in the correct directory.

Procedural Company Schema

All seven targets are defined as plain JavaScript objects in the COMPANY_DEFS array. The game engine reads every field uniformly — nothing is hardcoded to a specific company. To add a custom target, append a new object following the schema documented in the source:

// Fields: id, name, domain, ip, industry, desc,
//   diff (easy/med/hard/elite), repReq (int),
//   sec { fw, ids, mfa, waf } (bool),
//   scanReq { nmap, gobuster, sniffer } (bool),
//   ports [{ num, svc, ver, vuln, note }],
//   creds { user: pass },
//   rootMethod (str),
//   webVulns [str], webPages [str],
//   fs { path: [entries] }, fc { path: content },
//   contracts [{ id, title, desc, target, reward: { c, r } }]

Save System

Three save slots backed by IndexedDB. Saves auto-persist every 15 seconds and on session close. Each slot shows handle, credit balance, REP, and last-saved date on the title screen.

---

Targets

| # | Company | IP | Difficulty | REP Required | |---|---------|-----|-----------|--------------| | 1 | PetroFlow Systems | 192.168.10.14 | Easy | 0 | | 2 | NexGenPharm Research | 10.0.5.22 | Medium | 200 | | 3 | Darkpeak Analytics | 10.20.5.50 | Medium | 500 | | 4 | Arclight Financial Group | 172.16.5.100 | Hard | 600 | | 5 | OmniCloud Hosting | 185.14.6.88 | Hard | 1,000 | | 6 | CivicGrid Power Authority | 10.10.1.5 | Elite | 1,800 | | 7 | Sentinel Defense Systems | 172.31.10.5 | Elite | 3,500 |

All companies, IP addresses, domain names, personnel, CVE identifiers, and exploits are entirely fictional and created for educational simulation purposes.

---

Commands

Commands support piping: cd /var/www/html | ls executes each segment in sequence. Tab-autocomplete and command history (↑/↓) available in the terminal at all times.

RECON
  scan <subnet>                    Ping sweep. Discovers live hosts. (+10c/host, one-time)
  nmap [flags] <ip>                Port, service, and CVE scan. Populates CVE-DB.
    -sV (versions)  -sC (scripts)  -O (OS)  -p- (all ports)  -A (aggressive)
  gobuster <ip>                    Web directory brute-force. (+20c, one-time per target)
  deploy sniffer <ip>              Passive credential capture. Silent — no IDS trigger. (+30c)
  deploy crawler <ip>              Web content and link mapping.
  agents                           View results from all deployed sniffers and crawlers.
  ping <ip>                        Test reachability. (+5c per unique source→destination pair)

EXPLOITATION