It's not finding Metasploit, Impacket or BloodHound (but instead Metasploit Cheat Sheets or PlumHound), which are absolute heavy weights in the offensive security sector. How did you gather that data?
It's a growth hack by OP for his cybersecurity consultancy (Mandos).
In general, you should learn about the tools after you master the fundamentals.
Understanding how OS, Networking, Web Development, DevOps, <insert_domain_here> works at a fundamental level will make it easier to become a well versed Security Practitioner.
Most attack vectors I've seen in the wild tend to be caused by some kind of misconfiguration (eg. Accidentally leaving a test app internet accesible) or sloppy architecture (eg. Not keeping an inventory of systems and dependencies).
The way to remediate that is by actually understanding how your underlying technology works.
I like it, would prefer a really condensed list instead of this.
Also, why do I get *featured Mandos products if the goal is to create the largest curated directory? Are you trying to get others to pay you to get featured or are you trying to increase your sales?
Featured will enable tool authors to showcase the product to visitors if they decide to do so. I do not think "largest curated directory" and "featured products" are mutually exclusive. Also curation, feature updates and maintenance takes a significant amount of my time and a portion for infra - already have over 50+ tools in queue to review. So featuring will help support the platform.
The style and layout of the page, personally speaking, doesn't work well for me. I had to lean far back in my chair in order to feel like I could comprehend the layout initially.
I'd love to see a text-based version of this, but it is just my own personal preference and I may be alone in it.
There once was an amazing culture (and a sense of community) around the curation of tools. Just as I was browsing cybersectools, I remembered exetools(.com), which amazingly still seems to exist. There are even some aesthetic similarities to this submission, I think.
I also vaguely remember a very large registry that specialized in packers for executables, but I can't remember the name. Those were great for reducing the size of executable files, among other things. I don't think that's even a thing anymore. Still good times.
The exetools website seems to be on its way out (domain for sale, no updates), which shows how hard it can be to get these types of projects to go well - I'm hoping I can help a bit!
Rizin, Cutter, Radare2, BAP (Binary Analysis Framework), LIEF, and so many other tools aren't in the list. Please add them and probably many other that were missed.
They have a submission button, but it asks for a lot of info, it would be kind of nice if you could just paste a github repo and it would pull out the information.
Good idea! However, I want to ensure the high quality of tools through curation. Otherwise, many will submit their tools for backlinks and advertising purposes, turning the platform into a mess. After all, the end goal is to help cybersecurity professionals and leaders find the necessary tools.
I submitted two open-source tools. The submission form has a field for 'License' in which the only two options are 'Free' and 'Commercial'. Those aren't licenses. Maybe adjust that field to either say 'cost' or 'terms', or actually have a license field which lets you paste an SPDX entry (or entries) or pick a license from a list.
[I'm not the target audience--don't work in security.]
To me 'largest' is the antithesis of 'curated'. What is the curation aspect to this collection? Are there comparisons between tools, rankings, etc? If it's just a popular misuse of 'curated' that's fine too, like 'literally' in sportscasting.
Thanks for the comment/feedback. Submitted tools undergo the review and are manually added to ensure high quality and reduce spam. Currently on the tool page you can see alternatives to each tool, but ranking and comparison is the next step.
https://github.com/vavkamil/awesome-bugbounty-tools
https://github.com/vavkamil/awesome-vulnerable-apps