[addtool] guidelines

[gwen001]

What are we looking for?

offsec.tools has the ambition to list as many security tools as possible but we prefer quality over quantity. That means before you submit a new tool, ask yourself if one or more tool doing the same thing are already online. How your tool can help the community, how is it different, what kind of features does it provide that others don't? Do you use it yourself, does it deserve a sharing?

For instance, we all have a bash script that is a basic chain of other tools: subdomains search, resolution, ports scanning, probing, screenshots etc... We definitely cannot add all bug hunters recon script unless they have a real plus value.

If you still think your tool deserves a sharing, you're welcome to submit. Note that you don't have to be the author of the tool.

All contributions will be manually reviewed unless they are duplicates of a tool already online, if so the bot will simply mark the submission as duplicate and close it.

Finally the team reserves the right to accept or refuse a submission and change any details if needed.
If your tool has been refused, or if you have any question about it, feel free to reply in the issue itself or open a new issue on GitHub if necessary.

Thank you for your understanding. Thank you for your contribution 🙏

Important

If any information is missing, the issue will be labeled as question (pink tag). Then you can update the issue to add the missing information.

• The issue should be free from any label to be handled by the bot
• You should always update the initial issue
• Do not reply in comment, it will be ignored

Howto

1/ Be sure to carefully read the guidelines first.

2/ Open a new issue using the template created for that purpose on GitHub.

3/ Fill all necessary informations, some are required, some are optional.
Take care to put your data between the [opening-tags] and the [/closing-tags].

4/ Submit the issue.

5/ The issue will be handled by the bot and the tool confirmed after human check.

Recommendations

• Tool:
  • are not considered as valid: one line scripts, dedicated CVEs exploits, single one shot PoCs for a specific issue, malwares, viruses or anything considered as malicious by purpose
  • also not considered as valid: tools provided by systems (ex: tmux, netstat, powershell...)
• Tags:
  • avoid the tag all, whatever happen the tool will be listed there
  • avoid the name of the tool itself, we don't want a dedicated hashtag for every tool
  • avoid the coding language, this information will be added in the futur in another way
• Short descr:
  • limited to 100
  • use the repository description if exists
  • avoid things like "this is a Python tool that has been created for...", this use a lot of characters saying nothing
• Long descr:
  • explain what the tool does, in what situation it could be used, the internal mechanisms
  • no need to provide the usage with all options
  • do not copy/paste the whole readme, offsec[.]tools doesn't support Markdown
• Links:
  • you can provide several links
  • provide only official links: repository, website, store...
  • do no provide links to random articles or videos from here and there
• Images:
  • you can provide several images
  • repository images and/or usage can be used if no other image are available
  • animated gif can be used
  • take care of the size of the image (ex: 2500x4000, 10Mb... this is way too much!)