Show HN: Infoseclist.com – Compare 90 cybersecurity tools ranked by practition

Every time we needed a new DAST scanner or pentest vendor, it was the same drill: Google around, read SEO-optimized listicles written by people who never used the tools, sit through 3-5 sales demos, and hope for the best.

InfoSecList is a directory of 90+ cybersecurity tools and services across 21 categories. Every listing gets two scores from practitioners:

- Market Score (1-5): industry adoption and brand recognition - Value Score (1-5): actual value for money based on usage

You can browse by category (DAST, SAST, SCA, pentest services, bug bounty platforms, etc.), compare tools side-by-side, or look up alternatives to specific products.

A few things that might be interesting technically:

- Data lives in a Google Sheet, served via a PHP proxy as CSV, parsed client-side - Pages are dynamic SPA-style but with clean URLs for SEO - Each tool/alternative/category page generates its own structured data and meta tags from the CSV data at runtime - No framework, no build step. Plain HTML, CSS, vanilla JS

No accounts, no gated content, no pay-to-rank. Happy to answer any questions about the approach or the security tool landscape.

Stack: Apache, vanilla JS, Google Sheets as CMS, Let's Encrypt

Follow-up Comment (if asked about data/methodology)

The scores come from a combination of: - Gartner/Forrester positioning for Market Score - Community sentiment (Reddit, HN, security forums) for both scores - Direct practitioner feedback from CISOs and security engineers - Pricing transparency and free tier availability for Value Score

We deliberately keep it simple with two 1-5 scores rather than trying to build a complex weighted system. The goal is to help someone go from "I need a DAST tool" to a shortlist of 3-4 options in under 5 minutes.

Open source tools like Nmap, OWASP ZAP, and Trivy tend to score 5/5 on Value. Enterprise tools like CrowdStrike and Mandiant score 5/5 on Market but lower on Value due to pricing.

Follow-up Comment (if asked about business model)

Right now it's free with no monetization. Long term we're considering: - Featured listings (clearly marked, doesn't affect scores) - Lead gen for vendors (opt-in only, buyer initiates contact)

We won't do pay-to-rank. The scores stay independent.