AttackerKB is now out of beta! We’re thrilled to be reaching this milestone and we couldn’t have done it without all of the assessments, feedback, and other contributions provided by the community. THANK YOU!
The beta tag will be removed from the navigation bar, but that in no way means we’re done adding new features or improving our data. We’ll continue to work hard on AKB to ensure it is a valuable resource to the security community. Please continue to send us feedback using the feedback bubble on the site, or talk to our team directly on Slack.
AttackerKB is only just getting started.
- Added more information to the footers of email notifications to better indicate what setting triggered the notification
to be sent and who the intended recipient was (to help thwart phishing attempts).
- The API is now using versioned URLs so we can continue to add new functionality without breaking existing integrations.
All API endpoints are now prefaced with the version, for example
https://api.attackerkb.com/v1/topics. The API docs have been updated to reflect this.
- Creating a topic will now navigate to the Add References screen as a reminder to add canonical references (e.g. the CVE ID)
for better tracking and identification of the topic.
- Entries for the Rapid7 Analysis being updated will no longer display on the Activity Feed.
The updates were causing a lot of noise in the feed due to the fast-moving nature of high impact vulnerabilities.
- Topics can now be watched by clicking the watch icon on the home page or search results page.
- Improved styling on the Attacker Value bars on the home page to increase readability.
- Topic references are now included in responses from the API.
- New filters have been added to filter topics on Rapid7 Analysis, Metasploit modules, and if it has been exploited in the wild.
- Clicking the
Report and add more detailsbutton when marking a topic Exploited in the Wild was not properly navigating
to the create assessment form.
- Fixed some display issues with search filters on lower browser resolutions.
- Fixed a bug that would incorrectly change the URL in the browser when switching between tabs. This had a side effect of
breaking the Add Reference action, which should no longer be an issue.
- Logging into AttackerKB should now properly redirect to the page that was being viewed rather than always navigating to
the home page.
- Fixed a bug that was causing the CVE Year filter to return incorrect results.
- Empty boxes should no longer display on the Vulnerability Details tab.
- Fixed an issue that caused timeouts when pulling large numbers of topics from the API.
- The delete button on references should now display properly on references that were created by you.
- Searching for an “empty” query will once again return a list of all available topics.
- A huge performance pass was completed over the majority of the site. Loading pages should be significantly faster throughout all
of AttackerKB. Extra effort was added to improve loading on mobile.
- Clicking anywhere on topic slugs on the home page and search results page will now take you to the topic.
- Clicking the grey tags on the topic slug will now take you to the search results page showing other topics with similar tags.
- New entries are now added to the Activity Feed page when a Rapid7 Analysis is created or updated.
- Metasploit modules that are associated with a topic will now display in the top section of a topic.
- MITRE ATT&CK tags can now optionally be selected when creating an assessment.
- Added tooltips to MITRE ATT&CK information to better explain functionality.
- Going to the search results page with an empty search query returns 0 results.
- References can now be added to a topic by clicking the Add References button on the Vulnerability Details tab.
- References are now listed in individual categories to help better organize them.
- Made changes to search to support the new references changes. We’re still collecting feedback on the implementation so
please feel free to fill out the Submit Feedback form if you
experience any errors with search.
- Added the ability to display announcements site-wide. When active, the announcement will display directly below the top
navigation bar. They can be dismissed by clicking the
- The CVSS v3 score will now be displayed for each topic next to the CVE ID.
- Topic revision history entries will properly display MITRE ATT&CK tags as they appeared when that revision was created.
- A check box was added to the assessment creation form to allow marking a topic as “exploited in the wild”. This will toggle
on the badge displayed in the upper-right corner of a topic in the same way clicking the button would.
- Fixed a bug that incorrectly allowed MITRE ATT&CK tags to be added when viewing topic revisions.
- Added support for MITRE tags. Users can now add topic tags to represent MITRE ATT&CK tactics and techniques.
- Added in-app and email notifications for new Rapid7 Analyses added to topics. These notifications are enabled
by default, and users can adjust their notification preferences from their settings page.
- Updated workflow for reporting vulnerabilites as “exploited in the wild”.
- Removed homepage link to AttackerKB Beta survey.
- Improved responsiveness of topic pages on mobile.
- The top section of the topic page has been redesigned to consolidate information and make important details stand out.
- A new tooltip has been added to help make visitors aware of the ability to watch a topic.
- The tags for vulnerability characteristics on the topic cards should now properly display the same data as within the
- Fixed a bug causing long strings in comments to break outside of the boundaries of the comment box.
- Tags for the vulnerability characteristics that appear within the cards on the home page will no longer jump
to multiple lines on mobile.
- Re-architected the design for topic and assessment tags to use a related data model. This is to support easier
addition of new tags and allow for enhanced functionality in future updates. The UI remains mostly unchanged. Changes
to the data model can be seen in the API documentation.
- Added date tracking for Rapid7 Analysis to show when that data was first added and when it was last updated. This is not
backwards compatible so only Rapid7 Analysis created from now on will display this data.
- Hovering over a badge on a user’s profile page or near their avatar will display a tooltip giving more information on how
that badge was awarded.
- Clicking the Cancel button when creating or editing an assessment will ensure any entered changes are removed.
- Switching between tabs on the topic page will now update the URL to the direct link for that tab.
- Fixed a bug that was causing updates from AKB Workers to appear as performed by the wrong user.
- Added a new Activity Feed page. This will allow you to easily see all of the assessments and replies that have been
created across AttackerKB in chronological order. A link to this feed has been added to the top navigation bar.
- Added vendor and product information to topics where the data is available. This data is located on the Vulnerability Details
tab of topics where it is present.
- You are now able to filter search results and based on vendor and product. Enter the values you are looking to filter on into
the relevant fields on the left side of the search page and hit Apply to limit the results only to topics that match that data.
- Topic descriptions containing long strings should no longer venture outside of their designated boundaries.
- Creating a new topic, adding an assessment to a topic, or commenting on an assessment will now cause you to automatically watch that topic.
A new setting has been added to the Profile>Settings page to toggle this behavior on or off.
- The search result count will now indicate the correct set of results you are viewing based on the page currently being viewed.
- Search results now use the full width of the page.
Filtersmenu will now be hidden by default when searching on mobile. A new toggle has been added to show/hide the menu.
Nextlink will no longer incorrectly display on the Search Results page when there are no results on the next page.
- AttackerKB will now also include topics with a
- Added a new filter option on the search results page to return topics where the CVE state is either
- Added the following new filters to the API. This allows you to return records from before or after the date specified.
See the documentation for more information.
- Improved the preview data when linking to AttackerKB on Twitter. Linking directly to an assessment will now preview
the content of the assessment rather than the topic. Also, the preview image should now be populated correctly.
- API activity is now tracked for performance and analytics purposes. See the API tab of your profile page for terms.
- Added two new tags, Exploited in the wild and Requires elevated access, for use when assessing topics.
- Added additional badges that are awarded when creating 5, 20, 30, and 40 assessments.
- Made adjustments to search results so topics with assessments, comments, and watchers will appear higher in the results.
Topics that do not have any of those pieces of content will be sorted by Disclosure Date.
- Added the ability to search for exact phrases by wrapping the phrase in quotation marks.
- Fixed a bug that was causing an error when your search query contained special characters.
- A new tab has been added to topics to highlight Rapid7’s direct analysis of high-profile vulnerabilities.
This analysis is intended to be factual and unbiased. The new tab will only be displayed for topics where
Rapid7 analysis has been provided.
- The leaderboard can now be adjusted to show the top 50 leaders instead of only displaying the top 10.
See the new dropdown toggle at the top of the leaderboard page to adjust this view.
- Added a link to a survey on the home page to help us improve AttackerKB! Please check it out and provide your feedback.
Your input will directly affect development decisions and help make this tool more valuable for the world.
- (Re-)added a user’s score next to their username on assessments and comments to better indicate their contributions to AttackerKB.
- Fixed a bug that was causing links to specific tabs on pages from navigating to the correct location.
- Added the ability to filter search results by various attributes such as CVE year, attacker value, tags, and more.
- Made a number of changes to “topic watching”:
- Added a counter to topics indicating the number of people currently watching the topic for updates.
- Changed the icon for watching a topic to better differentiate it from the notification icon.
- Added the ability to watch a topic to the “sticky” header.
- Added a counter to topics indicating the number of people currently watching the topic for updates.
- Added the ability to sort the home page by “Most Watched” topics.
- Added a changelog page, but that was probably pretty obvious if you’re reading this.
- Fixed a bug that was causing two notifications to be sent when a user was mentioned in a comment or assessment.
- Fixed an issue with the way diffs were displayed on tags when viewing topic and assessment revisions.
- Fixed incorrect styling on the topic revision dropdown in certain browsers – rapid7/attackerkb#36.
- Fixed some issues viewing topic revisions on mobile – rapid7/attackerkb#46.
- Fixed a bug where topic metadata was incorrectly being removed when an edit was made to a topic.