Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Meet AttackerKB, Rapid7’s Crowdsourced Vulnerability Knowledge Base

Metasploit Team Unveils Community Powered Knowledge Base of Vulnerabilities and Insights

Metasploit Team Unveils Community Powered Knowledge Base of Vulnerabilities and Insights

Rapid7 has launched an open beta of AttackerKB, a community-sourced knowledge base of the latest vulnerabilities. Its purpose is to provide a central repository of information on vulnerabilities to help defenders understand and triage threats.

Announcing the beta version in January 2020, Rapid7’s Metasploit R&D manager Caitlin Condon, blogged, “When a new vulnerability prompts discussion on Twitter or hits media outlets, the security community collectively participates in a familiar triage process: Is the bug pervasive, exploitable, or both? Is it worth dropping everything to patch or mitigate? Is the expected shelf life long enough that it’s worth developing an exploit for? Or is it actually…not useful or interesting?”

Rapid7 logoThe problem for corporate security teams is that this vital discussion is dispersed and fragmented across Twitter, individual blogs, news outlets and other media. Security teams cannot easily access the combined understanding of the world’s security researchers and hackers, and consequently spend more time and effort than should be necessary trying to interpret the potential impact on their own environment.

This problem was not lost on Rapid7’s Metasploit team. “Our R&D teams have commented in the past on the lack of a community-driven venue for discussing, analyzing, and prioritizing threats. Instead of continuing to lament that gap, we simply decided to fill it,” explains Cindy Stanton, VP vulnerability and risk management at Rapid7.

The response was AttackerKB — effectively a marketplace for the community of researchers and hackers to discuss and evaluate threats, and provide a central source of knowledge to security teams for their own time-critical decisions. “Our aim with the community,” continued Stanton, “is to foster collaboration to advance security, while also giving cyber practitioners confidence in their understanding of a threat and its potential business impact when they raise the alarm to stakeholders.”

Users of the knowledgebase will be able to sort content by date, popularity and attacker value. They will also be able to search for specific common vulnerabilities and exposures (CVEs) using a range of filters such as CVE year, attack vector, required privilege and more. 

Robin Wood, a freelance security tester and researcher (and co-founder of SteelCon, an annual hacker conference in the North of England), believes this is a good idea with the best of intentions. “It moves beyond ‘this vulnerability is a CVSS 7.1 so may be worth patching’ and ‘some people on twitter say it could bring everything down so we must patch’,” he told SecurityWeek, “and aims to give a more thought-through commentary which is definitely useful.”

Advertisement. Scroll to continue reading.

He sees only two potential problems. Firstly, “if there is a split in the people in the group over whether a vulnerability is a problem or not, then you have to pick who to side with — so you still have to make the judgement calls on how to react, just with a bit better information. The other one is if they ever get anything seriously wrong — especially saying something isn’t a problem which then becomes one. If that happens, it may lose credibility as people are more likely to weigh a mistake much more than all the good work.”

These are issues that Rapid7 has considered. In order to protect the value of the crowd wisdom he seeks to provide, contributing researchers earn profile points based on the number of assessments created and the votes received. The platform will also feature a leader board and in the future, researchers will earn badges for the quality of their advice.

AttackerKB’s primary purpose is to help security teams sift through the huge volume of new vulnerabilities discovered every year. According to NIST NVD, there were about 17,500 vulnerabilities announced in 2019 — more than double the amount of 2016 and a figure likely to be exceeded this year. “We’re excited to collaborate with folks from every part of this industry,” blogged Condon, “to boost signal, stomp out noise, and highlight the hot takes and measured technical assessments that, together, do the necessary (and sometimes messy!) work of moving this industry forward.”

Related: Rapid7 Releases Metasploit 5.0 

Related: Rapid7 Adds Automation, Orchestration Capabilities to Insight Platform 

Related: Privilege Escalation Vulnerability Found in Rapid7 InsightIDR 

Related: GitHub Becomes CVE Numbering Authority, Acquires Semmle

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.