metarget
metarget copied to clipboard
Metarget
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
Metarget will support nested virtualization by integrating with Vagrant and QEMU. So we can construct complex vulnerable targets within stand-alone VMs.
使用gadget参数安装组件时,建议给出可安装的list,如 gagdet k8s list: 1.18.5 1.19.5 1.22.0 类似这样
Currently Metarget does not support removal of kernel, which means if we install some vulnerable kernels we must remove them later manually. Metarget should help to delete kernel files which...
E.g. for `cve-2020-15257` which needs two gadgets (`docker-ce` and `containerd`), if Metarget finds `docker-ce` with specified version has been installed, it should just pop this gadget out of the temp_gadgets...
Currently we install docker using `apt`, while on some versions of Ubuntu (e.g. 20.04) dependencies could not be resolved.
Currently for each vulnerability we specify a specific version of component. If that version has been installed, we do not have to install the vulnerability again. It will be better...
Currently, all applications vulnerabilities in metarget must be installed in a k8s cluster. For those who just wants to test appv, there is no need to install a k8s.