Metarget目前仅支持在Ubuntu 16.04和18.04安装运行，在20.04上可能会遇到依赖项问题。安装步骤十分简单。
这里使用Ubuntu 18.04为例进行安装：
git clone https://github.com/brant-ruan/metarget.git
cd metarget/
pip3 install -r requirements.txt

然后执行以下命令，为系统安装带有CVE-2019-5736容器逃逸漏洞的Docker：
sudo ./metarget cnv install cve-2019-5736
接着执行以下命令，为系统安装带有CVE-2018-1002105权限提升漏洞的Kubernetes：
sudo ./metarget cnv install cve-2018-1002105 --domestic
集群部署成功后，最后执行以下命令，在当前集群上部署一个容器化DVWA：
sudo ./metarget appv install dvwa --external

整个交互过程如下：
ubuntu@VM-8-10-ubuntu:~/metarget-0.5$ sudo ./metarget cnv install cve-2019-5736
cve-2019-5736 is going to be installed
uninstalling current docker gadgets if applicable
installing prerequisites
adding apt repository deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable
adding apt repository deb http://archive.ubuntu.com/ubuntu xenial-updates universe
adding apt repository deb http://archive.ubuntu.com/ubuntu bionic-updates universe
installing docker-ce with 18.03.1_ce3-0~ubuntu version

cve-2019-5736 successfully installed

ubuntu@VM-8-10-ubuntu:~/metarget-0.5$ sudo ./metarget cnv install cve-2018-1002105 --domestic
docker already installed
cve-2018-1002105 is going to be installed
uninstalling current kubernetes if applicable
pre-configuring
pre-installing
adding apt repository deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
installing kubernetes-cni with 0.7.5-00 version
installing kubectl with 1.11.10-00 version
installing kubelet with 1.11.10-00 version
installing kubeadm with 1.11.10-00 version
pulling registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.11.1
pulling registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.11.1
pulling registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.11.1
pulling registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.11.1
pulling registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
pulling registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:3.2.18
pulling registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.1.3
running kubeadm
installing cni plugin
installing flannel
pulling quay.mirrors.ustc.edu.cn/coreos/flannel:v0.10.0-amd64
generating kubernetes worker script
kubernetes worker script generated at tools/install_k8s_worker.sh
cve-2018-1002105 successfully installed

ubuntu@VM-8-10-ubuntu:~/metarget-0.5$ sudo ./metarget appv install dvwa --external
docker already installed
kubernetes already installed
dvwa is going to be installed
node port 30000 is allocated for service in vulns_app/dvwa/dvwa/dvwa-service.yaml
applying yamls/k8s_metarget_namespace.yaml
applying vulns_app/dvwa/dvwa/dvwa-deployment.yaml
applying data/dvwa-service.yaml
dvwa successfully installed

根据命令行输出的内容，我们可以直接在浏览器中访问到容器内的DVWA服务：

可以看到，只需要三行命令，我们就完成了一个多层次靶机环境的构建。
环境的清理也十分简单，只需依次执行以下命令即可：
./metarget appv remove dvwa
./metarget cnv remove cve-2018-1002105
./metarget cnv remove cve-2019-5736

参考：http://blog.nsfocus.net/metarget/
https://mp.weixin.qq.com/s/H48WNRRtlJil9uLt-O9asw