Skip to content

Releases: Soham7-dev/AspGoat

v2.0.0

25 Sep 02:58
@Soham7-dev Soham7-dev
v2.0.0
30b87eb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.0.0 Latest
Latest

🤖 AspGoat v2.0.0 – AI/LLM Security Labs

This release introduces dedicated AI / LLM security demonstrations to help learners explore real-world risks in modern applications.

New Labs

  • Prompt Injection – Exploit system instructions and override the model’s intended behavior.
  • Excessive Agency – Showcases how an LLM might take unintended actions when given too much autonomy.
  • Insecure Output Handling – Demonstrates client-side code execution by rendering untrusted LLM output.

Each lab includes vulnerable endpoints and clear guidance for testing and exploitation.

Tag: v2.0.0 • Released: 2025-09-25

Assets 2
Loading

v1.1.0

16 Sep 06:02
@Soham7-dev Soham7-dev
v1.1.0
9ee0e95
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.1.0

🚀 AspGoat v1.1.0

This release introduces two new intentionally vulnerable labs along with supporting updates to enhance learning and testing.

✨ New Labs

  • Cache Poisoning
    Demonstrates how unkeyed host headers and mis-configured caching can be abused to serve attacker-controlled content to other users.

  • Server-Side Template Injection (SSTI)
    Highlights a RazorLight template compilation flaw that allows arbitrary template execution when untrusted input is rendered.

🔧 Improvements

  • Updated documentation and endpoints to include the new labs.
  • Minor UI changes.
Loading

v1.0.1

06 Sep 13:46
@Soham7-dev Soham7-dev
v1.0.1
76fb00b

Choose a tag to compare

View all tags
v1.0.1

🚀 AspGoat v1.0.1

This release delivers minor improvements and refinements to keep the project fresh and user-friendly.

🔧 Changes

  • Updated Insecure Direct Object Reference (IDOR) lab for more realistic scenarios
  • Minor bug fixes for certain labs
  • Minor documentation and UI adjustments

📌 Notes

  • This is a patch release (1.0.1) following our first stable release (1.0.0).
  • Future releases will continue to add new vulnerable labs and improvements.

🙌 Thank you to everyone testing AspGoat and contributing feedback!

Loading

v1.0.0

31 Aug 14:01
@Soham7-dev Soham7-dev
v1.0.0
e2d5256

Choose a tag to compare

View all tags
v1.0.0

What’s new in v1.0.0

  • First official release of AspGoat 🐐
  • Intentionally vulnerable ASP.NET Core app for learning web security
  • Labs included:
    • ✅ Reflected XSS
    • ✅ Stored XSS
    • ✅ CSRF
    • ✅ SQL Injection
    • ✅ SSRF, etc
  • Supports Docker one-liner run & .NET SDK run
  • Includes both vulnerable and secure coding snippets
  • Licensed under MIT

Roadmap

Planned for upcoming versions:

  • GraphQL
  • NoSQL Injection
  • CORS Misconfig
  • And many more
Loading