Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.

GSOC 2019

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS Twitter Follow

This is a Swift version of original iGoat Objective C project. Using OWASP iGoat, you can learn exploiting and defending vulnerabilities in iOS Swift applications. Developed using Swift 4 Ruby

iGoat (Objective C) was presented at: AppSec USA 2017   c0c0n 2017   SEC-T 2017   BruCON 2017   Bugcrowd Levelup 2017

Vulnerabilities Covered (version 1.0): Download iGoat Documentation:

Summary Snapshot
OWASP TOP 10 Mobile

* Reverse Engineering
* Runtime Analysis
* Data Protection (Rest)
* Data Protection (Transit)
* Key Management
* Tampering
* Injection Flaws
* Broken Cryptography
* Memory Management
* URL Scheme Attack
* Social Engineering
* SSL Pinning
* Authentication
* Jailbreak Detection
* Side Channel Data Leaks
* Cloud Misconfiguration
* Crypto Challenges



Documentation: iGoat Wiki

iGoat Quick Setup git clone open iGoat-Swift.xcodeproj with xcode. Setup iGoat Server Navigate to server > docker_packaging and then use command docker compose up
Using Cydia Repo - Open Cydia -> Sources -> Edit and add source and then search for iGoat and install it.

Project Lead - Swaroop Yermalkar Twitter Follow

Lead Developer - Anthony Gonsalves



How to Contribute?

  • You can add new exercises
  • Testing iGoat and checking if any issues
  • Suggest us new attacks
  • Writing blogs / article about iGoat
  • Spreading iGoat :)

To contribute to iGoat project, please contact Swaroop ( or @swaroopsy )

Project Contributors -

Junard Lebajan
Your name can be here :) We give cool iGoat t-shirt and swag!