Skip to content
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
C Swift Objective-C HTML Ruby PHP Other
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore .DS_Store banished! Apr 7, 2019

GSOC 2019

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS Twitter Follow

This is a Swift version of original iGoat Objective C project. Using OWASP iGoat, you can learn exploiting and defending vulnerabilities in iOS Swift applications. Developed using Swift 4 Ruby

iGoat (Objective C) was presented at: AppSec USA 2017   c0c0n 2017   SEC-T 2017   BruCON 2017   Bugcrowd Levelup 2017

Vulnerabilities Covered (version 1.0): Download iGoat Documentation:

Summary Snapshot
OWASP TOP 10 Mobile

* Reverse Engineering
* Runtime Analysis
* Data Protection (Rest)
* Data Protection (Transit)
* Key Management
* Tampering
* Injection Flaws
* Broken Cryptography
* Memory Management
* URL Scheme Attack
* Social Engineering
* SSL Pinning
* Authentication
* Jailbreak Detection
* Side Channel Data Leaks
* Cloud Misconfiguration
* Crypto Challenges



Documentation: iGoat Wiki

iGoat Quick Setup git clone open iGoat-Swift.xcodeproj with xcode. Setup iGoat Server Navigate to server > docker_packaging and then use command docker compose up
Using Cydia Repo - Open Cydia -> Sources -> Edit and add source and then search for iGoat and install it.

Project Lead - Swaroop Yermalkar Twitter Follow

Lead Developer - Anthony Gonsalves



How to Contribute?

  • You can add new exercises
  • Testing iGoat and checking if any issues
  • Suggest us new attacks
  • Writing blogs / article about iGoat
  • Spreading iGoat :)

To contribute to iGoat project, please contact Swaroop ( or @swaroopsy )

Project Contributors -

Junard Lebajan
Your name can be here :) We give cool iGoat t-shirt and swag!

You can’t perform that action at this time.