OWASP iGoat - A Learning Tool (Open-Source) for iOS App Pentesting and Security

As such, iGoat is a safe environment where iOS developers and pentesters can learn about the major security pitfalls they face as well as how to avoid them.


Reasons to love iGoat!

Client-Server Arch

iGoat is a client-server architecture. Help to learn vulnerabilities in both ways.


iGoat has detailed documentation. This will help you to learn iGoat step by step


We are here to hear from you. If you raise issue on github or send ur query, we will respond it on priority.

dual phone

Launch iGoat

You can use iGoat on Mac, iPhone, iPad, iPod

Read Documentation   iGoat Blog
  • 1

    Brief introduction to the problem.

  • 2

    Verify the problem by exploiting it.

  • 3

    Brief description of available remediations to the problem.

  • 4

    Fix the problem by correcting and rebuilding the iGoat program.


Developed and Managed by


Frequently Asked Questions

Can I use iGoat on non-jailbroken devices?

Yes you can install but with limited funcitonalities. There will be limitations in terms of exploiting vulneraiblities.

Is there any documentations?

Yes there is detailed documentation on iGoat. You can find it at here

Where I can learn iOS pentesting in depth?

We're currently working on step by step guide to exploit vulnerabilities from basics to advanced. You can find details at here

Can I contribute for project?

To contribute to iGoat project, please contact Swaroop ( swaroop[dot]yermalkar[at]owasp[dot]org or @swaroopsy )

Download iGoat

OWASP iGoat is available in Swift and Objective C version. Select your version to download

*Works on iOS 9+

Any Queries?   Email us Follow Us