{"id":13717237,"url":"https://github.com/OWASP/iGoat-Swift","last_synced_at":"2025-05-07T07:30:54.166Z","repository":{"id":44173343,"uuid":"127922625","full_name":"OWASP/iGoat-Swift","owner":"OWASP","description":"OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS","archived":false,"fork":false,"pushed_at":"2024-07-19T08:37:37.000Z","size":198964,"stargazers_count":402,"open_issues_count":13,"forks_count":168,"subscribers_count":18,"default_branch":"master","last_synced_at":"2024-08-04T00:13:11.968Z","etag":null,"topics":["insecure-data-storage","ios-security","ios-swift","ipa","owasp-igoat","owasp-top-10","runtime-security"],"latest_commit_sha":null,"homepage":"https://igoatapp.com/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OWASP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-03T14:40:39.000Z","updated_at":"2024-08-02T10:01:53.000Z","dependencies_parsed_at":"2023-02-16T18:32:30.799Z","dependency_job_id":null,"html_url":"https://github.com/OWASP/iGoat-Swift","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FiGoat-Swift","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FiGoat-Swift/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FiGoat-Swift/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FiGoat-Swift/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OWASP","download_url":"https://codeload.github.com/OWASP/iGoat-Swift/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224573408,"owners_count":17333802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["insecure-data-storage","ios-security","ios-swift","ipa","owasp-igoat","owasp-top-10","runtime-security"],"created_at":"2024-08-03T00:01:19.677Z","updated_at":"2024-11-14T05:31:14.052Z","avatar_url":"https://github.com/OWASP.png","language":"C","funding_links":[],"categories":["C","C (286)","Mobile Security"],"sub_categories":["Vulnerable Apps"],"readme":"![GSOC 2019](https://img.shields.io/static/v1.svg?label=GSOC\u0026message=Google%20Summer%20of%20Code%202019\u0026color=blue\u0026logo=%20data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAAAXNSR0IArs4c6QAABLFJREFUSA2tVV1sVFUQ/s45d7ulpT+63VSkQC1IIsHyAugDAWLwQSEQI/EnaGL0QWOQ6AMo+uAzJooJJJiIiQ8qkWDURIxGIlLUqEQTKz9REEpbMFhKt7ss7e49P35zb9jaqKEkTnL33jNn5ps538ycBa5D7MH8etuTX38dLlM3jQ+2rXRf1Q/LI99T9VRTMYy/rF+hUflAIeTEPkANe2Tvz9w1fuha/pMChE/RbDNRd83JWnigwzTO2Gma5+ec6eCWgnEDcMXfhl35j43cH4yiqOYSxbZX3YviVcXEDjVWR4tMRvUEegUXQzfNRtT1PJBbw7WFjocTv5DJwZgoZy7t3+N/34YwdhbKZKA0MO6i5UQ6/K8BYBC8gNsYKr8a6rZdCJePwx97EmH0e+rTxFTUDNW8FHrOs9CLD8OdeBp+6BOoKAPBuAou70knSDaYucrfA73wXbhTW+EHdqX2ypCdlNHgigjDn8Pz0R1PwSx8B+7oBuDi/n9ATgoQW+vqp8+EWrCb4C/B9xPciMnfSuVjLhlMM1sm6/vfSNZmwZvwR5YilAZdmlH6S9YmxFjMVl2bEcon08wTcO4LqEhwMHNfhm65E+BJE2GB/SCpLP8K3bUFgpFupL+1AGNfTF8ZtbbtQNt9zOo17iaV5ltDz3iErzpyTO7bH6KOBZ/xYHoSBmXl4M++ymZYh6g1v0OwaJRIEiBwcOrMlX26cV4+eAU/+l2yqTJtiLr3Qd1EMDsONNzKzMvwpaPUbYC5fS9AG5FQZBMwJ8EQLMEUvbaH2tZ6lD4kbM7pmwl0CagOQzXOh1ncg1D9E66XWTNT1byELXmaNmW4Xx6m3RAi2ohtqNLPjsCZmTyzzwmmPdS+VhvYQmBp0gaRDmNBZSG829GUFtPAAFS33AEUf0i/RUfK6E7bqiRLkWYQQ/kOJYNKQasVhR7nMmt8QJ/xA3S6EUJNGDsD++MqHvsKqXiPgaZBNTDT4hGeO6JuT0KX/elu2vZB1eUTX8EQLEtMwU5qkF1V7rUe6/zlU6eV5hzcsDxJBH4M7tjjaQEbyT8n2JdPEKiOjbAd7vgTDDKWJt26jJPMq6V08rRgCaaco9ZF2VXoDcXCJlzYwwndzP5nnwtVnH8/9JkcGf7cbiAm16TED3Go5G4QG86E7qQPfePiyCbBEnCRWgBZhAxG/JnXSRHvms4XmJ0VbRIsuTL6XuFaCE5Bkz25o27ZklDkz2yHJwYNajJpksmtDvEQaXkUZtFHiZHr28ZALKJmLuQ+AZV+5KWlDGdj7laY2c/B/byOpxvioSIaSmKpTA5AnSY1vvANPB30greg82vg+ncgFA4nbZm4ZdugWpcT+BnWowW+l+CFr9PLzkonTsjkAKSbHTDuFfkf+ZZ3yzLoWRvrzLwXdVDSkqW0EU0T3yX48+97P7CzGqoXmTl9iB2IMQGfElpbh72YhvZsR6VCVZYPP0wFM9X0prdNU+ccpziIpN+E8/zD6TsbLpcec1mcE2Mxl5/BC5XBWQ+ArZWKVOyaUjlQ1x3p+GOtQqcY+6D6rM+wFau1bvkvkCkFEOfKgcbuyMTsTTLlMquv9rms/zepHmheIs/1AP4F9DYB6+AcwCcAAAAASUVORK5CYII=)\n\n____\n\n## OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS [![Twitter Follow](https://img.shields.io/twitter/follow/espadrine.svg?style=social\u0026label=Follow)](https://twitter.com/OWASPiGoat/)\n\nThis is a Swift version of original iGoat [![Objective C](https://img.shields.io/badge/Objective-C-blue.svg)](https://github.com/OWASP/igoat) project. Using OWASP iGoat, you can learn exploiting and defending vulnerabilities in iOS Swift applications. Developed using [![Swift 4](https://img.shields.io/badge/Swift-4-blue.svg)](https://developer.apple.com/swift/) [![Ruby](https://img.shields.io/badge/Ruby--blue.svg)]()\n\niGoat (Objective C) was presented at:\n[![AppSec USA 2017](https://img.shields.io/badge/AppSec%20USA-2017-red.svg)](https://appsecusa2017.sched.com/event/B2Xk/igoat-a-self-learning-tool-for-ios-app-pentesting-and-security) \u0026nbsp; [![c0c0n 2017](https://img.shields.io/badge/c0c0n-2017-red.svg)](http://is-ra.org/c0c0n/2017/agenda) \u0026nbsp; [![SEC-T 2017](https://img.shields.io/badge/SEC--T-2017-red.svg)](https://www.sec-t.org/archive/2017_events/schedule/) \u0026nbsp; [![BruCON 2017](https://img.shields.io/badge/BruCON-2017-red.svg)](https://2017.brucon.org/index.php/Practical_iOS_App_Exploitation_and_Defense_using_iGoat) \u0026nbsp; [![Bugcrowd Levelup 2017](https://img.shields.io/badge/BugcrowdLevelUp-2017-red.svg)](https://forum.bugcrowd.com/t/levelup-2017-discussion-swaroop-owasp-igoat/3052)\n\n__Vulnerabilities Covered (version 1.0):__ [![Download iGoat](https://img.shields.io/badge/Download-iGoat-orange.svg)](https://codeload.github.com/OWASP/iGoat-Swift/zip/master) Documentation: https://docs.igoatapp.com/\n\nSummary            |  Snapshot\n:-------------------------:|:-------------------------:\n__OWASP TOP 10 Mobile__ \u003c/br\u003e\u003cp align=\"left\"\u003e* __Reverse Engineering__\u003c/br\u003e* __Runtime Analysis__\u003c/br\u003e* __Data Protection (Rest)__\u003c/br\u003e* __Data Protection (Transit)__\u003c/br\u003e* __Key Management__\u003c/br\u003e* __Tampering__\u003c/br\u003e* __Injection Flaws__\u003c/br\u003e* __Broken Cryptography__\u003c/br\u003e* __Memory Management__\u003c/br\u003e* __URL Scheme Attack__\u003c/br\u003e* __Social Engineering__\u003c/br\u003e* __SSL Pinning__\u003c/br\u003e* __Authentication__\u003c/br\u003e* __Jailbreak Detection__\u003c/br\u003e* __Side Channel Data Leaks__\u003c/br\u003e* __Cloud Misconfiguration__\u003c/br\u003e* __Crypto Challenges__ | \u003cimg src=\"https://github.com/swaroopsy/test/blob/master/h1.gif?raw=true\" width=\"256\" title=\"iGoat App\"\u003e\n\n## Demo\n![Demo](https://github.com/swaroopsy/test/blob/master/OWASP_iGoat_Demo.gif)\n\n__Documentation:__ \u003ca href=\"https://github.com/OWASP/iGoat-Swift/wiki\"\u003eiGoat Wiki\u003c/a\u003e\n\n__iGoat Quick Setup__ `git clone https://github.com/OWASP/iGoat-Swift.git`and open iGoat-Swift.xcodeproj with xcode.\n__Setup iGoat Server__ Navigate to server \u003e docker_packaging and then use command `docker compose up` \u003cbr\u003e\n__Using Cydia Repo__ - Open Cydia -\u003e Sources -\u003e Edit and add source http://swiftigoat.yourepo.com/ and then search for iGoat and install it.\n\n__Project Lead__ - Swaroop Yermalkar [![Twitter Follow](https://img.shields.io/twitter/follow/espadrine.svg?style=social\u0026label=Follow)](https://twitter.com/swaroopsy)\n\n__Lead Developer__ - Anthony Gonsalves\n\n## Architecture\n![Architecture](https://github.com/swaroopsy/test/blob/master/Architecture.png?raw=true)\n\n### How to Contribute? ###\n* You can add new exercises\n* Testing iGoat and checking if any issues\n* Suggest us new attacks\n* Writing blogs / article about iGoat\n* Spreading iGoat :)\n\nTo contribute to iGoat project, please contact __Swaroop__ ( swaroop.yermalkar@owasp.org or @swaroopsy )\n\n### Project Contributors - ###\n[Junard Lebajan](https://twitter.com/junard) \u003cbr\u003e\n[Tim](https://twitter.com/0xff7) \u003cbr\u003e\n[masbog](https://github.com/masbog) \u003cbr\u003e\n[Arun](https://twitter.com/he_hacks)\n\u003cbr\u003e Your name can be here :) We give cool iGoat t-shirt and swag!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOWASP%2FiGoat-Swift","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOWASP%2FiGoat-Swift","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOWASP%2FiGoat-Swift/lists"}