There are many limitations while using simulator for iOS app pentesting. The most important limitation is that you cannot install the iTunes application on simulator as they are compiled for the ARM platform, which is used for iDevice.

Therefore, the basic requirement to conduct penetration test of an iOS app using simulator is that you should have the application's Xcode project. A client rarely shares their Xcode project as it's their intellectual property.

Therefore, only if you have an Xcode project, you can use the iOS Simulator to pentest with a limited scope.

You can access the iOS Simulator filesystem; set up proxy for it. Here, you will learn how to use the Cycript utility for an iOS Simulator that is used ...