Find an API

Search public APIs with auth details & Postman guides

← All APIs

IoTVAS API

firmalyzer · IoT

IoT No Auth Free & Open iot security

IOTVAS API enables you to discover IoT/Connected devices in the network and provides detailed real-time risk analysis, including firmware vulnerability analysis without requiring the user to upload the firmware file. Please visit the [signup page](https://iotvas-api.firmalyzer.com/portal/signup) to create an API key. IoTVAS API can be easily integrated with vulnerability scanning and network port scanner tools. For example, we have also released the [IOTVAS NSE script](https://g

Authentication

No authentication requiredFree to use with no key needed.

Sample Requests

GET Get default accounts and password hashes of a firmware

Get default accounts and password hashes of a firmware

https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/accounts

Hover any highlighted part to learn what it does

curl -X GET "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/accounts"
import requests
response = requests.get(
    "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/accounts",
)
print(response.json())
const url = 'https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/accounts';

const response = await fetch(url); 
const data = await response.json();
console.log(data);
package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	targetURL := "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/accounts"
	req, _ := http.NewRequest("GET", targetURL, nil)

	client := &http.Client{}
	resp, _ := client.Do(req)
	defer resp.Body.Close()
	body, _ := io.ReadAll(resp.Body)
	fmt.Println(string(body))
}
require "net/http"
require "json"

uri = URI("https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/accounts")

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"

req = Net::HTTP::Get.new(uri)

res = http.request(req)
puts JSON.parse(res.body)
<?php
$url = "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/accounts";
$opts = ["http" => [
    "method" => "GET",
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));
GET Get default OS configuration issues of a device firmware

Get default OS configuration issues of a device firmware

https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/config-issues

Hover any highlighted part to learn what it does

curl -X GET "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/config-issues"
import requests
response = requests.get(
    "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/config-issues",
)
print(response.json())
const url = 'https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/config-issues';

const response = await fetch(url); 
const data = await response.json();
console.log(data);
package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	targetURL := "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/config-issues"
	req, _ := http.NewRequest("GET", targetURL, nil)

	client := &http.Client{}
	resp, _ := client.Do(req)
	defer resp.Body.Close()
	body, _ := io.ReadAll(resp.Body)
	fmt.Println(string(body))
}
require "net/http"
require "json"

uri = URI("https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/config-issues")

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"

req = Net::HTTP::Get.new(uri)

res = http.request(req)
puts JSON.parse(res.body)
<?php
$url = "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/config-issues";
$opts = ["http" => [
    "method" => "GET",
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));
GET Get expired digital certificates embedded in a device firmware

Get expired digital certificates embedded in a device firmware

https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/expired-certs

Hover any highlighted part to learn what it does

curl -X GET "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/expired-certs"
import requests
response = requests.get(
    "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/expired-certs",
)
print(response.json())
const url = 'https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/expired-certs';

const response = await fetch(url); 
const data = await response.json();
console.log(data);
package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	targetURL := "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/expired-certs"
	req, _ := http.NewRequest("GET", targetURL, nil)

	client := &http.Client{}
	resp, _ := client.Do(req)
	defer resp.Body.Close()
	body, _ := io.ReadAll(resp.Body)
	fmt.Println(string(body))
}
require "net/http"
require "json"

uri = URI("https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/expired-certs")

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"

req = Net::HTTP::Get.new(uri)

res = http.request(req)
puts JSON.parse(res.body)
<?php
$url = "https://api.apis.guru/v2/specs/firmalyzer.com/iotvas/1.0/firmware/{firmware_hash}/expired-certs";
$opts = ["http" => [
    "method" => "GET",
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));

Postman Setup Guide

Get Postman ↗
  1. See official documentation for authentication and setup.

What can you build with IoTVAS API?

IoTVAS API is a IoT API. Developers commonly use iot APIs for:

  • collecting and streaming sensor and device data
  • monitoring and controlling connected devices
  • building smart-home and industrial dashboards
  • processing device telemetry at scale
  • automating device provisioning and alerting

No authentication required. This API is open — no signup or key needed. Ideal for quick prototypes and public-facing features. IoTVAS API is free to use, making it a low-risk choice to experiment with.

New to APIs? Read our beginner's guide · Learn about API keys · What is REST?

Open documentation ↗