API

API Reference

This document provides detailed information about the IoTSploit REST API endpoints. The API allows you to interact with devices, vehicles, plugins, and test functionalities.

Device Management APIs

Get Device Information

List All Devices

Scan Devices

Scan Specific Device

Initialize Devices

Cleanup Devices

Vehicle Management APIs

Get Vehicle Information

Select Vehicle Profile

Get OTA Information

Plugin Management APIs

List Plugins

Execute Plugin

Execute Plugin Asynchronously

Stop Async Plugin

Plugin Group Management

Create Plugin Group

Delete Plugin Group

List Groups

Error Responses

All API endpoints may return the following error responses:

{
    "status": "error",
    "message": "Error description"
}

Common HTTP status codes:

200: Success
400: Bad Request
404: Not Found
405: Method Not Allowed
500: Internal Server Error

WebSocket Support

Some operations support real-time updates through WebSocket connections:

Plugin execution progress updates: ws://<host>/ws/exploit/<task_id>/
Device status updates: ws://<host>/ws/device/<device_id>/

Authentication

Currently, the API does not require authentication. However, it’s recommended to implement appropriate authentication mechanisms in production environments.

Rate Limiting

The API currently does not implement rate limiting. Consider implementing rate limiting in production environments to prevent abuse.