- accurately identify IoT/connected devices and their vulnerabilities in the firmware code level
- track and manage discontinued, outdated and vulnerable devices from within the Qualys platform
For more infromation on this application, please visit this blog post.
Clone the repository content to a local folder and issue the following commands:
python3 -mvenv env source env/bin/activate pip install -r requirements.txt
The following parameters should be set in the config.py file before using the application:
- Url to your Qualys Cloud Platform instance (qualys_api_base)
- Username and password of your Qualys account that has permission to call asset management API (qualys_username, qualys_password)
- Your IoTVAS Enterprise plan API key (iotvas_apikey). Trial keys can be obtained from here
This application accepts a target list file and optional excluded addresses file. Both files can contain hostname, individual IP addresses or IP address ranges in CIDR notation.
(env) python iotvas-qualys.py -t targets.txt
|IoTVAS augments an PLC device in Qualys|
The following video shows usage of this application: