added fox info

helpers/Packet_Analyzer.py

 import binascii
 import json
-from protocol_discover_helpers import modbus_discover,enip_discover,s7_discover,omron_discover,bacnet_discover,codesys_discover,dnp3_discover
+from protocol_discover_helpers import modbus_discover,enip_discover,s7_discover,omron_discover,bacnet_discover,codesys_discover,dnp3_discover,fox_discover
 
 class Packet_Analyzer():
 	def __init__(self):
 		self.data=None
-		self.protocol_list={502: modbus_discover,44818:enip_discover,102:s7_discover,9600:omron_discover,47808:bacnet_discover,2455:codesys_discover,20000:dnp3_discover}
+		self.protocol_list={502: modbus_discover,44818:enip_discover,102:s7_discover,9600:omron_discover,47808:bacnet_discover,2455:codesys_discover,20000:dnp3_discover,1911:fox_discover}
 
 	def identify_protocol(self,hex_pkt):
 		protocols=""

json_operations.py

@@ -37,7 +37,7 @@ def insert_asset(ip,last_activity,dev_type,protocols,mac,vendor,firmware,model,o
     if transmit_assets:
         requests.post(url=url,json=json_transmit_data)
 
-def  update_asset(ip,prev_protocols,last_activity,dev_type,vendor,firmware,model):
+def  update_asset(ip,prev_protocols,last_activity,dev_type,vendor,firmware,model,operating_sys):
     json_transmit_data = {}
     json_transmit_data[ip] = {}
     json_transmit_data[ip]["protocols"]=json_decoded[ip]["protocols"] = prev_protocols
@@ -46,6 +46,7 @@ def  update_asset(ip,prev_protocols,last_activity,dev_type,vendor,firmware,model
     json_transmit_data[ip]["vendor"]=json_decoded[ip]["vendor"] = vendor
     json_transmit_data[ip]["firmware"]=json_decoded[ip]["firmware"] = firmware
     json_transmit_data[ip]["model"]=json_decoded[ip]["model"] = model
+    json_transmit_data[ip]["os"]=json_decoded[ip]["os"] = operating_sys
     write_into_json_file(json_decoded)
     if transmit_assets:
         requests.post(url=url, json=json_transmit_data)

protocol_actions.py

@@ -3,6 +3,7 @@ from protocol_enumerators import s7_enum as s7
 from protocol_enumerators import bacnet as bac
 from protocol_enumerators import modbus
 from protocol_enumerators import dnp3_enum
+from protocol_enumerators import fox_enum
 from protocol_enumerators import codesys
 from helpers.port_service_helper import psdata
 from protocol_enumerators import omron
@@ -17,6 +18,7 @@ def analyse_protocol(protocols, pkt):
 		vendor = "Unknown"
 		firmware = "Unknown"
 		model = "Unknown"
+		operating_sys="Unknown"
 		inhex = binascii.hexlify(bytes(pkt))
 		pa = Packet_Analyzer()
 		if ("enip" in protocols):
@@ -66,12 +68,20 @@ def analyse_protocol(protocols, pkt):
 			res=dnp3_enum.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
 			if(res):
 				dev_type=res['Device Type']
+		elif("niagara_fox" in protocols):
+			res=fox_enum.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
+			if(res):
+				dev_type = res['VM Name']
+				vendor = res['Brand ID']
+				firmware = "Application Version: "+res['Application Version']+"VM Version:"+res['VM Version']
+				model = res["Application Name"]
+				operating_sys=res['OS Name']
 		else:
 			port_no = str(pa.get_tcp_port(inhex)) if "tcp" in protocols else str(
 				pa.get_udp_port(inhex)) if "udp" in protocols else "Unknown"
 			dev_type = psdata[port_no] if port_no in psdata else "Unknown"
 			vendor = pa.get_vendor(pa.get_mac(inhex))
-		return dev_type, vendor, firmware, model
+		return dev_type, vendor, firmware, model, operating_sys
 	except Exception as e:
 		exc_type, exc_obj, exc_tb = sys.exc_info()
 		fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
@@ -85,6 +95,7 @@ def update_protocol(protocols,pkt):
 		vendor="Unknown"
 		firmware="Unknown"
 		model="Unknown"
+		operating_sys ="Unknown"
 		inhex = binascii.hexlify(bytes(pkt))
 		pa=Packet_Analyzer()
 		if("enip" in protocols):
@@ -130,7 +141,16 @@ def update_protocol(protocols,pkt):
 			res=dnp3_enum.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
 			if(res):
 				dev_type=res['Device Type']
-		return dev_type,vendor,firmware,model
+		elif("niagara_fox" in protocols):
+			res=fox_enum.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
+			if(res):
+				dev_type = res['VM Name']
+				vendor = res['Brand ID']
+				firmware = "Application Version: "+res['Application Version']+"VM Version:"+res['VM Version']
+				model = res["Application Name"]
+				operating_sys=res['OS Name']
+
+		return dev_type,vendor,firmware,model,operating_sys
 	except Exception as e:
 		exc_type, exc_obj, exc_tb = sys.exc_info()
 		fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]

protocol_discover_helpers/fox_discover.py

+def protocol_identify(hex_pkt):
+    if (b'666f' in hex_pkt and hex_pkt[108:112] == b'666f'):
+        return ":niagara_fox"
\ No newline at end of file

protocol_enumerators/fox_enum.py

+import socket
+import re
+import binascii
+
+def split_string(input_str, sep):
+    return input_str.split(sep)
+
+def action(host, port):
+    # Create a socket
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    
+    try:
+        # Connect to the remote host
+        sock.connect((str(host), int(port)))
+        
+        # Send the original query
+        orig_query = binascii.unhexlify("666f7820612031202d3120666f782068656c6c6f0a7b0a" \
+                     "666f782e76657273696f6e3d733a312e300a69643d693a310a" \
+                     "686f73744e616d653d733a7870766d2d306f6d64633031786d790a" \
+                     "686f7374416464726573733d733a3139322e3136382e312e3132350a" \
+                     "6170702e6e616d653d733a576f726b62656e63680a6170702e766572" \
+                     "73696f6e3d733a332e372e34340a766d2e6e616d653d733a4a61766120" \
+                     "486f7453706f7428544d292053657276657220564d0a766d2e76657273" \
+                     "696f6e3d733a32302e342d6230320a6f732e6e616d653d733a57696e64" \
+                     "6f77732058500a6f732e76657273696f6e3d733a352e310a6c616e673d" \
+                     "733a656e0a74696d655a6f6e653d733a416d65726963612f4c6f735f416e" \
+                     "67656c65733b2d32383830303030303b333630303030303b30323a30303a" \
+                     "30302e3030302c77616c6c2c6d617263682c382c6f6e206f722061667465" \
+                     "722c73756e6461792c756e646566696e65643b30323a30303a30302e3030" \
+                     "302c77616c6c2c6e6f76656d6265722c312c6f6e206f722061667465722c" \
+                     "73756e6461792c756e646566696e65640a686f737449643d733a57696e2d" \
+                     "393943422d443439442d353434322d303742420a766d557569643d733a3862" \
+                     "3533306263382d373663352d343133392d613265612d306661626433393464" \
+                     "3330350a6272616e6449643d733a76796b6f6e0a7d3b3b0a")
+        sock.send(orig_query)
+        # Receive response
+        response = sock.recv(1024).decode('utf-8')
+        # Split the response on newline character
+
+        lines = split_string(response, "\n")
+        
+        to_return = {}
+        
+        # Parse the response and populate the to_return dictionary
+        for line in lines:
+            if "hostName" in line:
+                temp = split_string(line, ":")
+                to_return["Host Name"] = temp[1].strip()
+            elif "hostAddress" in line:
+                temp = split_string(line, ":")
+                to_return["Host Address"] = temp[1].strip()
+            elif "fox.version" in line:
+                temp = split_string(line, ":")
+                to_return["Fox Version"] = temp[1].strip()
+            elif "app.name" in line:
+                temp = split_string(line, ":")
+                to_return["Application Name"] = temp[1].strip()
+            elif "app.version" in line:
+                temp = split_string(line, ":")
+                to_return["Application Version"] = temp[1].strip()
+            elif "vm.name" in line:
+                temp = split_string(line, ":")
+                to_return["VM Name"] = temp[1].strip()
+            elif "vm.version" in line:
+                temp = split_string(line, ":")
+                to_return["VM Version"] = temp[1].strip()
+            elif "os.name" in line:
+                temp = split_string(line, ":")
+                to_return["OS Name"] = temp[1].strip()
+            elif "timeZone" in line:
+                temp = split_string(line, ":")
+                # Split again just for the timezone name
+                temp2 = split_string(temp[1], ";")
+            elif "hostId" in line:
+                temp = split_string(line, ":")
+                to_return["Host ID"] = temp[1].strip()
+            elif "vmUuid" in line:
+                temp = split_string(line, ":")
+                to_return["VM UUID"] = temp[1].strip()
+            elif "brandId" in line:
+                temp = split_string(line, ":")
+                to_return["Brand ID"] = temp[1].strip()
+        return to_return
+    except Exception as e:
+        return False
+    finally:
+        sock.close()
+
+def get_info(ip,port):
+  return(action(ip,port))

sniff.py

@@ -53,17 +53,17 @@ def convert_text(pkt):
 			mac=pa.get_mac(inhex)
 			check_exist=jo.check_asset_exists(ip)
 			if(not check_exist):
-				dev_type,vendor,firmware,model=protocol_actions.analyse_protocol(protocols,pkt)
-				operating_sys=pa.get_os(inhex)
+				dev_type,vendor,firmware,model,operating_sys=protocol_actions.analyse_protocol(protocols,pkt)
+				operating_sys=pa.get_os(inhex) if operating_sys == "Unknown" else operating_sys
 				jo.insert_asset(ip,datetime.now().strftime("%d-%m-%y %H:%M:%S"),dev_type,str(protocols),mac,vendor,firmware,model,operating_sys,plant)
 			else:
 				prev_protocols=jo.get_existing_protocols(ip)
 				extra_proto=set(protocols.split(':'))-set(prev_protocols.split(':'))
 				if(extra_proto):
-					dev_type,vendor,firmware,model=protocol_actions.update_protocol(protocols,pkt)
+					dev_type,vendor,firmware,model,operating_sys=protocol_actions.update_protocol(protocols,pkt)
 					prev_protocols=prev_protocols+':'+str(extra_proto).replace(", ",":").replace("{","").replace("}","").replace("'","")
 					if(dev_type!="Unknown"):
-						jo.update_asset(ip,prev_protocols,datetime.now().strftime("%d-%m-%y %H:%M:%S"),dev_type,vendor,firmware,model)
+						jo.update_asset(ip,prev_protocols,datetime.now().strftime("%d-%m-%y %H:%M:%S"),dev_type,vendor,firmware,model,operating_sys)
 					else:
 						jo.update_last_activity_and_protocols(ip,prev_protocols,datetime.now().strftime("%d-%m-%y %H:%M:%S"))
 				else: