update

d091da2b · yogesh.m · b5347e84 · d091da2b · d091da2b · d091da2b
Commit d091da2b authored May 05, 2023 by yogesh.m
15 changed files
--- a/__pycache__/asset_actions.cpython-39.pyc
+++ b/__pycache__/asset_actions.cpython-39.pyc
--- a/__pycache__/protocol_actions.cpython-39.pyc
+++ b/__pycache__/protocol_actions.cpython-39.pyc
--- a/__pycache__/sniff.cpython-39.pyc
+++ b/__pycache__/sniff.cpython-39.pyc
--- a/asset_actions.py
+++ b/asset_actions.py
@@ -52,8 +52,9 @@ def transmit_all_assets():
        pass

 def periodic_transmit_all_assets():
+    print("here")
    while True:
-        sleep(7)
+        sleep(int(data["configuration"]["transfer frequency"]))
        retry=0
        try:
            if platform == "linux" or platform == "linux2":

--- a/assets.db
+++ b/assets.db
--- a/cloned.db
+++ b/cloned.db
--- a/config.yaml
+++ b/config.yaml
 configuration:
-    platform: OT
-    asset_discovery: False  #To enable disable the scan
    threads: 20 #number of threads to scan at once
-    discovery frequency: 1800 minutes  #how frequent the scan needs to be
-    scan_protocol: ethernetip_enum,sip_enum #types of protocol to use
-    ot_ports : [80,102,443,502,530,593,789,1089,1090,1091,1911,1962,2222,2404,4000,4840,4843,4911,9600,19999,20000,20547,34962,34963,34964,34980,44818,46823,46824,55000,55001,55002,55003] #adding all OT ports to check
-    packet_storage: local #where to store packets local/remote(server)
-    unifytwin_server_ip_address: https://webhook.site/d3338504-e5f0-4c2b-ad21-ae7923119f16  #Data will be sent back here
-    asset_range_start:  10.10.3.214  #where to start the scan from
-    asset _range_end: 10.10.3.225  #where to end the scan from
+    transfer frequency: 1  #how frequent the scan needs to be
+    unifytwin_server_ip_address: https://webhook.site/244b0b77-e8f2-4a5b-9fb9-fd7f0e52e692  #Data will be sent back here
    edge_device_location : Dalmia Cement
-    port_monitoring: True #On/Off
-    pcap_analysis: False
    null_loopback: False
    interfaces: Wi-Fi
    blacklist_ip: ['46.4.105.116','172.67.214.157','3.6.115.64','104.21.53.154']
-    blacklist_dns: ['webhook.site.','hpd.gasmi.net.','dd01-14-98-12-178.in.ngrok.io.']
+    blacklist_dns: ['webhook.site.']
+    ui_host: 127.0.0.1
+    ui_port: 8081
\ No newline at end of file
--- a/helpers/Packet_Analyzer.py
+++ b/helpers/Packet_Analyzer.py
 import binascii
 import json
+
+
+
 class Packet_Analyzer():
 	def __init__(self):
 		data=None
@@ -15,7 +18,7 @@ class Packet_Analyzer():
 		if ((b'8000' in hex_pkt or b'c000' in hex_pkt) and (hex_pkt[84:88] == b'8000' or hex_pkt[84:88] == b'c000')):
 			print("omron found")
 			protocols = protocols + "omron:"
-		if (b'0000' in hex_pkt and hex_pkt[84:88] == b'0000'):
+		if (b'0000' in hex_pkt and hex_pkt[108:112] == b'0000'):
 			protocols = protocols + "modbus:"
 		if(hex_pkt[46:48] == b"06"):
 			protocols=protocols+"tcp"

--- a/helpers/__pycache__/Packet_Analyzer.cpython-39.pyc
+++ b/helpers/__pycache__/Packet_Analyzer.cpython-39.pyc
--- a/protocol_actions.py
+++ b/protocol_actions.py
@@ -7,93 +7,114 @@ from protocol_enumerators import omron
 import binascii
 import os
 from helpers.Packet_Analyzer import Packet_Analyzer
+import sys

 def analyse_protocol(protocols,pkt):
-	dev_type="Unknown"
-	vendor="Unknown"
-	firmware="Unknown"
-	model="Unknown"
-	inhex = binascii.hexlify(bytes(pkt))
-	pa=Packet_Analyzer()
-	if("enip" in protocols):
-		print(protocols)
-		res=eip.get_info(pa.get_ip(inhex),int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
-		if(res):
-			dev_type=res['Type']
-			vendor=res['Vendor']
-			firmware=res['ProductName']
-			model=res['SerialNumber']
-	elif("s7comm" in protocols):
-		res=s7.get_info(eip.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex))))
-		if(res):
-			dev_type=res['Module Type']+" "+res['System Name']
-			vendor=res['Copyright']
-			firmware=res['Module']+" "+res['Version']
-			model=res['Serial Number']
-	elif("bacnet" in protocols):
-		res=bac.get_info(eip.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex))))
-		if(res):
-			dev_type=res['desc']
-			vendor=res['vendorid']
-			firmware=res['firmware']
-			model=res['model']
-	elif("modbus" in protocols):
-		res=modbus.get_info(eip.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex))),False)
-		if(res):
-			dev_type=res['Device identification']
-			vendor=res['Slave ID data']
-			model=res['sid']
-	elif("omron" in protocols):
-		res=omron.get_info(eip.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex))),False)
-		if(res):
-			dev_type='Omron Device'
-			vendor='Omron Devices'
-			firmware=res['Controller Version']
-			model=res['Controller Model']
-	else:
-		dev_type=psdata[str(pa.get_tcp_port(inhex))] if "tcp" in protocols else psdata[str(pa.get_udp_port(inhex))] if "udp" in protocols else "Unknown"
-		vendor=pa.get_vendor(pa.get_mac(inhex))
-	return dev_type,vendor,firmware,model
+	try:
+		dev_type = "Unknown"
+		vendor = "Unknown"
+		firmware = "Unknown"
+		model = "Unknown"
+		inhex = binascii.hexlify(bytes(pkt))
+		pa = Packet_Analyzer()
+		if ("enip" in protocols):
+			print(protocols)
+			res = eip.get_info(pa.get_ip(inhex),
+							   int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
+			if (res):
+				dev_type = res['Type']
+				vendor = res['Vendor']
+				firmware = res['ProductName']
+				model = res['SerialNumber']
+		elif ("s7comm" in protocols):
+			res = s7.get_info(eip.get_info(pa.get_ip(inhex), int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(
+				pa.get_udp_port(inhex))))
+			if (res):
+				dev_type = res['Module Type'] + " " + res['System Name']
+				vendor = res['Copyright']
+				firmware = res['Module'] + " " + res['Version']
+				model = res['Serial Number']
+		elif ("bacnet" in protocols):
+			res = bac.get_info(eip.get_info(pa.get_ip(inhex), int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(
+				pa.get_udp_port(inhex))))
+			if (res):
+				dev_type = res['desc']
+				vendor = res['vendorid']
+				firmware = res['firmware']
+				model = res['model']
+		elif ("modbus" in protocols):
+			res = modbus.get_info(eip.get_info(pa.get_ip(inhex), int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(
+				pa.get_udp_port(inhex))), False)
+			print(inhex)
+			if (res):
+				dev_type = res['Device identification']
+				vendor = res['Slave ID data']
+				model = res['sid']
+		elif ("omron" in protocols):
+			res = omron.get_info(eip.get_info(pa.get_ip(inhex), int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(
+				pa.get_udp_port(inhex))), False)
+			if (res):
+				dev_type = 'Omron Device'
+				vendor = 'Omron Devices'
+				firmware = res['Controller Version']
+				model = res['Controller Model']
+		else:
+			port_no = str(pa.get_tcp_port(inhex)) if "tcp" in protocols else str(
+				pa.get_udp_port(inhex)) if "udp" in protocols else "Unknown"
+			dev_type = psdata[port_no] if port_no in psdata else "Unknown"
+			vendor = pa.get_vendor(pa.get_mac(inhex))
+		return dev_type, vendor, firmware, model
+	except Exception as e:
+		exc_type, exc_obj, exc_tb = sys.exc_info()
+		fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
+		print(exc_type, fname, exc_tb.tb_lineno, e)
+
+

 def update_protocol(protocols,pkt):
-	dev_type="Unknown"
-	vendor="Unknown"
-	firmware="Unknown"
-	model="Unknown"
-	inhex = binascii.hexlify(bytes(pkt))
-	pa=Packet_Analyzer()
-	if("enip" in protocols):
-		res=eip.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
-		if(res):
-			dev_type=res['Type']
-			vendor=res['Vendor']
-			firmware=res['ProductName']
-			model=res['SerialNumber']
-	elif("s7comm" in protocols):
-		res=s7.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
-		if(res):
-			dev_type=res['Module Type']+" "+res['System Name']
-			vendor=res['Copyright']
-			firmware=res['Module']+" "+res['Version']
-			model=res['Serial Number']
-	elif("bacnet" in protocols):
-		res=bac.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
-		if(res):
-			dev_type=res['desc']
-			vendor=res['vendorid']
-			firmware=res['firmware']
-			model=res['model']
-	elif("modbus" in protocols):
-		res=modbus.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)),False)
-		if(res):
-			dev_type=res['Device identification']
-			vendor=res['Slave ID data']
-			model=res['sid']
-	elif("omron" in protocols):
-		res=omron.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)),False)
-		if(res):
-			dev_type='Omron Device'
-			vendor='Omron Devices'
-			firmware=res['Controller Version']
-			model=res['Controller Model']
-	return dev_type,vendor,firmware,model
\ No newline at end of file
+	try:
+		dev_type="Unknown"
+		vendor="Unknown"
+		firmware="Unknown"
+		model="Unknown"
+		inhex = binascii.hexlify(bytes(pkt))
+		pa=Packet_Analyzer()
+		if("enip" in protocols):
+			res=eip.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
+			if(res):
+				dev_type=res['Type']
+				vendor=res['Vendor']
+				firmware=res['ProductName']
+				model=res['SerialNumber']
+		elif("s7comm" in protocols):
+			res=s7.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
+			if(res):
+				dev_type=res['Module Type']+" "+res['System Name']
+				vendor=res['Copyright']
+				firmware=res['Module']+" "+res['Version']
+				model=res['Serial Number']
+		elif("bacnet" in protocols):
+			res=bac.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)))
+			if(res):
+				dev_type=res['desc']
+				vendor=res['vendorid']
+				firmware=res['firmware']
+				model=res['model']
+		elif("modbus" in protocols):
+			res=modbus.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)),False)
+			if(res):
+				dev_type=res['Device identification']
+				vendor=res['Slave ID data']
+				model=res['sid']
+		elif("omron" in protocols):
+			res=omron.get_info(pa.get_ip(inhex) ,int(pa.get_tcp_port(inhex)) if "tcp" in protocols else int(pa.get_udp_port(inhex)),False)
+			if(res):
+				dev_type='Omron Device'
+				vendor='Omron Devices'
+				firmware=res['Controller Version']
+				model=res['Controller Model']
+		return dev_type,vendor,firmware,model
+	except Exception as e:
+		exc_type, exc_obj, exc_tb = sys.exc_info()
+		fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
+		print(exc_type, fname, exc_tb.tb_lineno, e)
\ No newline at end of file
--- a/protocol_enumerators/__pycache__/modbus.cpython-39.pyc
+++ b/protocol_enumerators/__pycache__/modbus.cpython-39.pyc
--- a/security-management-ui.py
+++ b/security-management-ui.py
 from flask import Flask, request, render_template
-import asset_actions
 import json
-import os
 import sniff
 import multiprocessing
 from utilities.list_interfaces import get_interfaces
-
-
+import asset_actions
+import yaml
 app = Flask(__name__, template_folder='template')


 status="Offline"
+transfer_status="not transmitting"
+process=None
+periodic_transfer=None
+
+try:
+    yamlfile=open("config.yaml")
+    data = yaml.load(yamlfile, Loader=yaml.FullLoader)
+    ui_host=data["configuration"]["ui_host"]
+    ui_port=int(data["configuration"]["ui_port"])
+
+except Exception as e:
+    ui_host="127.0.0.1"
+    ui_port=8080
+
 @app.route('/')
-# ‘/’ URL is bound with hello_world() function.
 def hello_world():
    global status
+    global transfer_status
    headings = ["name", "last_activity", "type", "protocols", "mac_addr", "vendor", "firmware_version", "model", "os",
                "plant"]
    try:
        data = json.loads(asset_actions.transmit_all_assets())
    except:
        data = {}
-    return render_template("index.html", headings=headings, data=data, interfaces=get_interfaces(),status=status)
+    return render_template("index.html", headings=headings, data=data, interfaces=get_interfaces(),status=status,transfer_status=transfer_status)
+


-process=None
 @app.route('/start_sniff',methods = ['POST', 'GET'])
 def start_sniff():
    global process
@@ -51,13 +63,6 @@ def stop_sniff():

 @app.route('/refresh',methods = ['POST', 'GET'])
 def refresh():
-    # headings = ["name", "last_activity", "type", "protocols", "mac_addr", "vendor", "firmware_version", "model", "os",
-    #             "plant"]
-    # try:
-    #     data = json.loads(asset_actions.transmit_all_assets())
-    # except:
-    #     data = {}
-    # return render_template("index.html", headings=headings, data=data, interfaces=get_interfaces())
    return hello_world()

 @app.route('/delete_devices',methods = ['POST', 'GET'])
@@ -65,6 +70,32 @@ def delete():
    asset_actions.delete_all_assets()
    return hello_world()

-# main driver function
+@app.route('/start_transfer',methods = ['POST', 'GET'])
+def transfer_data():
+    global transfer_status
+    global periodic_transfer
+    transfer_status="transmitting"
+    periodic_transfer = multiprocessing.Process(target=asset_actions.periodic_transmit_all_assets, args=())
+    if(periodic_transfer.is_alive()):
+        periodic_transfer.kill()
+        periodic_transfer.start()
+    else:
+        periodic_transfer.start()
+    return hello_world()
+
+@app.route('/stop_transfer',methods = ['POST', 'GET'])
+def stop_transfer_data():
+    global transfer_status
+    global periodic_transfer
+    if (periodic_transfer):
+        if (periodic_transfer.is_alive()):
+            periodic_transfer.kill()
+            transfer_status = "not transmitting"
+        else:
+            transfer_status = "not transmitting"
+    else:
+        transfer_status = "not transmitting"
+    return hello_world()
+
 if __name__ == '__main__':
-    app.run(debug=True, port=8080)
+    app.run(debug=True,host=ui_host, port=ui_port)
--- a/sniff.py
+++ b/sniff.py
@@ -18,7 +18,6 @@ try:
 	yamlfile=open("config.yaml")
 	data = yaml.load(yamlfile, Loader=yaml.FullLoader)
 	server_ip=data["configuration"]["unifytwin_server_ip_address"]
-	packet_storage=data["configuration"]["packet_storage"]
 	plant=data["configuration"]["edge_device_location"]
 	balacklist_ips=data["configuration"]["blacklist_ip"]
 	blacklist_dns=data["configuration"]["blacklist_dns"]
@@ -27,7 +26,6 @@ try:
 	null_loopback=data["configuration"]["null_loopback"]
 except Exception as e:
 	server_ip=""
-	packet_storage="local"
 	plant="Unknown Location"
 	balacklist_ips=['46.4.105.116','172.67.214.157','3.6.115.64','104.21.53.154']
 	blacklist_dns=['webhook.site.','hpd.gasmi.net.','dd01-14-98-12-178.in.ngrok.io.']
@@ -55,9 +53,7 @@ def convert_text(pkt):
 	try:
 		pa = Packet_Analyzer()
 		protocols=pa.identify_protocol(inhex)
-		print(protocols)
 		ip=pa.get_ip(inhex)
-		print(ip)
 		if(ip):
 			mac=pa.get_mac(inhex)
 			check_exist=query.execute("SELECT ip_address FROM inventory WHERE ip_address='"+ip+"'").fetchone()
@@ -92,12 +88,18 @@ def convert_text(pkt):
 					query.close()
 					mydb.commit()
 	except sqlite3.OperationalError as e:
+		exc_type, exc_obj, exc_tb = sys.exc_info()
+		fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
+		print(exc_type, fname, exc_tb.tb_lineno,e)
 		query.close()
 		if(not mydb.in_transaction):
 			mydb.rollback()
 			mydb.commit()
 		pass
 	except Exception as e:
+		exc_type, exc_obj, exc_tb = sys.exc_info()
+		fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
+		print(exc_type, fname, exc_tb.tb_lineno,e)
 		pass

 def gasmi_api(pkt):
@@ -123,18 +125,8 @@ def network_sniffing_local_storage(pkt):
 		ti=threading.Thread(target=gasmi_api, args=pkt,)
 		ti.start()

-def network_sniffing_remote_storage(pkt):
-	if(threading.active_count()<configured_threads):
-		ti=threading.Thread(target=packet_transmit, args=pkt,)
-		ti.start()
-
 def start_sniff(iface=interfaces):
-	if(packet_storage=="local"):
-		# ts=threading.Thread(target=asset_actions.periodic_transmit_all_assets)
-		# ts.start()
 		sniff(iface=iface,prn=network_sniffing_local_storage)
-	else:
-		sniff(iface=iface,prn=network_sniffing_remote_storage)


 if __name__=="__main__":

--- a/template/index.html
+++ b/template/index.html
@@ -17,10 +17,13 @@
  <br><br>
   <p><input type = "submit" value = "Start" /></p>
 </form>
+
 <h5>Status :{{status}} </h5>
 <a href="/stop_sniff" >Stop</a>
 <a href="/refresh">Refresh</a>
 <a href="/delete_devices">Delete</a>
+<h5>Transfer : {{transfer_status}} </h5>
+<a href="/start_transfer" >Start Transfer</a><a href="/stop_transfer" >Stop Transfer</a></p>
  <div>
    <table>
      <tr>

--- a/test.py
+++ b/test.py
-import json
+from scapy.all import *

-with open('test.json') as f:
-   s = json.dumps(f.read())
-   print(s.__len__())
\ No newline at end of file
+def packet_has_modbus_layer(packet):
+    # Check if the packet has the TCP layer and destination port is 502
+    if TCP in packet and packet[TCP].dport == 502:
+        # Check if the packet has the Modbus layer
+        if packet.haslayer(TCP):
+            return True
+    return False
+
+def network_sniffing_local_storage(pkt):
+   if(packet_has_modbus_layer(pkt)):
+      print("yes")
+
+sniff(prn=network_sniffing_local_storage)
\ No newline at end of file