Added phishing analyzer integration doc (#8)

* Added phishing analyzer integration doc

* Applied most of requests

* Added image of investigation

* Added phishing investigation image in static folder

* Fixed images in visualizer table

Author: fgibertoni

docs/IntelOwl/advanced_usage.md

@@ -126,6 +126,16 @@ table, th, td {
     <td><code>PhoneInfoga_scan</code></td>
     <td><a href="https://github.com/sundowndev/phoneinfoga/tree/master">PhoneInfoga</a> is one of the most advanced tools to scan international phone numbers. It allows you to first gather basic information such as country, area, carrier and line type, then use various techniques to try to find the VoIP provider or identify the owner. It works with a collection of scanners that must be configured in order for the tool to be effective. PhoneInfoga doesn't automate everything, it's just there to help investigating on phone numbers. <a href="#phoneinfoga">here</a></td>
   </tr>
+  <tr>
+    <td>Phishing Analyzers</td>
+    <td>
+      <ul>
+        <li><code>Phishing_Extractor</code></li>
+        <li><code>Phishing_Form_Compiler</code></li>
+      </ul>
+    </td>
+    <td>This framework tries to render a potential phishing page and extract useful information from it. Also, if the page contains a form, it tries to submit the form using fake data. The goal is to extract IOCs and check whether the page is real phishing or not.</td>
+  </tr>
 </table>
 
 To enable all the optional analyzers you can add the option `--all_analyzers` when starting the project. Example:
@@ -171,7 +181,7 @@ pyintelowl_client.send_file_analysis_request(..., runtime_configuration=runtime_
 
 #### PhoneInfoga
 
-PhoneInfoga provides several [Scanners](https://sundowndev.github.io/phoneinfoga/getting-started/scanners/) to extract as much information as possible from a given phone number. Those scanners may require authentication, so they're automatically skipped when no authentication credentials are found.
+PhoneInfoga provides several [Scanners](https://sundowndev.github.io/phoneinfoga/getting-started/scanners/) to extract as much information as possible from a given phone number. Those scanners may require authentication, so they are automatically skipped when no authentication credentials are found.
 
 By default the scanner used is `local`.
 Go through this [guide](https://sundowndev.github.io/phoneinfoga/getting-started/scanners/) to initiate other required API keys related to this analyzer.
@@ -193,6 +203,24 @@ Additionally, you can also (optionally) set the `output_type` argument.
 
 - "to decimal": `[{"op": "To Decimal", "args": ["Space", False]}]`
 
+#### Phishing Analyzers
+The framework aims to be extandable and provides two different playbooks connected through a pivot.
+The first playbook, named `PhishingExtractor`, is in charge of extracting useful information from the web page rendered with Selenium-based browser.
+The second playbook is called `PhishingAnalysis` and its main purposes are to extract useful insights on the page itself
+and to try to submit forms with fake data to extract other IOCs.
+
+[XPath](https://www.w3schools.com/xml/xpath_intro.asp) syntax is used to find elements in the page. These selectors are customizable via the plugin's config page.
+The parameter `xpath_form_selector` controls how the form is retrieved from the page and `xpath_js_selector` is used to search
+for JavaScript inside the page.
+
+A mapping is used in order to compile the page with fake data. This is due to the fact that most input tags of type "text"
+do not have a specific role in the page, so there must be some degree of approximation.
+This behaviour is controlled through `*-mapping` parameters. They are a list that must contain the input tag's name to
+compile with fake data.
+
+Here is an example of what a phishing investigation looks like started from `PhishingExtractor` playbook: 
+![img.png](./static/phishing_analysis.png)
+
 ## Analyzers with special configuration
 
 Some analyzers could require a special configuration:

docs/IntelOwl/contribute.md

@@ -332,7 +332,7 @@ To do so, some utility classes have been made:
   <tr>
     <td class="tg-7n4c">VisualizablePage</td>
     <td class="tg-0pky">A single page of the final report, made of different <span style="font-weight:bold">levels</span>. Each page added is represented as a new tab in frontend.</td>
-    <td class="tg-c3ow"><img alt="Visualizable Page example" src="https://raw.githubusercontent.com/intelowlproject/IntelOwl/master/docs/static/visualizablePage_example.png"></td>
+    <td class="tg-c3ow"><img alt="Visualizable Page example" src="./static/visualizablePage_example.png"></td>
   </tr>
   <tr>
     <td class="tg-7n4c">VisualizableLevel</td>
@@ -341,37 +341,37 @@ To do so, some utility classes have been made:
       <span class="tg-zh46">VisualizableHorizontalList</span>.
       The dimension of the level can be customized with the size parameter (1 is the biggest, 6 is the smallest). 
     </td>
-    <td class="tg-c3ow"><img alt="Visualizable Level example" src="https://raw.githubusercontent.com/intelowlproject/IntelOwl/master/docs/static/visualizableLevel_example.png"></td>
+    <td class="tg-c3ow"><img alt="Visualizable Level example" src="./static/visualizableLevel_example.png"></td>
   </tr>
   <tr>
     <td class="tg-7n4c">VisualizableHorizontalList</td>
     <td class="tg-0pky">An horizontal list of visualizable elements. In the example there is an horizontal list of vertical lists.</td>
-    <td class="tg-c3ow"><img alt="Visualizable Horizontal List Example" src="https://raw.githubusercontent.com/intelowlproject/IntelOwl/master/docs/static/visualizableHlist_example.png"></td>
+    <td class="tg-c3ow"><img alt="Visualizable Horizontal List Example" src="./static/visualizableHlist_example.png"></td>
   </tr>
   <tr>
     <td class="tg-7n4c">VisualizableVerticalList</td>
     <td class="tg-0pky">A vertical list made of a name, a title, and the list of elements.</td>
-    <td class="tg-c3ow"><img alt="Visualizable Vertical List Example" src="https://raw.githubusercontent.com/intelowlproject/IntelOwl/master/docs/static/visualizableVlist_example.png"></td>
+    <td class="tg-c3ow"><img alt="Visualizable Vertical List Example" src="./static/visualizableVlist_example.png"></td>
   </tr>
   <tr>
     <td class="tg-7n4c">VisualizableTable</td>
     <td class="tg-0pky">A table of visualizable elements. In the example there is a table of base and vertical lists.</td>
-    <td class="tg-c3ow"><img alt="Visualizable Table Example" src="https://raw.githubusercontent.com/intelowlproject/IntelOwl/master/docs/static/visualizableTable_example.png"></td>
+    <td class="tg-c3ow"><img alt="Visualizable Table Example" src="./static/visualizableTable_example.png"></td>
   </tr>
   <tr>
     <td class="tg-7n4c">VisualizableBool</td>
     <td class="tg-0pky">The representation of a boolean value. It can be enabled or disabled with colors.</td>
-    <td class="tg-c3ow"><img alt="Visualizable Bool example" src="https://raw.githubusercontent.com/intelowlproject/IntelOwl/master/docs/static/visualizableBool_example.png"></td>
+    <td class="tg-c3ow"><img alt="Visualizable Bool example" src="./static/visualizableBool_example.png"></td>
   </tr>
   <tr>
     <td class="tg-7n4c">VisualizableTitle</td>
     <td class="tg-0pky">The representation of a tuple, composed of a title and a value.</td>
-    <td class="tg-c3ow"><img alt="Visualizable Title example" src="https://raw.githubusercontent.com/intelowlproject/IntelOwl/master/docs/static/visualizableTitle_example.png"></td>
+    <td class="tg-c3ow"><img alt="Visualizable Title example" src="./static/visualizableTitle_example.png"></td>
   </tr>
   <tr>
     <td class="tg-7n4c">VisualizableBase</td>
     <td class="tg-0pky">The representation of a base string. Can have a link attached to it and even an icon. The background color can be changed.</td>
-    <td class="tg-0pky">The title above is composed by two `VisualizableBase`</td>
+    <td class="tg-0pky">The title above is composed by two <code>VisualizableBase</code></td>
   </tr>
 </tbody>
 </table>