Add features and screenshots to readme

5 files changed, 40 insertions, 1 deletions

diff --git a/README.md b/README.md
index be933a0..0251be1 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,36 @@
-# Caronte
+# `caronte$`
 
 [![Build Status](https://travis-ci.com/eciavatta/caronte.svg?branch=develop)](https://travis-ci.com/eciavatta/caronte)
 [![codecov](https://codecov.io/gh/eciavatta/caronte/branch/develop/graph/badge.svg)](https://codecov.io/gh/eciavatta/caronte)
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/009dca44f4da4118a20aed2b9b7610c0)](https://www.codacy.com/manual/eciavatta/caronte?utm_source=github.com&utm_medium=referral&utm_content=eciavatta/caronte&utm_campaign=Badge_Grade)
+![GitHub release (latest by date)](https://img.shields.io/github/v/tag/eciavatta/caronte)
+![Language](https://img.shields.io/badge/language-go-blue)
+![License](https://img.shields.io/github/license/eciavatta/caronte)
 
 Caronte is a tool to analyze the network flow during capture the flag events of type attack/defence.
 It reassembles TCP packets captured in pcap files to rebuild TCP connections, and analyzes each connection to find user-defined patterns.
 The patterns can be defined as regex or using protocol specific rules.
 The connection flows are saved into a database and can be visualized with the web application. REST API are also provided.
 
+## Features
+- immediate installation with docker-compose
+- no configuration file, settings can be changed via GUI or API
+- the pcaps to be analyzed can be loaded via `curl`, either locally or remotely, or via the GUI
+    - it is also possible to download the pcaps from the GUI and see all the analysis statistics for each pcap
+- rules can be created to identify connections that contain certain strings
+    - pattern matching is done through regular expressions (regex)
+    - regex in UTF-8 and Unicode format are also supported
+    - it is possible to add an additional filter to the connections identified through pattern matching by type of connection
+- the connections can be labeled by type of service, identified by the port number
+    - each service can be assigned a different color
+- it is possible to filter connections by addresses, ports, dimensions, time, duration, matched rules
+- supports both IPv4 and IPv6 addresses
+    - if more addresses are assigned to the vulnerable machine to be defended, a CIDR address can be used
+- the detected HTTP connections are automatically reconstructed
+    - HTTP requests can be replicated through `curl`, `fetch` and `python requests`
+    - compressed HTTP responses (gzip/deflate) are automatically decompressed
+- it is possible to export and view the content of connections in various formats, including hex and base64
+
 ## Installation
 There are two ways to install Caronte:
 -   with Docker and docker-compose, the fastest and easiest way
@@ -52,3 +74,20 @@ The configuration takes place at runtime on the first start via the graphical in
 ## Documentation
 The backend, written in Go language, it is designed as a service. It exposes REST API that are used by the frontend written using React. The list of available APIs with their explanation is available here: [https://app.swaggerhub.com/apis-docs/eciavatta/caronte/WIP](https://app.swaggerhub.com/apis-docs/eciavatta/caronte/WIP)
 
+## Screenshots
+Below there are some screenshots showing the main features of the tool.
+
+#### Viewing the contents of a connection
+![Connection Content](frontend/screenshots/connection_content.png)
+
+#### Loading pcaps and analysis details
+![Connection Content](frontend/screenshots/pcaps.png)
+
+#### Creating new pattern matching rules
+![Connection Content](frontend/screenshots/rules.png)
+
+#### Creating or editing services
+![Connection Content](frontend/screenshots/services.png)
+
+## License
+caronte was created by [Emiliano Ciavatta](https://eciavatta.it) and is licensed under the [GPL-3.0 license](LICENSE).
diff --git a/frontend/screenshots/connection_content.png b/frontend/screenshots/connection_content.png
new file mode 100644
index 0000000..3a999bf
--- /dev/null
+++ b/frontend/screenshots/connection_content.png
diff --git a/frontend/screenshots/pcaps.png b/frontend/screenshots/pcaps.png
new file mode 100644
index 0000000..2b315e9
--- /dev/null
+++ b/frontend/screenshots/pcaps.png
diff --git a/frontend/screenshots/rules.png b/frontend/screenshots/rules.png
new file mode 100644
index 0000000..1870080
--- /dev/null
+++ b/frontend/screenshots/rules.png
diff --git a/frontend/screenshots/services.png b/frontend/screenshots/services.png
new file mode 100644
index 0000000..b605cc1
--- /dev/null
+++ b/frontend/screenshots/services.png