From 60ec5198dd95785c5a4f5730b8f9f8a38e84f6df Mon Sep 17 00:00:00 2001
From: whx <stefan@stefan.works>
Date: Fri, 19 Aug 2022 20:28:40 +0200
Subject: [PATCH] cleanup

---
 README.md                                    | 81 +++++++++++++++++++-
 metasploit.md => misc/metasploit.md          |  0
 pentesting.md                                | 80 -------------------
 pivoting.md => post_exploitation/pivoting.md |  0
 4 files changed, 80 insertions(+), 81 deletions(-)
 rename metasploit.md => misc/metasploit.md (100%)
 delete mode 100644 pentesting.md
 rename pivoting.md => post_exploitation/pivoting.md (100%)

diff --git a/README.md b/README.md
index deca188..7080d9c 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,80 @@
-my pentesting tools
+# Pentesting
+* [Pentesting Execution Standard](http://www.pentest-standard.org/index.php/Main_Page)
+Authorized audit of security systems of computers and networks.
+* [Rules of Engagement -- Cheat Sheet](https://sansorg.egnyte.com/dl/bF4I3yCcnt/?) and [redteam.guide ROEs](https://redteam.guide/docs/templates/roe_template/)
+    * Permissions
+    * Engagement --> internal/external pentest or adversary emulation of APTs
+    * Scope --> networks, IPs, exfilration of data, which stage, downtime, DDoS
+    * Rules
+* NDA
+
+## Campaign
+* [Checklist](https://redteam.guide/docs/checklists/red-team-checklist/)
+* [vectr.io](https://vectr.io)
+
+* Engagement --> Concept of Operations (CONOPS), Resource and Personnel Requirements, Timelines
+* Operations --> Operators, Known Information, Responsibilities
+* Mission --> Exact commands to run and execution time of the engagement
+* Remediation --> Report, Remediation consultation
+
+## Methodology
+
+* Steps
+    * Reconnaissance
+    * Enumeration/Scanning
+    * Gaining Access
+    * Privilege Escalation
+    * Covering Tracks
+    * Reporting
+
+### Reconnaissance
+* Duck / SearX / metacrawler / google
+* Wikipedia
+* [Shodan.io](http://www.shodan.io)
+* PeopleFinder.com
+* who.is
+* sublist3r
+* hunter.io
+* builtwith.com
+* wappalyzer
+
+### Enumeration
+* nmap
+* nikto
+* gobuster
+* dirbuster
+* metasploit
+* enum4linux / linpeas / winpeas / linenum
+
+### Exploitation
+
+### Post Exploitation
+* Pivoting
+#### Privilege Escalation
+* Vertically or horizontally
+
+#### Covering Tracks
+
+#### Reporting
+* Includes
+    * Vulnerabilities
+    * Criticality
+    * Description
+    * Countermeasures 
+    * Finding summary
+
+## Frameworks
+* [OSSTMM3](https://www.isecom.org/OSSTMM.3.pdf)
+* [NIST](https://www.nist.gov/cyberframework)
+* [CAF](https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance)
+
+## Testing Webapps
+
+* Two methods
+1. Every Page and its functions one by one
+2. Test by stages 
+    * Authorization
+    * Authentication
+    * Injection
+    * Client Side Controls
+    * Application Logic
diff --git a/metasploit.md b/misc/metasploit.md
similarity index 100%
rename from metasploit.md
rename to misc/metasploit.md
diff --git a/pentesting.md b/pentesting.md
deleted file mode 100644
index 7080d9c..0000000
--- a/pentesting.md
+++ /dev/null
@@ -1,80 +0,0 @@
-# Pentesting
-* [Pentesting Execution Standard](http://www.pentest-standard.org/index.php/Main_Page)
-Authorized audit of security systems of computers and networks.
-* [Rules of Engagement -- Cheat Sheet](https://sansorg.egnyte.com/dl/bF4I3yCcnt/?) and [redteam.guide ROEs](https://redteam.guide/docs/templates/roe_template/)
-    * Permissions
-    * Engagement --> internal/external pentest or adversary emulation of APTs
-    * Scope --> networks, IPs, exfilration of data, which stage, downtime, DDoS
-    * Rules
-* NDA
-
-## Campaign
-* [Checklist](https://redteam.guide/docs/checklists/red-team-checklist/)
-* [vectr.io](https://vectr.io)
-
-* Engagement --> Concept of Operations (CONOPS), Resource and Personnel Requirements, Timelines
-* Operations --> Operators, Known Information, Responsibilities
-* Mission --> Exact commands to run and execution time of the engagement
-* Remediation --> Report, Remediation consultation
-
-## Methodology
-
-* Steps
-    * Reconnaissance
-    * Enumeration/Scanning
-    * Gaining Access
-    * Privilege Escalation
-    * Covering Tracks
-    * Reporting
-
-### Reconnaissance
-* Duck / SearX / metacrawler / google
-* Wikipedia
-* [Shodan.io](http://www.shodan.io)
-* PeopleFinder.com
-* who.is
-* sublist3r
-* hunter.io
-* builtwith.com
-* wappalyzer
-
-### Enumeration
-* nmap
-* nikto
-* gobuster
-* dirbuster
-* metasploit
-* enum4linux / linpeas / winpeas / linenum
-
-### Exploitation
-
-### Post Exploitation
-* Pivoting
-#### Privilege Escalation
-* Vertically or horizontally
-
-#### Covering Tracks
-
-#### Reporting
-* Includes
-    * Vulnerabilities
-    * Criticality
-    * Description
-    * Countermeasures 
-    * Finding summary
-
-## Frameworks
-* [OSSTMM3](https://www.isecom.org/OSSTMM.3.pdf)
-* [NIST](https://www.nist.gov/cyberframework)
-* [CAF](https://www.ncsc.gov.uk/collection/caf/caf-principles-and-guidance)
-
-## Testing Webapps
-
-* Two methods
-1. Every Page and its functions one by one
-2. Test by stages 
-    * Authorization
-    * Authentication
-    * Injection
-    * Client Side Controls
-    * Application Logic
diff --git a/pivoting.md b/post_exploitation/pivoting.md
similarity index 100%
rename from pivoting.md
rename to post_exploitation/pivoting.md