diff --git a/.gitmodules b/.gitmodules
index 56ef972..cd415b1 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -58,3 +58,6 @@
 [submodule "misc/PowerSploit"]
 	path = misc/PowerSploit
 	url = https://github.com/PowerShellMafia/PowerSploit.git
+[submodule "hashes/wordlistctl"]
+	path = hashes/wordlistctl
+	url = https://github.com/BlackArch/wordlistctl.git
diff --git a/enumeration/docs/rsync.md b/enumeration/docs/rsync.md
new file mode 100644
index 0000000..a3d72fa
--- /dev/null
+++ b/enumeration/docs/rsync.md
@@ -0,0 +1,25 @@
+# rsync
+
+[netspi article]( https://www.netspi.com/blog/technical/network-penetration-testing/linux-hacking-case-studies-part-1-rsync/)
+
+## Enumerate
+
+```sh
+rsync <target-IP>::
+rsync <target-IP>::files
+rsync <target-IP>::files/foo/
+```
+
+## Downloads
+
+```sh
+rsync <user>@<target-IP>::/files/foo/bar.txt .
+rsync -r <user>@<target-IP>::/files/foo .
+```
+
+## Uploads
+
+```sh
+rsync authorized_keys <user>@<target-IP>::/files/foo/.ssh/
+rsync -r documents <user>@<target-IP>::/files/foo/
+```
diff --git a/exploit/dns/zone_transfer.md b/exploit/dns/zone_transfer.md
new file mode 100644
index 0000000..9ca6fce
--- /dev/null
+++ b/exploit/dns/zone_transfer.md
@@ -0,0 +1,6 @@
+# DNS Zone Transfer
+
+Relies on misconfiguration of the zone's master. Just query a domain from the master, if possible. Results in a disclosure of subdomains and all records previously made.
+```sh
+drill axfr test.com @<master-DNS>
+```
diff --git a/forensics/volatility3 b/forensics/volatility3
new file mode 160000
index 0000000..23453f5
--- /dev/null
+++ b/forensics/volatility3
@@ -0,0 +1 @@
+Subproject commit 23453f5d8c56030acf1fea72f2b9d0c9dfda85c6
diff --git a/hashes/generate_wordlists.md b/hashes/generate_wordlists.md
new file mode 100644
index 0000000..cd277ef
--- /dev/null
+++ b/hashes/generate_wordlists.md
@@ -0,0 +1,22 @@
+# Generate Wordlists
+
+* [CeWL](../enumeration/CeWL/README.md)
+* [Mentalist](https://github.com/sc0tfree/mentalist.git)
+* [lyricpass](https://github.com/initstring/lyricpass.git)
+* [pnwgen phonenumbers](https://github.com/toxydose/pnwgen.git)
+
+## ttpassgen 
+* [ttpassgen](https://github.com/tp7309/TTPassGen.git)
+* Generate lists from the ground up
+* `pip install ttpassgen`
+```sh
+ttpassgen --rule '[?d]{6:6:*}' 6digitpins.txt
+```
+```sh
+ttpassgen --rule '[?l]{1:5:*}' all_letter_combinations.txt
+```
+```sh
+ttpassgen --dictlist "in.txt,in2.txt" --rule '$0[_]?$1' -s " " out.txt
+```
+
+
diff --git a/hashes/haiti.md b/hashes/haiti.md
new file mode 100644
index 0000000..5af9a7d
--- /dev/null
+++ b/hashes/haiti.md
@@ -0,0 +1,6 @@
+# haiti
+
+* Hash Identifier
+```sh
+haiti <hash>
+```
diff --git a/hashes/password_cracking/hash.txt b/hashes/password_cracking/hash.txt
deleted file mode 100644
index 4faff69..0000000
--- a/hashes/password_cracking/hash.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-ab5db915fc9cea6c78df88106c6500c57f2b52901ca6c0c6218f04122c3efd14
-
diff --git a/hashes/password_cracking/john.md b/hashes/password_cracking/john.md
index 11041e2..5bda3f0 100644
--- a/hashes/password_cracking/john.md
+++ b/hashes/password_cracking/john.md
@@ -18,3 +18,16 @@ john --list=subformats
 john --wordlist=/usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt ./hash.txt --format=dynamic_85 --fork=2
 ```
 
+## Rules
+* [Rule syntax](https://www.openwall.com/john/doc/RULES.shtml)
+* Create a local rules file, e.g. `/etc/john-local.conf` or `/usr/share/john/john-local.conf`
+* Create config for mutations, e.g. border mutation 
+```sh
+[List.Rules:border]
+$[0-9]$[0-9]
+```
+* Run john with parameter `--rules=border`
+
+### Existing Rules
+* `l33t`, l33tsp34k
+* `NT`, case mutation
diff --git a/hashes/wordlistctl b/hashes/wordlistctl
new file mode 160000
index 0000000..62b4721
--- /dev/null
+++ b/hashes/wordlistctl
@@ -0,0 +1 @@
+Subproject commit 62b472187bfd789badcfbfd73fe75934bab1a969
diff --git a/osint/recon_ng.md b/osint/recon_ng.md
new file mode 100644
index 0000000..63dd6e9
--- /dev/null
+++ b/osint/recon_ng.md
@@ -0,0 +1,4 @@
+# recon-ng
+
+[Homepage](https://github.com/lanmaster53/recon-ng)
+[Repo](https://salsa.debian.org/pkg-security-team/recon-ng)
diff --git a/osint/theharvester.md b/osint/theharvester.md
new file mode 100644
index 0000000..f00c05c
--- /dev/null
+++ b/osint/theharvester.md
@@ -0,0 +1,4 @@
+# theharvester
+
+[Homepage](https://github.com/laramies/theHarvester)
+[Repo](https://gitlab.com/kalilinux/packages/theharvester.git)
diff --git a/stego/volatility3 b/stego/volatility3
deleted file mode 160000
index b6165b4..0000000
--- a/stego/volatility3
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit b6165b439fdee399d933eb1162e845d1811a9e6a