1 files changed, 54 insertions, 169 deletions
diff --git a/docs/index.md b/docs/index.md
index c348b9e..67ddcbc 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,189 +1,74 @@
-### PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts:
+## Overview
+PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.
 
-## CodeExecution
+### CodeExecution
+Execute code on a target machine.
 
-**Execute code on a target machine.**
+    Invoke-DllInjection - Injects a Dll into the process ID of your choosing.
+    Invoke-ReflectivePEInjection - Reflectively loads a Windows PE file (DLL/EXE) in to the powershell process, or reflectively injects a DLL in to a remote process.
+    Invoke-Shellcode - Injects shellcode into the process ID of your choosing or within PowerShell locally.
+    Invoke-WmiCommand - Executes a PowerShell ScriptBlock on a target computer and returns its formatted output using WMI as a C2 channel
 
-#### `Invoke-DllInjection`
+### ScriptModification
+Modify and/or prepare scripts for execution on a compromised machine.
 
-Injects a Dll into the process ID of your choosing.
+    Out-EncodedCommand - Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
+    Out-CompressedDll - Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
+    Out-EncryptedScript - Encrypts text files/scripts.
+    Remove-Comments - Strips comments and extra whitespace from a script.
 
-#### `Invoke-ReflectivePEInjection`
+### Persistence
 
-Reflectively loads a Windows PE file (DLL/EXE) in to the powershell process, or reflectively injects a DLL in to a remote process.
+Add persistence capabilities to a PowerShell script.
 
-#### `Invoke-Shellcode`
+    New-UserPersistenceOption - Configure user-level persistence options for the Add-Persistence function.
+    New-ElevatedPersistenceOption - Configure elevated persistence options for the Add-Persistence function.
+    Add-Persistence - Add persistence capabilities to a script.
+    Install-SSP - Installs a security support provider (SSP) dll.
+    Get-SecurityPackages - Enumerates all loaded security packages (SSPs).
 
-Injects shellcode into the process ID of your choosing or within PowerShell locally.
+### AntivirusBypass
+AV doesn't stand a chance against PowerShell!
 
-#### `Invoke-WmiCommand`
+    Find-AVSignature - Locates single Byte AV signatures utilizing the same method as DSplit from "class101".
 
-Executes a PowerShell ScriptBlock on a target computer and returns its formatted output using WMI as a C2 channel.
+### Exfiltration
+All your data belong to me!
 
-## ScriptModification
+    Invoke-TokenManipulation - Lists available logon tokens. Creates processes with other users logon tokens, and impersonates logon tokens in the current thread.
+    Invoke-CredentialInjection - Create logons with clear-text credentials without triggering a suspicious Event ID 4648 (Explicit Credential Logon).
+    Invoke-NinjaCopy - Copies a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
+    Invoke-Mimikatz - Reflectively loads Mimikatz 2.0 in memory using PowerShell. Can be used to dump credentials without writing anything to disk. Can be used for any functionality provided with Mimikatz.
+    Get-Keystrokes - Logs keys pressed, time and the active window.
+    Get-GPPPassword - Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
+    Get-GPPAutologon - Retrieves autologon username and password from registry.xml if pushed through Group Policy Preferences.
+    Get-TimedScreenshot - A function that takes screenshots at a regular interval and saves them to a folder.
+    New-VolumeShadowCopy - Creates a new volume shadow copy.
+    Get-VolumeShadowCopy - Lists the device paths of all local volume shadow copies.
+    Mount-VolumeShadowCopy - Mounts a volume shadow copy.
+    Remove-VolumeShadowCopy - Deletes a volume shadow copy.
+    Get-VaultCredential - Displays Windows vault credential objects including cleartext web credentials.
+    Out-Minidump - Generates a full-memory minidump of a process.
+    Get-MicrophoneAudio - Records audio from system microphone and saves to disk.
 
-**Modify and/or prepare scripts for execution on a compromised machine.**
+### Mayhem
+Cause general mayhem with PowerShell.
 
-#### `Out-EncodedCommand`
+    Set-MasterBootRecord - Proof of concept code that overwrites the master boot record with the message of your choice.
+    Set-CriticalProcess - Causes your machine to blue screen upon exiting PowerShell.
 
-Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
+### Privesc
+Tools to help with escalating privileges on a target, including PowerUp.
 
-#### `Out-CompressedDll`
+    PowerUp - Clearing house of common privilege escalation checks, along with some weaponization vectors. 
 
-Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
+### Recon
+Tools to aid in the reconnaissance phase of a penetration test, including PowerView.
 
-#### `Out-EncryptedScript`
-
-Encrypts text files/scripts.
-
-#### `Remove-Comments`
-
-Strips comments and extra whitespace from a script. 
-
-## Persistence
-
-**Add persistence capabilities to a PowerShell script**
-
-#### `New-UserPersistenceOption`
-
-Configure user-level persistence options for the Add-Persistence function.
-
-#### `New-ElevatedPersistenceOption`
-
-Configure elevated persistence options for the Add-Persistence function.
-
-#### `Add-Persistence`
-
-Add persistence capabilities to a script.
-
-#### `Install-SSP`
-
-Installs a security support provider (SSP) dll.
-
-#### `Get-SecurityPackages`
-
-Enumerates all loaded security packages (SSPs).
-
-## AntivirusBypass
-
-**AV doesn't stand a chance against PowerShell!**
-
-#### `Find-AVSignature`
-
-Locates single Byte AV signatures utilizing the same method as DSplit from "class101".
-
-## Exfiltration
-
-**All your data belong to me!**
-
-#### `Invoke-TokenManipulation`
-
-Lists available logon tokens. Creates processes with other users logon tokens, and impersonates logon tokens in the current thread.
-
-#### `Invoke-CredentialInjection`
-
-Create logons with clear-text credentials without triggering a suspicious Event ID 4648 (Explicit Credential Logon).
-
-#### `Invoke-NinjaCopy`
-
-Copies a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
-
-#### `Invoke-Mimikatz`
-
-Reflectively loads Mimikatz 2.0 in memory using PowerShell. Can be used to dump credentials without writing anything to disk. Can be used for any functionality provided with Mimikatz.
-
-#### `Get-Keystrokes`
-
-Logs keys pressed, time and the active window.
-
-#### `Get-GPPPassword`
-
-Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
-
-#### `Get-GPPAutologon`
-
-Retrieves autologon username and password from registry.xml if pushed through Group Policy Preferences.
-
-#### `Get-TimedScreenshot`
-
-A function that takes screenshots at a regular interval and saves them to a folder.
-
-#### `New-VolumeShadowCopy`
-
-Creates a new volume shadow copy.
-
-#### `Get-VolumeShadowCopy`
-
-Lists the device paths of all local volume shadow copies.
-
-#### `Mount-VolumeShadowCopy`
-
-Mounts a volume shadow copy.
-
-#### `Remove-VolumeShadowCopy`
-
-Deletes a volume shadow copy.
-
-#### `Get-VaultCredential`
-
-Displays Windows vault credential objects including cleartext web credentials.
-
-#### `Out-Minidump`
-
-Generates a full-memory minidump of a process.
-
-#### 'Get-MicrophoneAudio'
-
-Records audio from system microphone and saves to disk
-
-## Mayhem
-
-**Cause general mayhem with PowerShell.**
-
-#### `Set-MasterBootRecord`
-
-Proof of concept code that overwrites the master boot record with the
- message of your choice.
-
-#### `Set-CriticalProcess`
-
-Causes your machine to blue screen upon exiting PowerShell.
-
-## Privesc
-
-**Tools to help with escalating privileges on a target.**
-
-#### `PowerUp`
-
-Clearing house of common privilege escalation checks, along with some weaponization vectors.
-
-## Recon
-
-**Tools to aid in the reconnaissance phase of a penetration test.**
-
-#### `Invoke-Portscan`
-
-Does a simple port scan using regular sockets, based (pretty) loosely on nmap.
-
-#### `Get-HttpStatus`
-
-Returns the HTTP Status Codes and full URL for specified paths when provided with a dictionary file.
-
-#### `Invoke-ReverseDnsLookup`
-
-Scans an IP address range for DNS PTR records.
-
-#### `PowerView`
-
-PowerView is series of functions that performs network and Windows domain enumeration and exploitation.
-
-## Recon\Dictionaries
-
-**A collection of dictionaries used to aid in the reconnaissance phase of a penetration test. Dictionaries were taken from the following sources.**
-
-* admin.txt - <http://cirt.net/nikto2/>
-* generic.txt - <http://sourceforge.net/projects/yokoso/files/yokoso-0.1/>
-* sharepoint.txt - <http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity-project/>
+    Invoke-Portscan - Does a simple port scan using regular sockets, based (pretty) loosely on nmap.
+    Get-HttpStatus - Returns the HTTP Status Codes and full URL for specified paths when provided with a dictionary file.
+    Invoke-ReverseDnsLookup - Scans an IP address range for DNS PTR records.
+    PowerView - PowerView is series of functions that performs network and Windows domain enumeration and exploitation.
 
 ## License