diff --git a/Images/v2/1-Dashboard.png b/Images/1-Dashboard.png
similarity index 100%
rename from Images/v2/1-Dashboard.png
rename to Images/1-Dashboard.png
diff --git a/Images/v2/10-ExtractedSecrets.png b/Images/10-ExtractedSecrets.png
similarity index 100%
rename from Images/v2/10-ExtractedSecrets.png
rename to Images/10-ExtractedSecrets.png
diff --git a/Images/v2/11-InterestingFiles.png b/Images/11-InterestingFiles.png
similarity index 100%
rename from Images/v2/11-InterestingFiles.png
rename to Images/11-InterestingFiles.png
diff --git a/Images/v2/12-DataExposure.png b/Images/12-DataExposure.png
similarity index 100%
rename from Images/v2/12-DataExposure.png
rename to Images/12-DataExposure.png
diff --git a/Images/v2/13-RiskExposure.png b/Images/13-RiskExposure.png
similarity index 100%
rename from Images/v2/13-RiskExposure.png
rename to Images/13-RiskExposure.png
diff --git a/Images/v2/13-RiskExposure2.png b/Images/13-RiskExposure2.png
similarity index 100%
rename from Images/v2/13-RiskExposure2.png
rename to Images/13-RiskExposure2.png
diff --git a/Images/v2/2-Generated-Files.png b/Images/2-Generated-Files.png
similarity index 100%
rename from Images/v2/2-Generated-Files.png
rename to Images/2-Generated-Files.png
diff --git a/Images/v2/3-ShareNames-0.png b/Images/3-ShareNames-0.png
similarity index 100%
rename from Images/v2/3-ShareNames-0.png
rename to Images/3-ShareNames-0.png
diff --git a/Images/v2/3-ShareNames-1.png b/Images/3-ShareNames-1.png
similarity index 100%
rename from Images/v2/3-ShareNames-1.png
rename to Images/3-ShareNames-1.png
diff --git a/Images/v2/3-ShareNames-2.png b/Images/3-ShareNames-2.png
similarity index 100%
rename from Images/v2/3-ShareNames-2.png
rename to Images/3-ShareNames-2.png
diff --git a/Images/v2/4-Remediation.png b/Images/4-Remediation.png
similarity index 100%
rename from Images/v2/4-Remediation.png
rename to Images/4-Remediation.png
diff --git a/Images/v2/5-Timeline.png b/Images/5-Timeline.png
similarity index 100%
rename from Images/v2/5-Timeline.png
rename to Images/5-Timeline.png
diff --git a/Images/v2/6-PeerComparison.png b/Images/6-PeerComparison.png
similarity index 100%
rename from Images/v2/6-PeerComparison.png
rename to Images/6-PeerComparison.png
diff --git a/Images/v2/7-FolderGroups.png b/Images/7-FolderGroups.png
similarity index 100%
rename from Images/v2/7-FolderGroups.png
rename to Images/7-FolderGroups.png
diff --git a/Images/v2/8-AssetFingerprintingExposure.png b/Images/8-AssetFingerprintingExposure.png
similarity index 100%
rename from Images/v2/8-AssetFingerprintingExposure.png
rename to Images/8-AssetFingerprintingExposure.png
diff --git a/Images/v2/9-ShareGraph.png b/Images/9-ShareGraph.png
similarity index 100%
rename from Images/v2/9-ShareGraph.png
rename to Images/9-ShareGraph.png
diff --git a/Images/readme.md b/Images/readme.md
deleted file mode 100644
index 754912d..0000000
--- a/Images/readme.md
+++ /dev/null
@@ -1 +0,0 @@
-This folder is for image files.
diff --git a/Images/v1/v1-dashboard.png b/Images/v1/v1-dashboard.png
deleted file mode 100644
index 24af620..0000000
Binary files a/Images/v1/v1-dashboard.png and /dev/null differ
diff --git a/PowerHuntShares.psm1 b/PowerHuntShares.psm1
index 913213c..42cb16e 100644
--- a/PowerHuntShares.psm1
+++ b/PowerHuntShares.psm1
@@ -4,26 +4,51 @@
#--------------------------------------
# Author: Scott Sutherland, 2024 NetSPI
# License: 3-clause BSD
-# Version: v2.1
+# Version: v2.1.1
# References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Invoke-HuntSMBShares
{
<#
.SYNOPSIS
- This function can be used to inventory to SMB shares on the current Active Directory domain and identify potentially high risk exposures.
- It will automatically generate csv files and html summary report.
+ Inventories SMB shares within the current Active Directory domain, identifies potentially high-risk exposures,
+ and generates CSV and HTML summary reports.
+
.PARAMETER Threads
- Number of concurrent tasks to run at once.
- .PARAMETER Output Directory
- File path where all csv and html report will be exported.
+ Number of concurrent tasks to run at once. Default is 20.
+
+ .PARAMETER OutputDirectory
+ File path where all CSV files and the HTML summary report will be exported.
+
+ .PARAMETER HostFile
+ Optional file containing a list of target hosts to scan. One host per line.
+
+ .PARAMETER DomainController
+ One or more domain controllers to target for Active Directory enumeration.
+
+ .PARAMETER Credential
+ Optional PSCredential object for alternate domain authentication. If not supplied, the current user context is used.
+
+ .PARAMETER RunSpaceTimeout
+ Timeout value in seconds for threaded runspaces. Default is 30 seconds.
+
.EXAMPLE
- PS C:\temp\test> Invoke-HuntSMBShares -Threads 20 -OutputDirectory c:\temp\test -DomainController 10.1.1.1 -ExportFindings -Username domain\user -Password password
- .EXAMPLE
- C:\temp\test> runas /netonly /user:domain\user PowerShell.exe
- PS C:\temp\test> Import-Module Invoke-HuntSMBShares.ps1
- PS C:\temp\test> Invoke-HuntSMBShares -Threads 20 -RunSpaceTimeOut 10 -OutputDirectory c:\folder\ -DomainController 10.1.1.1 -ExportFindings -Username domain\user -Password password
+ # Run with default AD computer discovery using current user credentials
+ PS C:\temp\test> Invoke-HuntSMBShares -Threads 20 OutputDirectory C:\temp\test
+
.EXAMPLE
- PS C:\temp\test> Invoke-HuntSMBShares -Threads 20 -ExportFindings -OutputDirectory c:\temp\test
+ # Run against a custom list of target hosts
+ PS C:\temp\test> Invoke-HuntSMBShares -Threads 50 -HostFile C:\temp\hosts.txt OutputDirectory C:\temp\test
+
+ .EXAMPLE
+ # Run from a non-domain joined system using alternate credentials
+ C:\temp\test> runas /netonly /user:domain\user PowerShell.exe
+ PS C:\temp\test> Import-Module .\PowerHuntShares.psm1
+ PS C:\temp\test> $Cred = Get-Credential
+ PS C:\temp\test> Invoke-HuntSMBShares -Threads 20 OutputDirectory C:\folder\ DomainController 10.1.1.1 -Credential $Cred
+
+ .EXAMPLE
+ # Run and specify a custom runspace timeout
+ PS C:\temp\test> Invoke-HuntSMBShares -Threads 20 RunSpaceTimeout 60 OutputDirectory C:\temp\test
---------------------------------------------------------------
INVOKE-HUNTSMBSHARES
diff --git a/Presentations/readme.md b/Presentations/readme.md
deleted file mode 100644
index 69cf657..0000000
--- a/Presentations/readme.md
+++ /dev/null
@@ -1 +0,0 @@
-This folder contains related presentations.
diff --git a/README.md b/README.md
index e00d250..54056ef 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,7 @@ However, additional exposures may exist that are not called out beyond that.
# Setup Commands
Below is a list of commands that can be used to load PowerHuntShares into your current PowerShell session. Please note that one of these will have to be run each time you run PowerShell is run. It is not persistent.
-
+```ps1
# Bypass execution policy restrictions
Set-ExecutionPolicy -Scope Process Bypass
@@ -60,25 +60,25 @@ or
# Download and load PowerHuntShares.psm1 into memory
IEX(New-Object System.Net.WebClient).DownloadString("https://raw.githubusercontent.com/NetSPI/PowerHuntShares/main/PowerHuntShares.psm1")
-
-
+```
# Example Commands
Important Note: All commands should be run as an unprivileged domain user.
-
+```ps1
.EXAMPLE 1: Run from a domain computer. Performs Active Directory computer discovery by default.
PS C:\temp\test> Invoke-HuntSMBShares -Threads 100 -OutputDirectory c:\temp\test
.EXAMPLE 2: Run from a domain computer with alternative domain credentials. Performs Active Directory computer discovery by default.
-PS C:\temp\test> Invoke-HuntSMBShares -Threads 100 -OutputDirectory c:\temp\test -Credentials domain\user
+PS C:\temp\test> Invoke-HuntSMBShares -Threads 100 -OutputDirectory c:\temp\test -Credential domain\user
.EXAMPLE 3: Run from a domain computer as current user. Target hosts in a file. One per line.
-PS C:\temp\test> Invoke-HuntSMBShares -Threads 100 -OutputDirectory c:\temp\test -HostList c:\temp\hosts.txt
+PS C:\temp\test> Invoke-HuntSMBShares -Threads 100 -OutputDirectory c:\temp\test -HostFile c:\temp\hosts.txt
.EXAMPLE 4: Run from a non-domain computer with credential. Performs Active Directory computer discovery by default.
C:\temp\test> runas /netonly /user:domain\user PowerShell.exe
PS C:\temp\test> Import-Module PowerHuntShares.psm1
-PS C:\temp\test> Invoke-HuntSMBShares -Threads 100 -RunSpaceTimeOut 10 -OutputDirectory c:\folder\ -DomainController 10.1.1.1 -Credential domain\user
-
+PS C:\temp\test> Invoke-HuntSMBShares -Threads 100 -RunSpaceTimeout 10 -OutputDirectory c:\folder\ -DomainController 10.1.1.1 -Credential domain\user
+```
+
===============================================================
PowerHuntShares
===============================================================
@@ -185,16 +185,16 @@ SHARE REPORT SUMMARY
# HTML Report Examples
### Summary Report Page
-
+
### Interesting Files Page
-
+
### Extracted Secrets Page
-
+
### ShareGraph Explorer Page
-
+
# Credits
Author
@@ -238,14 +238,74 @@ Todos
* So. Many. Other. Things.
+## PowerHuntShares Visual Overview
+Below is a visual walkthrough of how **PowerHuntShares** works, what data it extracts, and how it presents actionable results.
-
+### Dashboard
+Provides a high-level view of discovered shares and associated risks.
+
+### Generated Files
+Automatically generated reports for easy analysis and offline review.
+
+### Share Names
+Detailed mapping of share names and their properties.
+
+
+
+### Remediation Guidance
+Suggested remediation steps to address identified risks.
+
+### Timeline View
+Visualization of discovered issues over time.
+
+
+
+### Peer Comparison
+Compares discovered shares and permissions across different systems.
+
+
+
+### Folder Groups
+Grouping related folders and shares for better context.
+
+
+
+### Asset Fingerprinting Exposure
+Shows asset exposure based on discovered fingerprints.
+
+
+
+### Share Graph
+Visual representation of discovered shares and relationships.
+
+
+
+### Extracted Secrets
+Highlights sensitive information and secrets discovered during the scan.
+
+
+
+### Interesting Files
+Lists potentially interesting or high-value files found in shares.
+
+
+
+### Data Exposure
+Highlights areas where sensitive data may be exposed.
+
+
+
+### Risk Exposure
+Comprehensive risk exposure views with detailed analysis.
+
+
+
diff --git a/summary-report.png b/summary-report.png
deleted file mode 100644
index 24af620..0000000
Binary files a/summary-report.png and /dev/null differ