Restructure repo layout and document conventions

Move legacy systemscripts into scripts/display and scripts/setup.
Rehome stray top-level tools into their domain folders.
Archive narrow experiments and outdated codegrab leftovers.
Remove empty legacy directories and stale root files.
Expand macOS metadata ignores and update the README with the refined repository structure.

.gitignore

@@ -1,2 +1,7 @@
 tmp
 .DS_Store
+.AppleDouble
+.LSOverride
+Icon?
+._*
+__MACOSX/

README.md

@@ -0,0 +1,162 @@
+# gists
+
+This repository is a personal toolbox: small utilities, shell config, Docker build recipes, forensic helpers, network scripts, and a few larger side projects. It is not a single application, so the useful documentation is a map of what lives where and which files matter.
+
+## How To Read This Repo
+
+- `tools/` is the main home for standalone utilities grouped by purpose.
+- `projects/` holds larger multi-file projects that deserve their own subtree.
+- `scripts/` holds machine-management helpers.
+- `config/` holds shell, desktop, and VisiData configuration.
+- `dockerfiles/` holds container recipes and small Compose setups.
+- `archive/` holds older or experimental material that is kept for reference, not as the primary entrypoint.
+
+This README explains the parts that need context. Boilerplate and standard metadata files such as `go.mod`, `go.sum`, `.gitignore`, GitHub Actions files, and obvious launcher/config assets are not documented line-by-line unless they carry important behavior.
+
+## Refined Repository Structure
+
+The old `restructure_git.sh` captured the right direction but in the wrong form. The useful part is the structure itself, not a one-shot move script. The intended layout for this repo is:
+
+- root: only discovery files and broad entrypoints such as `README.md`, `.gitignore`, `what`, and small repo-wide metadata.
+- `tools/`: single-purpose utilities that can usually be understood and run on their own.
+- `projects/`: anything multi-file, stateful, tested, or large enough to deserve its own local README or build flow.
+- `scripts/`: machine-setup and environment-management scripts, grouped by operational area such as proxy, display, setup, or platform.
+- `config/`: reusable configuration, completions, themes, desktop entries, and tool-specific setup.
+- `dockerfiles/`: container recipes and Compose stacks.
+- `archive/`: historical material kept for reference, not the default place to start.
+
+The practical cleanup rules are:
+
+- keep the root shallow; do not leave new standalone utilities at the top level if they fit under `tools/`, `scripts/`, or `config/`
+- move one-file tools by function, not by language
+- move multi-file codebases by project, even if they are small
+- keep generated artifacts, captured output, and binaries out of active source directories unless they are intentionally distributed
+- use `archive/experimental/` for things worth keeping but not worth advertising
+- keep macOS Finder metadata out of the repo; `.DS_Store`, AppleDouble files, and `__MACOSX/` bundles are ignored
+
+Applied to the current tree, the remaining rough edges are:
+
+- a few tracked binaries still sit beside source and may eventually deserve a dedicated `bin/` or `dist/` convention
+- some material under `archive/experimental/` may still be worth deleting rather than merely archiving
+
+## Top-Level Files
+
+- `what`: repository search helper. It can list known tools, search by query, and progressively falls back from Ollama-based natural-language search to `fzf` or plain grep.
+- `.what_db.json`: the metadata database used by `what`. It stores short descriptions for known tools.
+- `README.md`: this guide.
+- `.gitignore`: standard repository ignore rules.
+
+## `tools/`: Standalone Utilities
+
+### Security
+
+- `tools/security/scan_vt.py`: VirusTotal file lookup helper.
+- `tools/security/imphash.py`: PE import-hash calculator for malware triage.
+- `tools/security/scapy_arp.py`: ARP-based host discovery on local networks.
+- `tools/security/simple_portscan.py`: lightweight port scanner.
+- `tools/security/smtpbanner.py`: banner grabber for SMTP targets.
+- `tools/security/testpw.py`: password-testing helper.
+- `tools/security/vt_download.py`, `vt_ip.py`, `vt_pdns.py`: VirusTotal-related download and enrichment helpers.
+- `tools/security/certwipe`: disk wiping helper with secure-erase focused intent.
+
+### Forensics
+
+- `tools/forensics/chechsqlite.py`: inspects SQLite databases for password/hash-like fields and consistency issues.
+- `tools/forensics/extractfolder.py`: folder extraction/helper script for bulk processing.
+- `tools/forensics/mailunpack`: containerized `munpack` wrapper for extracting mail attachments safely.
+- `tools/forensics/process_leak.py`: process-memory or artifact triage helper.
+- `tools/forensics/showgm.sh`, `showosm.sh`: extract GPS EXIF data from images and open the location in Google Maps or OpenStreetMap.
+
+### Data / Text Processing
+
+- `tools/data/domgrep.py`: extracts domains from URL-ish input.
+- `tools/data/geturls.py`: URL extraction helper.
+- `tools/data/unum.py`: Unicode inspection tool that prints code points, categories, and names.
+- `tools/data/quickchardet.py`: quick character-encoding detection.
+- `tools/data/json_save.py`, `kv_parse.py`, `vba_chr_decode.py`: small transformation helpers for structured or obfuscated data.
+- `tools/data/concat.py`, `split_linewise.py`, `uniq.py`, `between`, `csv_get`: general command-line text and record wrangling tools.
+- `tools/data/urldecode.py`: URL-decoding helper.
+
+### Hashing / Archives
+
+- `tools/hashing/libarchivesum.py`: hashes files inside archives without extracting them first.
+- `tools/hashing/scatterhash.py`: sparse hashing for large files.
+- `tools/hashing/hashzip.py`: ZIP-oriented hashing helper.
+- `tools/hashing/sparsecmp.sh`: spot-check large files or block devices by comparing chunks at intervals.
+- `tools/hashing/tarsum.py`: tar hashing utility in Python.
+- `tools/hashing/trunc_by_hash.py`: finds the byte offset where a stream first matches a target hash so a file can be truncated deterministically.
+
+### Networking / Cloud
+
+- `tools/network/ipgrep`: network indicator extractor for IPs and MACs; there is a fuller Go project version under `projects/go-tools/go/goipgrep/`.
+- `tools/network/fritzshark.sh`, `fritzshark2.sh`: FritzBox traffic / packet capture helpers.
+- `tools/network/get_ntp.py`, `get_stp.sh`: NTP and STP inspection scripts.
+- `tools/cloud/cloudsend.py`, `cloudsend.sh`: Nextcloud/OwnCloud share upload helpers.
+- `tools/cloud/docker_pull.py`: registry client that downloads container images without requiring `docker pull`.
+- `tools/cloud/speech.py`: cloud-backed speech or transcription helper.
+- `tools/cloud/vqa3.py`: CLIP-based image classification experiment.
+- `tools/cloud/youtube_resolve.sh`: YouTube/media URL resolution helper.
+
+### Formats / System / Misc
+
+- `tools/formats/convert2pdf.sh`, `flatpdf.sh`, `rename.mime.py`: document conversion and MIME-based file organization helpers.
+- `tools/formats/openflattenpdf.sh`: flatten a PDF by round-tripping it through PostScript, then open the result for viewing.
+- `tools/system/backup_docker.sh`, `restore_docker.sh`: Docker/Compose backup and restore workflows.
+- `tools/system/watchgrowth.sh`: live file growth watcher.
+- `tools/system/ltop.py`: `top`-style frequency counter for streamed lines.
+- `tools/system/noerr`: tiny wrapper that runs a command with stderr suppressed.
+- `tools/system/wipe.sh`: destructive cleanup / wiping helper.
+- `tools/ctf/`: small CTF-solving utilities such as text filtering, JS extraction, guessing, search, transpose, and flag submission helpers.
+- `tools/text/probability.py`, `tools/text/depth`: text-analysis experiments.
+
+### Go Tools Under `tools/go/`
+
+- `tools/go/bincmp/`: fuzzy binary and directory comparison using `ssdeep`.
+- `tools/go/gopname/`: process-title renaming demo using `gspt`.
+- `tools/go/tarsum/`: Go tar checksum utility; currently behaves as a raw SHA-256 of the tar file contents.
+
+## `projects/`: Larger Multi-File Work
+
+- `projects/go-tools/go/goipgrep/`: the most complete standalone project in the repo. It extracts IPs and MACs from text and can optionally do ping checks, reverse DNS, and IP info lookups. Read its local README first.
+- `projects/go-tools/go/csv2json/`, `gobetween/`, `goinfo/`, `gosoft/`, `gouniq/`: smaller Go experiments and utilities.
+- `projects/puzzlebox/`: puzzle-solving and voxel-based search experiments with several solver variants.
+- `projects/rust-tools/`: small Rust utilities and built binaries.
+- `projects/timesketch/deploy_timesketch.sh`: deployment helper for Timesketch.
+
+## `config/`: Shell, Desktop, and VisiData
+
+- `config/shell/`: shell prompt, aliases, input settings, dircolors, and local completions. `config/shell/completions/eslogger.zsh` is the local Zsh completion for Apple’s `eslogger`.
+- `config/applications/`: desktop launchers.
+- `config/install.sh`: environment/bootstrap installer.
+- `config/z.sh`, `config/zupdate.sh`: directory-jump helper and update script.
+- `config/visidata/`: a real subsystem, not just dotfiles. It contains installation logic, a `visidatarc`, local plugins, validation scripts, sample datasets, and a dedicated README. If you use VisiData in this repo, start there.
+
+## `dockerfiles/`: Container Recipes
+
+- `dockerfiles/build_firefox.sh`, `build_kali.sh`: convenience builders.
+- `dockerfiles/*.dockerfile` and subdirectory `Dockerfile`s: one-off environments for Firefox, Kali, Plaso, Rekall, RegRipper, Volatility, FlatPDF, and several security tools.
+- `dockerfiles/elk/`: ELK stack setup with a short README about required kernel tuning.
+- `dockerfiles/pdf-analysis/`: PDF analysis container with Didier Stevens tools, peepdf, and related utilities; see its local README and command help.
+- `dockerfiles/droppy/`, `openhab/`: small Compose-based service setups.
+- `dockerfiles/logstash/`: Logstash configs for different ingestion cases.
+
+## `scripts/`
+
+- `scripts/proxy/`: proxy environment propagation for apt, bash, and services.
+- `scripts/display/`: display and touchpad toggles, including named `xrandr` screen-layout presets.
+- `scripts/setup/`: host setup helpers such as automounting, sharing, terminal logging, encrypted container mounting, and Ubuntu telemetry disabling.
+- `scripts/windows/`: PowerShell helpers, including Zimmerman tools bootstrap and SBOM-related work.
+
+## `archive/`: Reference Material
+
+- `archive/collected/`: old collected command and tool lists plus a small README.
+- `archive/experimental/`: scripts kept for reference or later salvage, including older PhantomJS screenshot helpers, one-off CTF code, USB reset code, and narrow test scripts.
+- `archive/awk/` and `archive/binaries/`: older helpers that were kept but de-emphasized.
+
+## Where To Start
+
+- If you want a single-file utility, start in `tools/`.
+- If you want a more complete tool with tests or a build flow, check `projects/`.
+- If you want local environment setup or terminal customizations, check `config/`.
+- If you want containers, check `dockerfiles/`.
+- If you are unsure, run `./what -l` or search through `.what_db.json`.

WARP.md

@@ -1,141 +0,0 @@
-# WARP.md
-
-This file provides guidance to WARP (warp.dev) when working with code in this repository.
-
-## Repository Overview
-
-This is a collection of utility scripts, tools, and gists organized for cybersecurity, forensics, data analysis, and system administration tasks. The repository contains standalone utilities rather than a cohesive application, with scripts written in Python, Bash, Go, JavaScript, PowerShell, and C.
-
-## Key Directory Structure
-
-- **`codegrab/`** - Main collection of security and analysis tools
-  - `ctf/` - CTF challenge solving scripts
-  - `puzzlebox/` - 3D puzzle solving algorithms with visualization
-- **`tools/`** - System utilities and data processing tools
-- **`config/`** - System configuration and installation scripts
-- **`systemscripts/`** - System administration and environment setup
-  - `proxy/` - Network proxy configuration utilities
-- **`dockerfiles/`** - Docker container build scripts
-- **`collected/`** - Archive of older utilities with documentation
-
-## Common Development Tasks
-
-### Running Security Analysis Tools
-
-Most security tools are standalone and follow this pattern:
-```bash
-# VirusTotal scanning
-./codegrab/scan_vt.py <filename>
-
-# Import hash calculation
-python3 codegrab/imphash.py <pe_file>
-
-# Network analysis
-./codegrab/scapy_arp.py
-./codegrab/simple_portscan.py
-```
-
-### Data Processing Utilities
-
-```bash
-# Hash utilities for archives
-python3 tools/libarchivesum.py archive.zip
-
-# Unicode character analysis
-echo "text" | python3 tools/unum.py
-
-# Domain extraction from URLs
-cat urls.txt | python3 tools/domgrep.py
-
-# File organization by MIME type
-python3 tools/rename.mime.py
-```
-
-### Docker Environment Management
-
-```bash
-# Backup Docker Compose stacks
-./tools/backup_docker.sh docker-compose.yml
-
-# Restore Docker environments
-./tools/restore_docker.sh
-
-# Build forensics containers
-./dockerfiles/build_kali.sh
-```
-
-### System Configuration
-
-```bash
-# Install dependencies and configure environment
-./config/install.sh
-
-# Proxy configuration
-./systemscripts/proxy/get_proxy.sh
-./systemscripts/proxy/update_apt_proxy.sh
-```
-
-## Architecture and Patterns
-
-### Security Tools Pattern
-Most security utilities in `codegrab/` follow this pattern:
-- Standalone executables with shebang
-- Take file paths or stdin as input
-- Output results in structured format (often CSV-like with custom separators)
-- Use external APIs (VirusTotal, etc.) with API keys from `~/.virustotal_api_key`
-
-### Data Processing Pattern
-Tools in `tools/` directory typically:
-- Accept multiple file inputs via command line arguments
-- Use argparse for option handling
-- Support multiple hash algorithms or processing modes
-- Include error handling for malformed inputs
-
-### System Scripts Pattern
-Scripts in `systemscripts/` are designed for:
-- Environment detection and configuration
-- Proxy and network setup automation
-- Service management and monitoring
-- Display and hardware management
-
-### Specialized Solvers
-The `puzzlebox/` directory contains algorithmic solvers featuring:
-- 3D spatial problem solving with numpy
-- Visualization using matplotlib
-- Recursive backtracking algorithms
-- Multi-processing optimization variants
-
-## Key Dependencies
-
-The repository relies on various Python packages that should be available:
-- **Security**: `pefile`, `requests`, `scapy`
-- **Data Processing**: `libarchive-c`, `openpyxl`, `visidata` 
-- **Scientific**: `numpy`, `matplotlib`, `scipy`
-- **Forensics**: `AnalyzeMFT`, `pymisp`
-- **System**: `ntplib`, `mac-vendor-lookup`, `dateparser`
-
-## API Keys and Configuration
-
-Several tools expect API keys in home directory files:
-- `~/.virustotal_api_key` - VirusTotal API access
-- Tools may also use environment variables for proxy configuration (`http_proxy`, etc.)
-
-## Testing and Validation
-
-Tools are typically tested individually:
-```bash
-# Test with sample data
-python3 codegrab/chechsqlite.py sample.db
-python3 tools/quickchardet.py sample.txt
-
-# Validate with CTF challenges
-python3 codegrab/ctf/solve.py
-```
-
-## Development Notes
-
-- Most utilities are designed as single-file executables for easy deployment
-- Scripts include minimal error handling suitable for command-line usage
-- Many tools output to stdout in formats suitable for piping to other commands
-- Docker-based tools assume availability of container runtime
-- Forensics tools may require elevated privileges for certain operations

codegrab/imphash.go

@@ -1 +0,0 @@
-package main

config/shell/completions/eslogger.zsh

@@ -3,7 +3,7 @@
 _eslogger() {
     local -a commands
     local context state line
-    
+
     _arguments -C \
         '--format[Log format to use]:format:(json)' \
         '--oslog[Emit event data to oslog instead of stdout]' \
@@ -42,13 +42,13 @@ _eslogger_event_types() {
         'file_provider_update:File Provider update events'
         'fork:Process fork events'
         'fsgetpath:File system get path events'
+        'gatekeeper_user_override:Gatekeeper override events'
         'get_task:Get task events'
         'get_task_inspect:Get task inspect events'
         'get_task_name:Get task name events'
         'get_task_read:Get task read events'
         'getattrlist:Get attribute list events'
         'getextattr:Get extended attribute events'
-        'gatekeeper_user_override:Gatekeeper override events'
         'iokit_open:IOKit open events'
         'kextload:Kernel extension load events'
         'kextunload:Kernel extension unload events'
@@ -124,7 +124,7 @@ _eslogger_event_types() {
         'xp_malware_remediated:XProtect malware remediated events'
         'xpc_connect:XPC connection events'
     )
-    
+
     _describe 'event types' event_types
 }
 

restructure_git.sh

@@ -1,213 +0,0 @@
-#!/bin/bash
-
-# Git-aware repository restructuring script
-# Uses git mv to preserve file history during reorganization
-
-set -e
-
-echo "=== Git-aware Repository Restructuring ==="
-echo "This script will reorganize files using 'git mv' to preserve history"
-echo ""
-
-# Check if we're in a git repository
-if ! git rev-parse --git-dir > /dev/null 2>&1; then
-    echo "Warning: Not in a git repository. Using regular 'mv' commands."
-    MV_CMD="mv"
-else
-    echo "Git repository detected. Using 'git mv' to preserve history."
-    MV_CMD="git mv"
-fi
-
-echo ""
-echo "=== Creating new directory structure ==="
-
-# Create new directory structure
-mkdir -p tools/{security,forensics,data,hashing,network,formats,cloud,system,ctf,text}
-mkdir -p projects/{go-tools,puzzlebox,timesketch,rust-tools}
-mkdir -p scripts/{proxy,display,setup,windows}
-mkdir -p config/{shell,visidata/plugins,applications}
-mkdir -p archive/{collected,experimental,binaries,awk}
-
-echo "=== Moving security tools ==="
-$MV_CMD codegrab/scan_vt.py tools/security/
-$MV_CMD codegrab/vt_download.py tools/security/
-$MV_CMD codegrab/vt_ip.py tools/security/
-$MV_CMD codegrab/vt_pdns.py tools/security/
-$MV_CMD codegrab/imphash.py tools/security/
-$MV_CMD codegrab/scapy_arp.py tools/security/
-$MV_CMD codegrab/simple_portscan.py tools/security/
-$MV_CMD codegrab/smtpbanner.py tools/security/
-$MV_CMD codegrab/testpw.py tools/security/
-$MV_CMD codegrab/certwipe tools/security/
-
-echo "=== Moving forensics tools ==="
-$MV_CMD codegrab/chechsqlite.py tools/forensics/
-$MV_CMD codegrab/process_leak.py tools/forensics/
-$MV_CMD codegrab/extractfolder.py tools/forensics/
-
-echo "=== Moving data processing tools ==="
-$MV_CMD tools/domgrep.py tools/data/
-$MV_CMD tools/geturls.py tools/data/
-$MV_CMD tools/urldecode.py tools/data/
-$MV_CMD tools/unum.py tools/data/
-$MV_CMD codegrab/vba_chr_decode.py tools/data/
-$MV_CMD tools/quickchardet.py tools/data/
-$MV_CMD codegrab/kv_parse.py tools/data/
-$MV_CMD tools/concat.py tools/data/
-$MV_CMD tools/split_linewise.py tools/data/
-$MV_CMD codegrab/json_save.py tools/data/
-$MV_CMD tools/csv_get tools/data/
-$MV_CMD codegrab/uniq.py tools/data/
-$MV_CMD tools/between tools/data/
-
-echo "=== Moving hashing tools ==="
-$MV_CMD tools/libarchivesum.py tools/hashing/
-$MV_CMD tools/tarsum.py tools/hashing/
-$MV_CMD codegrab/hashzip.py tools/hashing/
-$MV_CMD tools/scatterhash.py tools/hashing/
-
-echo "=== Moving network tools ==="
-$MV_CMD tools/ipgrep tools/network/
-$MV_CMD codegrab/fritzshark.sh tools/network/
-$MV_CMD codegrab/fritzshark2.sh tools/network/
-$MV_CMD tools/get_stp.sh tools/network/
-$MV_CMD tools/get_ntp.py tools/network/
-
-echo "=== Moving format conversion tools ==="
-$MV_CMD codegrab/convert2pdf.sh tools/formats/
-$MV_CMD codegrab/flatpdf.sh tools/formats/
-$MV_CMD tools/rename.mime.py tools/formats/
-
-echo "=== Moving cloud service tools ==="
-$MV_CMD codegrab/cloudsend.py tools/cloud/
-$MV_CMD codegrab/cloudsend.sh tools/cloud/
-$MV_CMD codegrab/speech.py tools/cloud/
-$MV_CMD codegrab/vqa3.py tools/cloud/
-$MV_CMD codegrab/youtube_resolve.sh tools/cloud/
-
-echo "=== Moving system utilities ==="
-$MV_CMD tools/backup_docker.sh tools/system/
-$MV_CMD tools/restore_docker.sh tools/system/
-$MV_CMD tools/watchgrowth.sh tools/system/
-$MV_CMD codegrab/wipe.sh tools/system/
-$MV_CMD codegrab/ltop.py tools/system/
-
-echo "=== Moving CTF tools ==="
-$MV_CMD codegrab/ctf/filtertext.py tools/ctf/
-$MV_CMD codegrab/ctf/getjs.py tools/ctf/
-$MV_CMD codegrab/ctf/guess.py tools/ctf/
-$MV_CMD codegrab/ctf/search.py tools/ctf/
-$MV_CMD codegrab/ctf/transpose.py tools/ctf/
-$MV_CMD codegrab/ctf/ps_.py tools/ctf/
-$MV_CMD codegrab/ctf/submit_flag.sh tools/ctf/
-
-echo "=== Moving text analysis tools ==="
-$MV_CMD codegrab/probability.py tools/text/
-$MV_CMD codegrab/depth tools/text/
-
-echo "=== Moving experimental tools to archive ==="
-$MV_CMD codegrab/kv.py archive/experimental/
-$MV_CMD codegrab/flm.py archive/experimental/
-$MV_CMD codegrab/hydrogentest.py archive/experimental/
-$MV_CMD codegrab/matplottest.py archive/experimental/
-$MV_CMD codegrab/lpic.sh archive/experimental/
-$MV_CMD codegrab/fuzz.sh archive/experimental/
-
-echo "=== Moving multi-file projects ==="
-$MV_CMD tools/go projects/go-tools
-$MV_CMD codegrab/puzzlebox projects/
-$MV_CMD codegrab/deploy_timesketch.sh projects/timesketch/
-
-# Move Rust tools if they exist
-if [ -d tools/rs ]; then
-    $MV_CMD tools/rs projects/rust-tools
-fi
-
-echo "=== Moving system scripts ==="
-$MV_CMD systemscripts/proxy scripts/
-$MV_CMD systemscripts/reset_screens.sh scripts/display/
-$MV_CMD systemscripts/toggle_display.sh scripts/display/
-$MV_CMD systemscripts/toggle_touchpad scripts/display/
-$MV_CMD systemscripts/terminal-logs.sh scripts/setup/
-$MV_CMD systemscripts/automountctl scripts/setup/
-
-# Move additional system scripts if they exist
-[ -f systemscripts/mount_container ] && $MV_CMD systemscripts/mount_container scripts/setup/
-[ -f systemscripts/fullhd ] && $MV_CMD systemscripts/fullhd scripts/setup/
-[ -f systemscripts/share.sh ] && $MV_CMD systemscripts/share.sh scripts/setup/
-
-echo "=== Moving PowerShell scripts ==="
-$MV_CMD codegrab/Get-ZimmermanTools.ps1 scripts/windows/
-$MV_CMD codegrab/sbom.ps1 scripts/windows/
-if [ -d codegrab/powershell ]; then
-    $MV_CMD codegrab/powershell/getscreen.psm1 scripts/windows/
-fi
-
-echo "=== Organizing configuration files ==="
-$MV_CMD config/bash_aliases config/shell/
-$MV_CMD config/bash_prompt config/shell/
-$MV_CMD config/shell_aliases config/shell/
-$MV_CMD config/inputrc config/shell/
-$MV_CMD systemscripts/agnoster.zsh-theme config/shell/
-$MV_CMD systemscripts/solarized.dircolors config/shell/
-
-$MV_CMD config/visidatarc config/visidata/
-$MV_CMD config/visidataplugins/hidecol.py config/visidata/plugins/
-[ -f config/access_log.vdj ] && $MV_CMD config/access_log.vdj config/visidata/
-
-# Applications directory should already be in the right place
-# Just ensure it exists
-mkdir -p config/applications
-
-echo "=== Moving items to archive ==="
-$MV_CMD collected archive/
-
-# Move binaries and scripts to archive
-[ -f codegrab/csv_cols ] && $MV_CMD codegrab/csv_cols archive/binaries/
-[ -f codegrab/mapping ] && $MV_CMD codegrab/mapping archive/binaries/
-[ -f tools/csv2dot ] && $MV_CMD tools/csv2dot archive/binaries/
-[ -f tools/mailunpack ] && $MV_CMD tools/mailunpack archive/binaries/
-[ -f tools/noerr ] && $MV_CMD tools/noerr archive/binaries/
-[ -f tools/openflattenpdf.sh ] && $MV_CMD tools/openflattenpdf.sh archive/binaries/
-[ -f tools/sep_test.sh ] && $MV_CMD tools/sep_test.sh archive/binaries/
-[ -f tools/showgm.sh ] && $MV_CMD tools/showgm.sh archive/binaries/
-[ -f tools/showosm.sh ] && $MV_CMD tools/showosm.sh archive/binaries/
-[ -f tools/sparsecmp.sh ] && $MV_CMD tools/sparsecmp.sh archive/binaries/
-[ -f tools/trunc_by_hash.py ] && $MV_CMD tools/trunc_by_hash.py archive/binaries/
-
-# Move AWK scripts
-[ -f codegrab/ips.awk ] && $MV_CMD codegrab/ips.awk archive/awk/
-[ -f codegrab/map.awk ] && $MV_CMD codegrab/map.awk archive/awk/
-
-# Move any remaining compiled binaries
-[ -f codegrab/rootshell.c ] && $MV_CMD codegrab/rootshell.c archive/binaries/
-[ -f codegrab/usbreset.c ] && $MV_CMD codegrab/usbreset.c archive/binaries/
-[ -f codegrab/imphash.go ] && $MV_CMD codegrab/imphash.go archive/binaries/
-
-echo "=== Cleaning up empty directories ==="
-# Remove empty directories (but be careful with git)
-if [ "$MV_CMD" = "git mv" ]; then
-    echo "Leaving directory cleanup for manual review due to git"
-else
-    rmdir codegrab/ctf codegrab/powershell codegrab systemscripts tools config/visidataplugins 2>/dev/null || true
-fi
-
-echo ""
-echo "=== Repository restructuring complete! ==="
-echo ""
-echo "New structure:"
-echo "├── tools/          - Single-file utilities by purpose"
-echo "├── projects/       - Multi-file projects"  
-echo "├── scripts/        - System management scripts"
-echo "├── config/         - Configuration files"
-echo "├── dockerfiles/    - Docker configurations (unchanged)"
-echo "└── archive/        - Legacy and experimental items"
-echo ""
-
-if [ "$MV_CMD" = "git mv" ]; then
-    echo "All moves used 'git mv' - file history preserved!"
-    echo "You can review changes with: git status"
-    echo "Commit when ready with: git commit -m 'Restructure repository for better organization'"
-else
-    echo "Standard 'mv' used - consider initializing git if needed"
-fi