# Assessment organization

## Folder structure

Use a consistent folder layout per client/engagement so scans, evidence, and scope stay in one place.

```
Projects/
└── ClientName
    ├── EPT
    │   ├── evidence
    │   │   ├── credentials
    │   │   ├── data
    │   │   └── screenshots
    │   ├── logs
    │   ├── scans
    │   ├── scope
    │   └── tools
    └── IPT
        ├── evidence
        │   ├── credentials
        │   ├── data
        │   └── screenshots
        ├── logs
        ├── scans
        ├── scope
        └── tools
```

* **EPT** = External Penetration Test, **IPT** = Internal Penetration Test (or name per SOW).
* **scope** — IPs/ranges, hostnames, out-of-scope; feed into scanning tools.
* **scans** — Nmap, other scanner output.
* **evidence** — credentials, exfil samples, screenshots.
* **logs** — tool output, notes.
* **tools** — copies of scripts/exploits used for this engagement.

Use a fresh VM (or clean project dir) per assessment to avoid mixing client data and scope.