diff --git a/ansible/roles/lateral_movement_tools/README.md b/ansible/roles/lateral_movement_tools/README.md
index 1e7ede72..8d194ff0 100644
--- a/ansible/roles/lateral_movement_tools/README.md
+++ b/ansible/roles/lateral_movement_tools/README.md
@@ -26,8 +26,9 @@ Install and configure lateral movement and credential extraction tools for Ares
 | `lateral_movement_tools_kali_packages.1` | str | <code>ruby</code> | No description |
 | `lateral_movement_tools_kali_packages.2` | str | <code>freerdp3-x11</code> | No description |
 | `lateral_movement_tools_kali_packages.3` | str | <code>smbclient</code> | No description |
-| `lateral_movement_tools_kali_packages.4` | str | <code>sshpass</code> | No description |
-| `lateral_movement_tools_kali_packages.5` | str | <code>proxychains4</code> | No description |
+| `lateral_movement_tools_kali_packages.4` | str | <code>samba-common-bin</code> | No description |
+| `lateral_movement_tools_kali_packages.5` | str | <code>sshpass</code> | No description |
+| `lateral_movement_tools_kali_packages.6` | str | <code>proxychains4</code> | No description |
 | `lateral_movement_tools_ubuntu_packages` | list | <code>&#91;&#93;</code> | No description |
 | `lateral_movement_tools_ubuntu_packages.0` | str | <code>git</code> | No description |
 | `lateral_movement_tools_ubuntu_packages.1` | str | <code>python3</code> | No description |
@@ -42,8 +43,9 @@ Install and configure lateral movement and credential extraction tools for Ares
 | `lateral_movement_tools_ubuntu_packages.10` | str | <code>clang</code> | No description |
 | `lateral_movement_tools_ubuntu_packages.11` | str | <code>freerdp3-x11</code> | No description |
 | `lateral_movement_tools_ubuntu_packages.12` | str | <code>smbclient</code> | No description |
-| `lateral_movement_tools_ubuntu_packages.13` | str | <code>sshpass</code> | No description |
-| `lateral_movement_tools_ubuntu_packages.14` | str | <code>proxychains4</code> | No description |
+| `lateral_movement_tools_ubuntu_packages.13` | str | <code>samba-common-bin</code> | No description |
+| `lateral_movement_tools_ubuntu_packages.14` | str | <code>sshpass</code> | No description |
+| `lateral_movement_tools_ubuntu_packages.15` | str | <code>proxychains4</code> | No description |
 | `lateral_movement_tools_install_evil_winrm` | bool | <code>True</code> | No description |
 | `lateral_movement_tools_evil_winrm_gem` | str | <code>evil-winrm</code> | No description |
 | `lateral_movement_tools_install_xfreerdp` | bool | <code>True</code> | No description |
diff --git a/ansible/roles/lateral_movement_tools/defaults/main.yml b/ansible/roles/lateral_movement_tools/defaults/main.yml
index 617ca582..ff6b997b 100644
--- a/ansible/roles/lateral_movement_tools/defaults/main.yml
+++ b/ansible/roles/lateral_movement_tools/defaults/main.yml
@@ -6,6 +6,7 @@ lateral_movement_tools_kali_packages:
   - ruby
   - freerdp3-x11  # xfreerdp for RDP pass-the-hash (freerdp3 on Kali rolling)
   - smbclient
+  - samba-common-bin  # provides rpcclient for SMB/RPC lateral ops
   - sshpass  # SSH with password
   - proxychains4  # TCP connection proxying for pivoting
 
@@ -24,6 +25,7 @@ lateral_movement_tools_ubuntu_packages:
   - clang  # Required for building native gem extensions
   - freerdp3-x11  # xfreerdp for RDP pass-the-hash
   - smbclient
+  - samba-common-bin  # provides rpcclient for SMB/RPC lateral ops
   - sshpass  # SSH with password
   - proxychains4  # TCP connection proxying for pivoting
 
diff --git a/ansible/roles/recon_tools/README.md b/ansible/roles/recon_tools/README.md
index bc55cbab..1917a88c 100644
--- a/ansible/roles/recon_tools/README.md
+++ b/ansible/roles/recon_tools/README.md
@@ -29,6 +29,7 @@ Install and configure network reconnaissance tools for Ares agents
 | `recon_tools_kali_packages.4` | str | <code>dnsutils</code> | No description |
 | `recon_tools_kali_packages.5` | str | <code>whois</code> | No description |
 | `recon_tools_kali_packages.6` | str | <code>samba-common-bin</code> | No description |
+| `recon_tools_kali_packages.7` | str | <code>smbclient</code> | No description |
 | `recon_tools_ubuntu_packages` | list | <code>&#91;&#93;</code> | No description |
 | `recon_tools_ubuntu_packages.0` | str | <code>nmap</code> | No description |
 | `recon_tools_ubuntu_packages.1` | str | <code>ldap-utils</code> | No description |
@@ -36,6 +37,7 @@ Install and configure network reconnaissance tools for Ares agents
 | `recon_tools_ubuntu_packages.3` | str | <code>dnsutils</code> | No description |
 | `recon_tools_ubuntu_packages.4` | str | <code>whois</code> | No description |
 | `recon_tools_ubuntu_packages.5` | str | <code>samba-common-bin</code> | No description |
+| `recon_tools_ubuntu_packages.6` | str | <code>smbclient</code> | No description |
 | `recon_tools_install_enum4linuxng` | bool | <code>True</code> | No description |
 | `recon_tools_enum4linuxng_install_source` | str | <code>git+https://github.com/cddmp/enum4linux-ng.git</code> | No description |
 | `recon_tools_enum4linuxng_use_pipx` | bool | <code>True</code> | No description |
diff --git a/ansible/roles/recon_tools/defaults/main.yml b/ansible/roles/recon_tools/defaults/main.yml
index e34e1106..ba4b4f50 100644
--- a/ansible/roles/recon_tools/defaults/main.yml
+++ b/ansible/roles/recon_tools/defaults/main.yml
@@ -7,6 +7,7 @@ recon_tools_kali_packages:
   - dnsutils
   - whois
   - samba-common-bin
+  - smbclient  # required by enum4linux/enum4linux-ng for share enumeration
 
 # Network reconnaissance tool packages (Ubuntu-compatible, no netexec in apt)
 recon_tools_ubuntu_packages:
@@ -16,6 +17,7 @@ recon_tools_ubuntu_packages:
   - dnsutils
   - whois
   - samba-common-bin  # includes rpcclient
+  - smbclient  # required by enum4linux/enum4linux-ng for share enumeration
 
 # enum4linux-ng configuration (installed via apt on Kali, pipx elsewhere)
 recon_tools_install_enum4linuxng: true
diff --git a/ares-cli/src/worker/tool_check.rs b/ares-cli/src/worker/tool_check.rs
index 94d994a9..530ef4c2 100644
--- a/ares-cli/src/worker/tool_check.rs
+++ b/ares-cli/src/worker/tool_check.rs
@@ -232,7 +232,8 @@ mod tests {
             "xfreerdp",
             "sshpass",
             "proxychains4",
-            "pth-winexe",
+            "smbclient",
+            "rpcclient",
         ] {
             assert!(
                 tools.contains(expected),
diff --git a/tools.yaml b/tools.yaml
index 51c7d109..30dfaef8 100644
--- a/tools.yaml
+++ b/tools.yaml
@@ -125,13 +125,18 @@ roles:
         binaries: [sshpass]
         fn_names: [ssh_with_password]
       - category: SMB
-        binaries: [smbclient]
+        binaries: [smbclient, rpcclient]
         fn_names: []
       - category: Pivoting
         binaries: [proxychains4]
         fn_names: []
+      # Pass-the-Hash (pth-toolkit) is unavailable on Debian trixie — the
+      # `passing-the-hash` apt package is gone and building from source
+      # needs a patched samba. fn_names are kept so the registry still
+      # exposes them, but binaries are omitted so tool_check doesn't flag
+      # them as expected-but-missing on every worker startup.
       - category: Pass-the-Hash
-        binaries: [pth-winexe, pth-smbclient, pth-rpcclient, pth-net, pth-wmic]
+        binaries: []
         fn_names: [pth_winexe, pth_smbclient, pth_rpcclient, pth_wmic]
       - category: Impacket
         binaries: [impacket-psexec, impacket-wmiexec, impacket-smbexec, impacket-secretsdump]