From 647297d70525d6d91f47b77e0a12958ec0c155bd Mon Sep 17 00:00:00 2001
From: Jayson Grace <jayson.e.grace@gmail.com>
Date: Mon, 27 Apr 2026 12:30:29 -0600
Subject: [PATCH 1/2] feat: add rpcclient as required SMB tool and update
 pass-the-hash handling

**Added:**

- Added `samba-common-bin` to lateral_movement_tools and recon_tools package lists to provide `rpcclient` for SMB/RPC operations
- Included `smbclient` as a required package for share enumeration in recon_tools

**Changed:**

- Updated tool_check test to expect `rpcclient` and `smbclient` instead of `pth-winexe`
- Expanded SMB tool category in tools.yaml to include both `smbclient` and `rpcclient`
- Documented the removal of pass-the-hash binaries for Debian trixie in tools.yaml and left only function names to avoid false missing tool checks

**Removed:**

- Removed pass-the-hash binaries from tools.yaml due to unavailability on Debian trixie, retaining only function names for registry completeness
---
 ansible/roles/lateral_movement_tools/defaults/main.yml | 2 ++
 ansible/roles/recon_tools/defaults/main.yml            | 2 ++
 ares-cli/src/worker/tool_check.rs                      | 3 ++-
 tools.yaml                                             | 9 +++++++--
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/lateral_movement_tools/defaults/main.yml b/ansible/roles/lateral_movement_tools/defaults/main.yml
index 617ca582..ff6b997b 100644
--- a/ansible/roles/lateral_movement_tools/defaults/main.yml
+++ b/ansible/roles/lateral_movement_tools/defaults/main.yml
@@ -6,6 +6,7 @@ lateral_movement_tools_kali_packages:
   - ruby
   - freerdp3-x11  # xfreerdp for RDP pass-the-hash (freerdp3 on Kali rolling)
   - smbclient
+  - samba-common-bin  # provides rpcclient for SMB/RPC lateral ops
   - sshpass  # SSH with password
   - proxychains4  # TCP connection proxying for pivoting
 
@@ -24,6 +25,7 @@ lateral_movement_tools_ubuntu_packages:
   - clang  # Required for building native gem extensions
   - freerdp3-x11  # xfreerdp for RDP pass-the-hash
   - smbclient
+  - samba-common-bin  # provides rpcclient for SMB/RPC lateral ops
   - sshpass  # SSH with password
   - proxychains4  # TCP connection proxying for pivoting
 
diff --git a/ansible/roles/recon_tools/defaults/main.yml b/ansible/roles/recon_tools/defaults/main.yml
index e34e1106..ba4b4f50 100644
--- a/ansible/roles/recon_tools/defaults/main.yml
+++ b/ansible/roles/recon_tools/defaults/main.yml
@@ -7,6 +7,7 @@ recon_tools_kali_packages:
   - dnsutils
   - whois
   - samba-common-bin
+  - smbclient  # required by enum4linux/enum4linux-ng for share enumeration
 
 # Network reconnaissance tool packages (Ubuntu-compatible, no netexec in apt)
 recon_tools_ubuntu_packages:
@@ -16,6 +17,7 @@ recon_tools_ubuntu_packages:
   - dnsutils
   - whois
   - samba-common-bin  # includes rpcclient
+  - smbclient  # required by enum4linux/enum4linux-ng for share enumeration
 
 # enum4linux-ng configuration (installed via apt on Kali, pipx elsewhere)
 recon_tools_install_enum4linuxng: true
diff --git a/ares-cli/src/worker/tool_check.rs b/ares-cli/src/worker/tool_check.rs
index 94d994a9..530ef4c2 100644
--- a/ares-cli/src/worker/tool_check.rs
+++ b/ares-cli/src/worker/tool_check.rs
@@ -232,7 +232,8 @@ mod tests {
             "xfreerdp",
             "sshpass",
             "proxychains4",
-            "pth-winexe",
+            "smbclient",
+            "rpcclient",
         ] {
             assert!(
                 tools.contains(expected),
diff --git a/tools.yaml b/tools.yaml
index 51c7d109..30dfaef8 100644
--- a/tools.yaml
+++ b/tools.yaml
@@ -125,13 +125,18 @@ roles:
         binaries: [sshpass]
         fn_names: [ssh_with_password]
       - category: SMB
-        binaries: [smbclient]
+        binaries: [smbclient, rpcclient]
         fn_names: []
       - category: Pivoting
         binaries: [proxychains4]
         fn_names: []
+      # Pass-the-Hash (pth-toolkit) is unavailable on Debian trixie — the
+      # `passing-the-hash` apt package is gone and building from source
+      # needs a patched samba. fn_names are kept so the registry still
+      # exposes them, but binaries are omitted so tool_check doesn't flag
+      # them as expected-but-missing on every worker startup.
       - category: Pass-the-Hash
-        binaries: [pth-winexe, pth-smbclient, pth-rpcclient, pth-net, pth-wmic]
+        binaries: []
         fn_names: [pth_winexe, pth_smbclient, pth_rpcclient, pth_wmic]
       - category: Impacket
         binaries: [impacket-psexec, impacket-wmiexec, impacket-smbexec, impacket-secretsdump]

From b25993dd625de2ccd8b980f106f2a07085afc9f1 Mon Sep 17 00:00:00 2001
From: Jayson Grace <jayson.e.grace@gmail.com>
Date: Mon, 27 Apr 2026 12:41:34 -0600
Subject: [PATCH 2/2] docs: update package lists in lateral movement and recon
 tools README files

**Changed:**

- Updated package tables in `lateral_movement_tools` role README to add `samba-common-bin` before `sshpass` and shift `sshpass` and `proxychains4` indices for both Kali and Ubuntu package lists
- Added `smbclient` to `recon_tools` role README package tables for both Kali and Ubuntu, updating list indices accordingly
---
 ansible/roles/lateral_movement_tools/README.md | 10 ++++++----
 ansible/roles/recon_tools/README.md            |  2 ++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/lateral_movement_tools/README.md b/ansible/roles/lateral_movement_tools/README.md
index 1e7ede72..8d194ff0 100644
--- a/ansible/roles/lateral_movement_tools/README.md
+++ b/ansible/roles/lateral_movement_tools/README.md
@@ -26,8 +26,9 @@ Install and configure lateral movement and credential extraction tools for Ares
 | `lateral_movement_tools_kali_packages.1` | str | <code>ruby</code> | No description |
 | `lateral_movement_tools_kali_packages.2` | str | <code>freerdp3-x11</code> | No description |
 | `lateral_movement_tools_kali_packages.3` | str | <code>smbclient</code> | No description |
-| `lateral_movement_tools_kali_packages.4` | str | <code>sshpass</code> | No description |
-| `lateral_movement_tools_kali_packages.5` | str | <code>proxychains4</code> | No description |
+| `lateral_movement_tools_kali_packages.4` | str | <code>samba-common-bin</code> | No description |
+| `lateral_movement_tools_kali_packages.5` | str | <code>sshpass</code> | No description |
+| `lateral_movement_tools_kali_packages.6` | str | <code>proxychains4</code> | No description |
 | `lateral_movement_tools_ubuntu_packages` | list | <code>&#91;&#93;</code> | No description |
 | `lateral_movement_tools_ubuntu_packages.0` | str | <code>git</code> | No description |
 | `lateral_movement_tools_ubuntu_packages.1` | str | <code>python3</code> | No description |
@@ -42,8 +43,9 @@ Install and configure lateral movement and credential extraction tools for Ares
 | `lateral_movement_tools_ubuntu_packages.10` | str | <code>clang</code> | No description |
 | `lateral_movement_tools_ubuntu_packages.11` | str | <code>freerdp3-x11</code> | No description |
 | `lateral_movement_tools_ubuntu_packages.12` | str | <code>smbclient</code> | No description |
-| `lateral_movement_tools_ubuntu_packages.13` | str | <code>sshpass</code> | No description |
-| `lateral_movement_tools_ubuntu_packages.14` | str | <code>proxychains4</code> | No description |
+| `lateral_movement_tools_ubuntu_packages.13` | str | <code>samba-common-bin</code> | No description |
+| `lateral_movement_tools_ubuntu_packages.14` | str | <code>sshpass</code> | No description |
+| `lateral_movement_tools_ubuntu_packages.15` | str | <code>proxychains4</code> | No description |
 | `lateral_movement_tools_install_evil_winrm` | bool | <code>True</code> | No description |
 | `lateral_movement_tools_evil_winrm_gem` | str | <code>evil-winrm</code> | No description |
 | `lateral_movement_tools_install_xfreerdp` | bool | <code>True</code> | No description |
diff --git a/ansible/roles/recon_tools/README.md b/ansible/roles/recon_tools/README.md
index bc55cbab..1917a88c 100644
--- a/ansible/roles/recon_tools/README.md
+++ b/ansible/roles/recon_tools/README.md
@@ -29,6 +29,7 @@ Install and configure network reconnaissance tools for Ares agents
 | `recon_tools_kali_packages.4` | str | <code>dnsutils</code> | No description |
 | `recon_tools_kali_packages.5` | str | <code>whois</code> | No description |
 | `recon_tools_kali_packages.6` | str | <code>samba-common-bin</code> | No description |
+| `recon_tools_kali_packages.7` | str | <code>smbclient</code> | No description |
 | `recon_tools_ubuntu_packages` | list | <code>&#91;&#93;</code> | No description |
 | `recon_tools_ubuntu_packages.0` | str | <code>nmap</code> | No description |
 | `recon_tools_ubuntu_packages.1` | str | <code>ldap-utils</code> | No description |
@@ -36,6 +37,7 @@ Install and configure network reconnaissance tools for Ares agents
 | `recon_tools_ubuntu_packages.3` | str | <code>dnsutils</code> | No description |
 | `recon_tools_ubuntu_packages.4` | str | <code>whois</code> | No description |
 | `recon_tools_ubuntu_packages.5` | str | <code>samba-common-bin</code> | No description |
+| `recon_tools_ubuntu_packages.6` | str | <code>smbclient</code> | No description |
 | `recon_tools_install_enum4linuxng` | bool | <code>True</code> | No description |
 | `recon_tools_enum4linuxng_install_source` | str | <code>git+https://github.com/cddmp/enum4linux-ng.git</code> | No description |
 | `recon_tools_enum4linuxng_use_pipx` | bool | <code>True</code> | No description |