Skip to content

feat: add rpcclient as required tool and clarify pass-the-hash handling #237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
l50 merged 2 commits into from
Apr 27, 2026
Merged

feat: add rpcclient as required tool and clarify pass-the-hash handling #237

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
647297d
feat: add rpcclient as required SMB tool and update pass-the-hash han…
l50 Apr 27, 2026
b25993d
docs: update package lists in lateral movement and recon tools README…
l50 Apr 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions ansible/roles/lateral_movement_tools/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,9 @@ Install and configure lateral movement and credential extraction tools for Ares
| `lateral_movement_tools_kali_packages.1` | str | <code>ruby</code> | No description |
| `lateral_movement_tools_kali_packages.2` | str | <code>freerdp3-x11</code> | No description |
| `lateral_movement_tools_kali_packages.3` | str | <code>smbclient</code> | No description |
| `lateral_movement_tools_kali_packages.4` | str | <code>sshpass</code> | No description |
| `lateral_movement_tools_kali_packages.5` | str | <code>proxychains4</code> | No description |
| `lateral_movement_tools_kali_packages.4` | str | <code>samba-common-bin</code> | No description |
| `lateral_movement_tools_kali_packages.5` | str | <code>sshpass</code> | No description |
| `lateral_movement_tools_kali_packages.6` | str | <code>proxychains4</code> | No description |
| `lateral_movement_tools_ubuntu_packages` | list | <code>&#91;&#93;</code> | No description |
| `lateral_movement_tools_ubuntu_packages.0` | str | <code>git</code> | No description |
| `lateral_movement_tools_ubuntu_packages.1` | str | <code>python3</code> | No description |
Expand All @@ -42,8 +43,9 @@ Install and configure lateral movement and credential extraction tools for Ares
| `lateral_movement_tools_ubuntu_packages.10` | str | <code>clang</code> | No description |
| `lateral_movement_tools_ubuntu_packages.11` | str | <code>freerdp3-x11</code> | No description |
| `lateral_movement_tools_ubuntu_packages.12` | str | <code>smbclient</code> | No description |
| `lateral_movement_tools_ubuntu_packages.13` | str | <code>sshpass</code> | No description |
| `lateral_movement_tools_ubuntu_packages.14` | str | <code>proxychains4</code> | No description |
| `lateral_movement_tools_ubuntu_packages.13` | str | <code>samba-common-bin</code> | No description |
| `lateral_movement_tools_ubuntu_packages.14` | str | <code>sshpass</code> | No description |
| `lateral_movement_tools_ubuntu_packages.15` | str | <code>proxychains4</code> | No description |
| `lateral_movement_tools_install_evil_winrm` | bool | <code>True</code> | No description |
| `lateral_movement_tools_evil_winrm_gem` | str | <code>evil-winrm</code> | No description |
| `lateral_movement_tools_install_xfreerdp` | bool | <code>True</code> | No description |
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/lateral_movement_tools/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ lateral_movement_tools_kali_packages:
- ruby
- freerdp3-x11 # xfreerdp for RDP pass-the-hash (freerdp3 on Kali rolling)
- smbclient
- samba-common-bin # provides rpcclient for SMB/RPC lateral ops
- sshpass # SSH with password
- proxychains4 # TCP connection proxying for pivoting

Expand All @@ -24,6 +25,7 @@ lateral_movement_tools_ubuntu_packages:
- clang # Required for building native gem extensions
- freerdp3-x11 # xfreerdp for RDP pass-the-hash
- smbclient
- samba-common-bin # provides rpcclient for SMB/RPC lateral ops
- sshpass # SSH with password
- proxychains4 # TCP connection proxying for pivoting

Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/recon_tools/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,15 @@ Install and configure network reconnaissance tools for Ares agents
| `recon_tools_kali_packages.4` | str | <code>dnsutils</code> | No description |
| `recon_tools_kali_packages.5` | str | <code>whois</code> | No description |
| `recon_tools_kali_packages.6` | str | <code>samba-common-bin</code> | No description |
| `recon_tools_kali_packages.7` | str | <code>smbclient</code> | No description |
| `recon_tools_ubuntu_packages` | list | <code>&#91;&#93;</code> | No description |
| `recon_tools_ubuntu_packages.0` | str | <code>nmap</code> | No description |
| `recon_tools_ubuntu_packages.1` | str | <code>ldap-utils</code> | No description |
| `recon_tools_ubuntu_packages.2` | str | <code>enum4linux</code> | No description |
| `recon_tools_ubuntu_packages.3` | str | <code>dnsutils</code> | No description |
| `recon_tools_ubuntu_packages.4` | str | <code>whois</code> | No description |
| `recon_tools_ubuntu_packages.5` | str | <code>samba-common-bin</code> | No description |
| `recon_tools_ubuntu_packages.6` | str | <code>smbclient</code> | No description |
| `recon_tools_install_enum4linuxng` | bool | <code>True</code> | No description |
| `recon_tools_enum4linuxng_install_source` | str | <code>git+https://github.com/cddmp/enum4linux-ng.git</code> | No description |
| `recon_tools_enum4linuxng_use_pipx` | bool | <code>True</code> | No description |
Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/recon_tools/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ recon_tools_kali_packages:
- dnsutils
- whois
- samba-common-bin
- smbclient # required by enum4linux/enum4linux-ng for share enumeration

# Network reconnaissance tool packages (Ubuntu-compatible, no netexec in apt)
recon_tools_ubuntu_packages:
Expand All @@ -16,6 +17,7 @@ recon_tools_ubuntu_packages:
- dnsutils
- whois
- samba-common-bin # includes rpcclient
- smbclient # required by enum4linux/enum4linux-ng for share enumeration

# enum4linux-ng configuration (installed via apt on Kali, pipx elsewhere)
recon_tools_install_enum4linuxng: true
Expand Down
3 changes: 2 additions & 1 deletion ares-cli/src/worker/tool_check.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,8 @@ mod tests {
"xfreerdp",
"sshpass",
"proxychains4",
"pth-winexe",
"smbclient",
"rpcclient",
] {
assert!(
tools.contains(expected),
Expand Down
9 changes: 7 additions & 2 deletions tools.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,13 +125,18 @@ roles:
binaries: [sshpass]
fn_names: [ssh_with_password]
- category: SMB
binaries: [smbclient]
binaries: [smbclient, rpcclient]
fn_names: []
- category: Pivoting
binaries: [proxychains4]
fn_names: []
# Pass-the-Hash (pth-toolkit) is unavailable on Debian trixie — the
# `passing-the-hash` apt package is gone and building from source
# needs a patched samba. fn_names are kept so the registry still
# exposes them, but binaries are omitted so tool_check doesn't flag
# them as expected-but-missing on every worker startup.
- category: Pass-the-Hash
binaries: [pth-winexe, pth-smbclient, pth-rpcclient, pth-net, pth-wmic]
binaries: []
fn_names: [pth_winexe, pth_smbclient, pth_rpcclient, pth_wmic]
- category: Impacket
binaries: [impacket-psexec, impacket-wmiexec, impacket-smbexec, impacket-secretsdump]
Expand Down
Loading