deploy_agents_winrm
Deploy Velociraptor agents to Windows systems using WinRM for endpoint management and forensic investigation workflows.
Instructions
Push Velociraptor agents to Windows systems via WinRM.
Args: deployment_id: The deployment to connect agents to targets: List of target hostnames or IPs username: Windows username (DOMAIN\user or user@domain) password: Windows password labels: Labels to apply to deployed agents use_ssl: Use HTTPS for WinRM (default True) port: WinRM port (default 5986 for HTTPS)
Returns: Deployment results for each target.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| deployment_id | Yes | ||
| targets | Yes | ||
| username | Yes | ||
| password | Yes | ||
| labels | No | ||
| use_ssl | No | ||
| port | No |
Implementation Reference
- The `deploy_agents_winrm` tool implementation in `src/megaraptor_mcp/tools/deployment.py`.
async def deploy_agents_winrm( deployment_id: str, targets: list[str], username: str, password: str, labels: Optional[list[str]] = None, use_ssl: bool = True, port: int = 5986, ) -> list[TextContent]: """Push Velociraptor agents to Windows systems via WinRM. Args: deployment_id: The deployment to connect agents to targets: List of target hostnames or IPs username: Windows username (DOMAIN\\user or user@domain) password: Windows password labels: Labels to apply to deployed agents use_ssl: Use HTTPS for WinRM (default True) port: WinRM port (default 5986 for HTTPS) Returns: Deployment results for each target. """ try: from ..deployment.agents import WinRMDeployer from ..deployment.agents.winrm_deployer import WinRMCredentials, DeploymentTarget as WinRMTarget from ..deployment.security import CertificateManager from ..deployment.deployers import DockerDeployer # Get deployment info deployer = DockerDeployer() info = await deployer.get_status(deployment_id) if not info: return [TextContent( type="text", text=json.dumps({ "error": f"Deployment not found: {deployment_id}", "hint": "Use list_deployments tool to see available deployments" }, indent=2) )] # Load certificates cert_manager = CertificateManager() bundle = cert_manager.load_bundle(deployment_id) if not bundle: return [TextContent( type="text", text=json.dumps({ "error": "Certificate bundle not found" }, indent=2) )] # Generate client config import yaml client_config = yaml.dump({ "Client": { "server_urls": [info.server_url.replace("/api/", "") + ":8000/"], "ca_certificate": bundle.ca_cert, "nonce": secrets.token_hex(8), "labels": labels or [], }, "version": {"name": "megaraptor-winrm-deploy"}, }) # Create credentials and targets creds = WinRMCredentials( username=username, password=password, use_ssl=use_ssl, port=port, ) winrm_targets = [ WinRMTarget(hostname=t, port=port, credentials=creds) for t in targets ] # Deploy winrm_deployer = WinRMDeployer(default_credentials=creds) results = await winrm_deployer.deploy_to_multiple( winrm_targets, client_config, labels=labels ) return [TextContent( type="text", text=json.dumps({ "total": len(results), "successful": sum(1 for r in results if r.success), "failed": sum(1 for r in results if not r.success), "results": [r.to_dict() for r in results], }, indent=2) )] except ImportError: return [TextContent( type="text", text=json.dumps({ "error": "pywinrm not installed", "suggestion": "pip install pywinrm" }, indent=2) )] except ImportError as e: return [TextContent( type="text", text=json.dumps({ "error": f"Missing dependency: {str(e)}", "hint": "Install required packages with: pip install megaraptor-mcp[deployment]" }, indent=2) )] except Exception: # Generic errors - don't expose internals return [TextContent( type="text", text=json.dumps({ "error": "Operation failed", "hint": "Check deployment configuration and try again" }, indent=2) )]