git404hub

what is ferrum fr?

kernelstub/ferrum — explained in plain English

Analysis updated 2026-05-18

87GoAudience · researcherComplexity · 4/5Setup · moderate

tl;dr

A Windows security auditing tool written in Go that helps researchers find privilege escalation, persistence, and COM hijacking weaknesses.

vibe map

mindmap
  root((Ferrum))
    What it does
      Audits Windows for security weaknesses
      Runs modular research checks
      Automates COM hijack triage
    Tech stack
      Go
      Windows API
      Single binary executable
    Use cases
      Enumerate Windows attack surface
      Find COM hijacking opportunities
      Check for privilege escalation paths
    Audience
      Security researchers
      Penetration testers
      Windows systems auditors

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Scan a Windows system for local privilege escalation and persistence weaknesses.

VIBE 2

Automate COM hijacking triage that would otherwise require manual Process Monitor filtering.

VIBE 3

Generate per-module security audit reports for a Windows target.

VIBE 4

Extend the tool with a custom research module using its core interface.

what's the stack?

GoWindows API

how it stacks up fr

kernelstub/ferrumcybertec-postgresql/pg_hardstorageiampedii/whitedns-wizard
Stars878890
LanguageGoGoGo
Setup difficultymoderatemoderatehard
Complexity4/54/54/5
Audienceresearcherops devopsops devops

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · moderate time til it works · 30min

Requires Go to cross-compile a Windows binary, intended for authorized security research and auditing only.

No license information is provided in the README.

in plain english

Ferrum is a security research tool for Windows, written in Go and compiled into a single executable file. It is aimed at people who audit Windows systems for vulnerabilities, specifically looking at weaknesses that could allow a low-privileged user to gain higher privileges, maintain persistence after a reboot, or hijack Windows components through a mechanism called COM (Component Object Model). The tool follows a modular design. Each research capability is packaged as a module, and new modules can be added by implementing a small interface and registering with the core. Running the tool with specific flags runs individual modules, running it with the flag that targets all modules produces a separate report file for each one. Output can be written to a named file or folder, or the tool creates a timestamped folder automatically. One of the documented modules focuses on COM hijacking triage, which is a technique security researchers use to find cases where Windows looks up a COM component in a location a regular user controls, allowing that user to place a malicious file there. The module automates the kind of filtering a researcher would otherwise do manually with a Windows tool called Process Monitor, narrowing down registry lookups that fail and point to locations writable by normal users. Building Ferrum requires Go and cross-compiles from Linux or macOS as well as from Windows itself. The README is short and the project appears to be at an early or research stage, with the module set still growing. The description lists local privilege escalation, persistence, COM hijacking, and attack surface enumeration as the primary focus areas.

prompts (copy fr)

prompt 1
Explain how to build Ferrum for Windows from a Linux or macOS machine.
prompt 2
Walk me through running Ferrum's --ALL flag and interpreting the generated reports.
prompt 3
Explain what COM hijacking is using Ferrum's --CLSID module as an example.
prompt 4
Show me how to write a new module for Ferrum that implements core.Module.

Frequently asked questions

what is ferrum fr?

A Windows security auditing tool written in Go that helps researchers find privilege escalation, persistence, and COM hijacking weaknesses.

What language is ferrum written in?

Mainly Go. The stack also includes Go, Windows API.

What license does ferrum use?

No license information is provided in the README.

How hard is ferrum to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is ferrum for?

Mainly researcher.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.