Scan a Windows system for local privilege escalation and persistence weaknesses.
Automate COM hijacking triage that would otherwise require manual Process Monitor filtering.
Generate per-module security audit reports for a Windows target.
Extend the tool with a custom research module using its core interface.
| kernelstub/ferrum | cybertec-postgresql/pg_hardstorage | bjarneo/kli | |
|---|---|---|---|
| Stars | 87 | 88 | 92 |
| Language | Go | Go | Go |
| Setup difficulty | moderate | moderate | moderate |
| Complexity | 4/5 | 4/5 | 3/5 |
| Audience | researcher | ops devops | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Requires Go to cross-compile a Windows binary, intended for authorized security research and auditing only.
Ferrum is a security research tool for Windows, written in Go and compiled into a single executable file. It is aimed at people who audit Windows systems for vulnerabilities, specifically looking at weaknesses that could allow a low-privileged user to gain higher privileges, maintain persistence after a reboot, or hijack Windows components through a mechanism called COM (Component Object Model). The tool follows a modular design. Each research capability is packaged as a module, and new modules can be added by implementing a small interface and registering with the core. Running the tool with specific flags runs individual modules, running it with the flag that targets all modules produces a separate report file for each one. Output can be written to a named file or folder, or the tool creates a timestamped folder automatically. One of the documented modules focuses on COM hijacking triage, which is a technique security researchers use to find cases where Windows looks up a COM component in a location a regular user controls, allowing that user to place a malicious file there. The module automates the kind of filtering a researcher would otherwise do manually with a Windows tool called Process Monitor, narrowing down registry lookups that fail and point to locations writable by normal users. Building Ferrum requires Go and cross-compiles from Linux or macOS as well as from Windows itself. The README is short and the project appears to be at an early or research stage, with the module set still growing. The description lists local privilege escalation, persistence, COM hijacking, and attack surface enumeration as the primary focus areas.
A Windows security auditing tool written in Go that helps researchers find privilege escalation, persistence, and COM hijacking weaknesses.
Mainly Go. The stack also includes Go, Windows API.
No license information is provided in the README.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.