whatisgithub

What is ferrum?

kernelstub/ferrum — explained in plain English

Analysis updated 2026-05-18

87GoAudience · researcherComplexity · 4/5Setup · moderate

In one sentence

A Windows security auditing tool written in Go that helps researchers find privilege escalation, persistence, and COM hijacking weaknesses.

Mindmap

mindmap
  root((Ferrum))
    What it does
      Audits Windows for security weaknesses
      Runs modular research checks
      Automates COM hijack triage
    Tech stack
      Go
      Windows API
      Single binary executable
    Use cases
      Enumerate Windows attack surface
      Find COM hijacking opportunities
      Check for privilege escalation paths
    Audience
      Security researchers
      Penetration testers
      Windows systems auditors

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan a Windows system for local privilege escalation and persistence weaknesses.

USE CASE 2

Automate COM hijacking triage that would otherwise require manual Process Monitor filtering.

USE CASE 3

Generate per-module security audit reports for a Windows target.

USE CASE 4

Extend the tool with a custom research module using its core interface.

What is it built with?

GoWindows API

How does it compare?

kernelstub/ferrumcybertec-postgresql/pg_hardstoragebjarneo/kli
Stars878892
LanguageGoGoGo
Setup difficultymoderatemoderatemoderate
Complexity4/54/53/5
Audienceresearcherops devopsops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires Go to cross-compile a Windows binary, intended for authorized security research and auditing only.

No license information is provided in the README.

So what is it?

Ferrum is a security research tool for Windows, written in Go and compiled into a single executable file. It is aimed at people who audit Windows systems for vulnerabilities, specifically looking at weaknesses that could allow a low-privileged user to gain higher privileges, maintain persistence after a reboot, or hijack Windows components through a mechanism called COM (Component Object Model). The tool follows a modular design. Each research capability is packaged as a module, and new modules can be added by implementing a small interface and registering with the core. Running the tool with specific flags runs individual modules, running it with the flag that targets all modules produces a separate report file for each one. Output can be written to a named file or folder, or the tool creates a timestamped folder automatically. One of the documented modules focuses on COM hijacking triage, which is a technique security researchers use to find cases where Windows looks up a COM component in a location a regular user controls, allowing that user to place a malicious file there. The module automates the kind of filtering a researcher would otherwise do manually with a Windows tool called Process Monitor, narrowing down registry lookups that fail and point to locations writable by normal users. Building Ferrum requires Go and cross-compiles from Linux or macOS as well as from Windows itself. The README is short and the project appears to be at an early or research stage, with the module set still growing. The description lists local privilege escalation, persistence, COM hijacking, and attack surface enumeration as the primary focus areas.

Copy-paste prompts

Prompt 1
Explain how to build Ferrum for Windows from a Linux or macOS machine.
Prompt 2
Walk me through running Ferrum's --ALL flag and interpreting the generated reports.
Prompt 3
Explain what COM hijacking is using Ferrum's --CLSID module as an example.
Prompt 4
Show me how to write a new module for Ferrum that implements core.Module.

Frequently asked questions

What is ferrum?

A Windows security auditing tool written in Go that helps researchers find privilege escalation, persistence, and COM hijacking weaknesses.

What language is ferrum written in?

Mainly Go. The stack also includes Go, Windows API.

What license does ferrum use?

No license information is provided in the README.

How hard is ferrum to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is ferrum for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.