Skip to content

kernelstub/Ferrum

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

FERRUM

image

Ferrum is a Windows-first vulnerability research and security auditing framework written in Go. It is designed as a single binary, ferrum.exe, with modules registered through a small core interface.

Build

GOOS=windows GOARCH=amd64 go build -o ferrum.exe ./cmd

Or use the included script:

.\scripts\build-windows.ps1

From Linux/macOS:

./scripts/build-windows.sh

Usage

ferrum.exe --HELP

Architecture

  • cmd/ contains the CLI entry point.
  • core/ contains module registration, context, and banner code.
  • modules/ contains research modules. New modules implement core.Module and call core.Register.
  • windows/ contains build-tagged Windows API wrappers and non-Windows stubs.
  • output/ contains console logging.

Output

Write a single module report:

ferrum.exe --CLSID --OUTPUT clsid.txt

Run every module and write one file per module:

ferrum.exe --ALL
ferrum.exe --ALL --OUTPUT ferrum-reports

Without --OUTPUT, --ALL creates a timestamped folder such as ferrum-output-20260613-153000.

CLSID ProcMon Filter Model

--CLSID models this ProcMon workflow for COM hijack/LPE triage:

  • User is NT AUTHORITY\SYSTEM
  • Path contains HKCU\Software\Classes
  • Path contains InprocServer32
  • Path contains LocalServer32
  • Result is NAME NOT FOUND

About

Windows security research toolkit for LPE, persistence, COM hijacking, and attack surface enumeration.

Topics

Resources

License

Stars

203 stars

Watchers

2 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages