Ferrum is a Windows-first vulnerability research and security auditing framework written in Go. It is designed as a single binary, ferrum.exe, with modules registered through a small core interface.
GOOS=windows GOARCH=amd64 go build -o ferrum.exe ./cmdOr use the included script:
.\scripts\build-windows.ps1From Linux/macOS:
./scripts/build-windows.shferrum.exe --HELPcmd/contains the CLI entry point.core/contains module registration, context, and banner code.modules/contains research modules. New modules implementcore.Moduleand callcore.Register.windows/contains build-tagged Windows API wrappers and non-Windows stubs.output/contains console logging.
Write a single module report:
ferrum.exe --CLSID --OUTPUT clsid.txtRun every module and write one file per module:
ferrum.exe --ALL
ferrum.exe --ALL --OUTPUT ferrum-reportsWithout --OUTPUT, --ALL creates a timestamped folder such as ferrum-output-20260613-153000.
--CLSID models this ProcMon workflow for COM hijack/LPE triage:
User is NT AUTHORITY\SYSTEMPath contains HKCU\Software\ClassesPath contains InprocServer32Path contains LocalServer32Result is NAME NOT FOUND