[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-85122":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":14,"stars30d":14,"stars90d":14,"forks30d":14,"starsTrendScore":14,"compositeScore":15,"rankGlobal":9,"rankLanguage":9,"license":16,"archived":17,"fork":17,"defaultBranch":18,"hasWiki":19,"hasPages":17,"topics":20,"createdAt":9,"pushedAt":9,"updatedAt":21,"readmeContent":22,"aiSummary":9,"trendingCount":14,"starSnapshotCount":14,"syncStatus":13,"lastSyncTime":23,"discoverSource":24},85122,"Ferrum","kernelstub\u002FFerrum","kernelstub","Windows security research toolkit for LPE, persistence, COM hijacking, and attack surface enumeration.",null,"Go",146,19,2,0,39.61,"GNU General Public License v3.0",false,"main",true,[],"2026-06-15 10:04:34","# FERRUM\n\n\u003Cimg width=\"1920\" height=\"1080\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F924c39a5-5f9d-44b1-b9a3-ecd424140408\" \u002F>\n\n\nFerrum is a Windows-first vulnerability research and security auditing framework written in Go. It is designed as a single binary, `ferrum.exe`, with modules registered through a small core interface.\n\n## Build\n\n```sh\nGOOS=windows GOARCH=amd64 go build -o ferrum.exe .\u002Fcmd\n```\n\nOr use the included script:\n\n```powershell\n.\\scripts\\build-windows.ps1\n```\n\nFrom Linux\u002FmacOS:\n\n```sh\n.\u002Fscripts\u002Fbuild-windows.sh\n```\n\n## Usage\n\n```cmd\nferrum.exe --HELP\n```\n\n## Architecture\n\n- `cmd\u002F` contains the CLI entry point.\n- `core\u002F` contains module registration, context, and banner code.\n- `modules\u002F` contains research modules. New modules implement `core.Module` and call `core.Register`.\n- `windows\u002F` contains build-tagged Windows API wrappers and non-Windows stubs.\n- `output\u002F` contains console logging.\n\n## Output\n\nWrite a single module report:\n\n```cmd\nferrum.exe --CLSID --OUTPUT clsid.txt\n```\n\nRun every module and write one file per module:\n\n```cmd\nferrum.exe --ALL\nferrum.exe --ALL --OUTPUT ferrum-reports\n```\n\nWithout `--OUTPUT`, `--ALL` creates a timestamped folder such as `ferrum-output-20260613-153000`.\n\n## CLSID ProcMon Filter Model\n\n`--CLSID` models this ProcMon workflow for COM hijack\u002FLPE triage:\n\n- `User is NT AUTHORITY\\SYSTEM`\n- `Path contains HKCU\\Software\\Classes`\n- `Path contains InprocServer32`\n- `Path contains LocalServer32`\n- `Result is NAME NOT FOUND`\n","2026-06-15 02:30:05","CREATED_QUERY"]