undertaker

module
v0.0.0-...-18887ee Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: MIT

README

Undertaker

Undertaker is a static malware analysis tool that triages a sample and produces a structured report.

Point it at a binary. Get hashes, packing detection, suspicious imports, IOCs, strings of interest, capability tags, and YARA matches — in one command:

undertaker analyze sample.dll

Dependencies

Go modules (managed via go.mod)

Package Purpose
github.com/saferwall/pe PE file parsing
github.com/glaslos/ssdeep Fuzzy hashing (ssdeep)
github.com/charmbracelet/bubbletea TUI framework
github.com/charmbracelet/bubbles TUI components
github.com/charmbracelet/lipgloss TUI styling
github.com/spf13/cobra CLI framework
gopkg.in/yaml.v3 YAML config parsing
github.com/atotto/clipboard Clipboard support

External tools (optional, enhance analysis)

Tool Min version Purpose
FLOSS 3.x Deobfuscated string extraction
capa 7.x Capability detection
YARA 4.x YARA rule matching

External tools are auto-discovered from $PATH or can be configured explicitly (see ~/.config/undertaker/config.yaml).

Build from source

git clone https://github.com/urb4n3/undertaker.git
cd undertaker
go build -o undertaker ./cmd/undertaker

Directories

Path Synopsis
cmd
undertaker command
internal
analysis
cli
config
models
reporting
tools
tui

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.