gchq/CyberChef

Feature request: Add YARA-X Operations

Open

#2.622 geöffnet am 1. Juli 2026

Auf GitHub ansehen
 (2 Kommentare) (0 Reaktionen) (1 zugewiesene Person)JavaScript (3.944 Forks)batch import
featurehelp wanted

Repository-Metriken

Stars
 (34.843 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 57T 13h) (62 gemergte PRs in 30 T)

Beschreibung

I cannot write or test YARA-X rules in CyberChef, like using the "with" statement. It is also faster, which will enhance the user experience.

Add a YARA-X Operation that uses a webasm module compiled directly from the YARA-X codebase instead of a third party integration.

Current Alternatives:

  • Use legacy YARA in CyberChef: This forces analysts to avoid new YARA-X features and maintains slower execution times on large datasets. The legacy YARA operation is not updated regularly.
  • Test with YARA-X locally: Running the YARA-X CLI tool locally against downloaded payloads breaks worflows that CyberChef provides.
  • Use external web testers: Copying payloads to other online YARA testing sandboxes introduces friction and potential operational security (OPSEC) risks if the data is sensitive.

YARA-X is the official successor to YARA, built by VirusTotal. Since it is designed with a strong focus on developer experience and modern architecture, the YARA-X project already includes support for WASM bindings. Leveraging these existing Rust-to-WASM capabilities should significantly reduce the development friction required to implement this operation in CyberChef.

Contributor Guide