Repository metrics
- Stars
- (34,843 stars)
- PR merge metrics
- (Avg merge 57d 13h) (62 merged PRs in 30d)
Description
I cannot write or test YARA-X rules in CyberChef, like using the "with" statement. It is also faster, which will enhance the user experience.
Add a YARA-X Operation that uses a webasm module compiled directly from the YARA-X codebase instead of a third party integration.
Current Alternatives:
- Use legacy YARA in CyberChef: This forces analysts to avoid new YARA-X features and maintains slower execution times on large datasets. The legacy YARA operation is not updated regularly.
- Test with YARA-X locally: Running the YARA-X CLI tool locally against downloaded payloads breaks worflows that CyberChef provides.
- Use external web testers: Copying payloads to other online YARA testing sandboxes introduces friction and potential operational security (OPSEC) risks if the data is sensitive.
YARA-X is the official successor to YARA, built by VirusTotal. Since it is designed with a strong focus on developer experience and modern architecture, the YARA-X project already includes support for WASM bindings. Leveraging these existing Rust-to-WASM capabilities should significantly reduce the development friction required to implement this operation in CyberChef.