gchq/CyberChef

Feature request: Add YARA-X Operations

Open

#2622 aperta il 1 lug 2026

Vedi su GitHub
 (2 commenti) (0 reazioni) (1 assegnatario)JavaScript (3944 fork)batch import
featurehelp wanted

Metriche repository

Star
 (34.843 star)
Metriche merge PR
 (Merge medio 57g 13h) (62 PR mergiate in 30 g)

Descrizione

I cannot write or test YARA-X rules in CyberChef, like using the "with" statement. It is also faster, which will enhance the user experience.

Add a YARA-X Operation that uses a webasm module compiled directly from the YARA-X codebase instead of a third party integration.

Current Alternatives:

  • Use legacy YARA in CyberChef: This forces analysts to avoid new YARA-X features and maintains slower execution times on large datasets. The legacy YARA operation is not updated regularly.
  • Test with YARA-X locally: Running the YARA-X CLI tool locally against downloaded payloads breaks worflows that CyberChef provides.
  • Use external web testers: Copying payloads to other online YARA testing sandboxes introduces friction and potential operational security (OPSEC) risks if the data is sensitive.

YARA-X is the official successor to YARA, built by VirusTotal. Since it is designed with a strong focus on developer experience and modern architecture, the YARA-X project already includes support for WASM bindings. Leveraging these existing Rust-to-WASM capabilities should significantly reduce the development friction required to implement this operation in CyberChef.

Guida contributor