gchq/CyberChef

Feature request: Add YARA-X Operations

Open

#2,622 opened on 2026年7月1日

GitHub で見る
 (2 comments) (0 reactions) (1 assignee)JavaScript (3,944 forks)batch import
featurehelp wanted

Repository metrics

Stars
 (34,843 stars)
PR merge metrics
 (平均マージ 57d 13h) (30d で 62 merged PRs)

説明

I cannot write or test YARA-X rules in CyberChef, like using the "with" statement. It is also faster, which will enhance the user experience.

Add a YARA-X Operation that uses a webasm module compiled directly from the YARA-X codebase instead of a third party integration.

Current Alternatives:

  • Use legacy YARA in CyberChef: This forces analysts to avoid new YARA-X features and maintains slower execution times on large datasets. The legacy YARA operation is not updated regularly.
  • Test with YARA-X locally: Running the YARA-X CLI tool locally against downloaded payloads breaks worflows that CyberChef provides.
  • Use external web testers: Copying payloads to other online YARA testing sandboxes introduces friction and potential operational security (OPSEC) risks if the data is sensitive.

YARA-X is the official successor to YARA, built by VirusTotal. Since it is designed with a strong focus on developer experience and modern architecture, the YARA-X project already includes support for WASM bindings. Leveraging these existing Rust-to-WASM capabilities should significantly reduce the development friction required to implement this operation in CyberChef.

コントリビューターガイド