gchq/CyberChef

Feature request: Add YARA-X Operations

Open

#2.622 aberto em 1 de jul. de 2026

Ver no GitHub
 (2 comments) (0 reactions) (1 assignee)JavaScript (3.944 forks)batch import
featurehelp wanted

Métricas do repositório

Stars
 (34.843 stars)
Métricas de merge de PR
 (Mesclagem média 57d 13h) (62 fundiu PRs em 30d)

Description

I cannot write or test YARA-X rules in CyberChef, like using the "with" statement. It is also faster, which will enhance the user experience.

Add a YARA-X Operation that uses a webasm module compiled directly from the YARA-X codebase instead of a third party integration.

Current Alternatives:

  • Use legacy YARA in CyberChef: This forces analysts to avoid new YARA-X features and maintains slower execution times on large datasets. The legacy YARA operation is not updated regularly.
  • Test with YARA-X locally: Running the YARA-X CLI tool locally against downloaded payloads breaks worflows that CyberChef provides.
  • Use external web testers: Copying payloads to other online YARA testing sandboxes introduces friction and potential operational security (OPSEC) risks if the data is sensitive.

YARA-X is the official successor to YARA, built by VirusTotal. Since it is designed with a strong focus on developer experience and modern architecture, the YARA-X project already includes support for WASM bindings. Leveraging these existing Rust-to-WASM capabilities should significantly reduce the development friction required to implement this operation in CyberChef.

Guia do colaborador