gchq/CyberChef

Feature request: Add YARA-X Operations

Open

#2,622 创建于 2026年7月1日

在 GitHub 查看
 (2 评论) (0 反应) (1 负责人)JavaScript (3,944 fork)batch import
featurehelp wanted

仓库指标

Star
 (34,843 star)
PR 合并指标
 (平均合并 57天 13小时) (30 天内合并 62 个 PR)

描述

I cannot write or test YARA-X rules in CyberChef, like using the "with" statement. It is also faster, which will enhance the user experience.

Add a YARA-X Operation that uses a webasm module compiled directly from the YARA-X codebase instead of a third party integration.

Current Alternatives:

  • Use legacy YARA in CyberChef: This forces analysts to avoid new YARA-X features and maintains slower execution times on large datasets. The legacy YARA operation is not updated regularly.
  • Test with YARA-X locally: Running the YARA-X CLI tool locally against downloaded payloads breaks worflows that CyberChef provides.
  • Use external web testers: Copying payloads to other online YARA testing sandboxes introduces friction and potential operational security (OPSEC) risks if the data is sensitive.

YARA-X is the official successor to YARA, built by VirusTotal. Since it is designed with a strong focus on developer experience and modern architecture, the YARA-X project already includes support for WASM bindings. Leveraging these existing Rust-to-WASM capabilities should significantly reduce the development friction required to implement this operation in CyberChef.

贡献者指南