@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

Package has been drafted: https://gitlab.com/Arszilla/yaralyzer

However, it requires the following package as its a dependency I had to package: https://gitlab.com/Arszilla/rich-argparse-plus

I tested the functionality in a limited manner - thus I'd appreciate it if you could test it @mccrypter. I've attached the drafted packages below. Feel free to install them in a pre-existing instance of Kali (or spin up one in Docker) and test them, and feel free to report any issues you have.

thanks @arszilla! I did a little test driving on a bare bones kali docker container and while i didn't run the whole test suite everything i tried worked great, including stuff like dumping colored output to svg files which is what i would expect to have issues if there were any.

that said i did notice you packaged yaralyzer for "all" architectures but rich-argparse-plus is only packaged for x86/amd64. while it's not the end of the world (i was able to work around it with docker pull --platform linux/amd64 kalilinux/kali-rolling instead of just docker pull kalilinux/kali-rolling) it's at least worth mentioning that these packages will not work for someone using the default kali container on an arm64 device.

specifically this is what happened:

$ docker pull kalilinux/kali-rolling
$ docker run --tty --interactive kalilinux/kali-rolling

┌──(root㉿4c3cb6edb32a)-[/debian_pkgs]
└─# dpkg -i ./python3-rich-argparse-plus_0.3.1.4-0kali1_amd64.deb 
dpkg: error processing archive ./python3-rich-argparse-plus_0.3.1.4-0kali1_amd64.deb (--install):
 package architecture (amd64) does not match system (arm64)

p.s. i don't know if you'd by any chance be interested in packaging the pdfalyzer which is the tool that i broke the yaralyzer out from and which has proven surprisingly (to me, at least) popular for investigating malware PDFs but if you are it's here: https://github.com/michelcrypt4d4mus/pdfalyzer

realistically it only has 2 or 3 dependencies beyond those already required to package the yaralyzer.

Hey @mccrypter

1. Thanks for pointing out my mistake. It should `Architecture: any, not Architecture: all. Thus, rich-argparse-plus is correct, while yaralyzer is incorrect. I've pushed a commit to fix this and the Kali Team would have caught this as well when they review my work before pushing it to their repositories.
2. It'd be better if you submit a separate ticket for pdfalyzer. If the team approves the package, I will likely package it no one attempts it before I do.

I should point out that the packages I shared were built for amd64, thus they'll only work on amd64 based systems. For i386 or arm64, a respective build must happen. If you want, I can provide you with arm64 images if you wish to test it on that platform.

i'm not super worried about the arm64 vs. amd64 thing seeing as how it's pretty tricky to install linux on a mac these days and there is the --platform workaround for those using docker but if there's a way to make the build generic so that it Just Works when someone pulls the docker image and runs it on an arm64 platform that seems like it would be ideal... but tbh i don't know enough about apt or the packaging of kali tools to know if that's something you need to do anything about or if it will Just Work as is.

created a separate issue for packaging the pdfalyzer (actually far more popular a tool than the standalone yaralyzer)