Todd Benson (I.T. SPECIALIST and I.T. SECURITY), profile picture
Uploaded byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
PPTX, PDF2,077 views

Regex 101

This document provides an overview of regular expressions (RegEx). It explains what RegEx is, some basic RegEx syntax like character classes and anchors, and common uses of RegEx like searching logs and programming. Useful regular expressions are also included, such as for social security numbers, phone numbers, and email addresses. Questions are welcomed at the end.

Embed presentation

Downloaded 24 times
RegEx 101 Todd Benson
Overview • • • • What is RegEx RegEx Basics Uses for RegEx Useful RegExpressions
What is RegEx? “In computing, a regular expression (abbreviated regex or regexp) is a sequence of characters that forms a search pattern, mainly for use in pattern matching with strings, or string matching, i.e. "find and replace"-like operations. “ - Wikipedia
• “Some people, when confronted with a problem, think ‘I know, I'll use regular expressions.’ Now they have two problems.” Jamie Zawinski
Why RegEx? • Tools use it: Nessus, Burp, W3AF • All programming languages use it • Excellent tool to have in the toolbox
RegEx Basics: Literal Matches Literal Matches ‘bat’ matches ‘bat’ 12 special characters - ^ $ . | ? * + ( ) [ ] These must be escaped ‘’ ‘$’ . ‘.at’ Matches ‘bat’, ‘cat’, and ‘hat’
RegEx Basics: Characture Classes Character Classes • -- [ ] ‘[bc]at’ will match ‘bat’ or ‘cat’ • --[^ ] [^A-Z] will match any character that is not a capitol letter
RegEx Basics: Shorthand Character Classes Shorthand Character Classes • d Same as [0-9] • D Same as [^0-9] • w Same as [0-9A-Za-z_] • W Same as [^0-9A-Za-z_] • s tab, line feed, form feed, carriage return, and space • S Anything other than tab, line feed, etc.
RegEx Basics: Anchors Anchors • ^ Beginning of line ‘rpm -qa|grep ^ao’ would list all packages that start with ‘ao’ • $ End of line ‘[0-9][0-9][0-9]$’ would find all instances when a line ended with 3 consecutive digits • b b Word boundary ‘bW.n*b’ looks for words that begin with ‘W’ followed by any character followed by ‘n’ followed by zero or more characters ‘Win’ ‘Windows’ ‘Won’ ‘Wonton’ ‘Winter’ ‘Wonderland’ ‘Wonder’ all match
RegEx Basics: Non-Printable Non-printable • -- n New Line • -- r Carriage Return
RegEx Basics: Groups Groups • --( ) Defines the scope and precedence of operators ‘Write(ln)?’ matches ‘Write’ and ‘Writeln’ • -- | OR ‘Gr(a|e)y’ matches ‘Gray’ and ‘Grey’ ‘(ITSO|OITS)’ matches ‘ITSO’ or ‘OITS’
RegEx Basics: Quantification Quantification Shows how often a token or group is allowed to occur • ? Zero or one ‘a?’ will match ‘’ and ‘a’ • * Zero or more ‘a*’ will match ‘’ and ‘a’ and ‘aaaaaaaaa’
RegEx Basics: Quantification (Cont.) Quantification Shows how often a token or group is allowed to occur • + One or more ‘a+’ will match ‘a’ and ‘aaaaaaaaaaaa’ • {,} Minimum and Maximum ‘a{3,7}’ will match between 3 and 7 ‘a’
Uses: Searches • Errors (error|exception|illegal|invalid|fail|stack|access|direc tory|file|not found|unknown|uid=|varchar|SQL|quotation mark|syntax|password) • Redirects (document|window).
Uses: Searches (Cont.) • DOM XSS ((src|href|data|location|code|value|action)s*["']]* s*+?s*=)|((replace|assign|navigate|getResponseHea der|open(Dialog)?|showModalDialog|eval|evaluate|e xecCommand|execScript|setTimeout|setInterval)s*["' ]]*s*() • DOM XSS (locations*[[.])|([.[]s*["']?s*(arguments|dialogArg uments|innerHTML|write(ln)?|open(Dialog)?|showMo dalDialog|cookie|URL|documentURI|baseURI|referrer |name|opener|parent|top|content|self|frames)W)|( localStorage|sessionStorage|Database)
Uses: Searching Logs • grep -v 156.132.142.[11-19] /var/log/apache2/other_vhosts_access.log|grep -v 156.132.103.* • cat /var/log/apache2/other_vhosts_access.log|grep -o 's[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[09]{1,3}s' | sort -t . -k 3,3n -k 4,4n|uniq
Uses: VI Search and Replace • SS# :%s/d{3}-d{2}-d{4}/123-45-6789/g • email :%s/[0-9A-Za-z._%+-]+@[0-9A-Za-z._%+-]+.[AZa-z]{2,4}/john.doe@ao.uscourts.gov/g
Uses: Command Line openssl ciphers|sed ‘s/:/n/g'|sort
Uses: Output Mangaling while read line; do host $line; done < ips.txt | sed 's/ has address / / /g‘ > foo.txt
Uses: Programming • Sanitizing input $name = preg_replace("/<s*?/?scripts*?>/i", "&lt;script&gt;", $name);
Useful RegExes • SS# d{3}-d{2}-d{4} • Phone# ((?d{3})?[ -.])?d{3}[ -.]d{4} • IP Addresses b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3} (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)b • email [0-9A-Z._%+-]+@[0-9A-Z._%+-]+.[A-Z]{2,4} • Find Base64 (?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)? • Credit Card# - HTML Tags - Dates
Questions?
Go forth and RegEx…
References • • • • • • Web Application Hacker's Handbook http://regex.info/blog/2006-09-15/247#comment-3085 http://en.wikipedia.org/wiki/Regular_expression https://isc.sans.edu/regex.html http://www.regular-expressions.info/examples.html http://blog.spiderlabs.com/2013/02/easy-dom-basedxss-detection-via-regexes.html • https://en.wikipedia.org/wiki/Regular_expression • www.xkcd.com

More Related Content

PPT
101 3.7 search text files using regular expressions
byAcácio Oliveira
 
PPTX
Introduction to Regular Expressions
byMatt Casto
 
KEY
Regular Expressions 101
byRaj Rajandran
 
ODP
OISF: Regular Expressions (Regex) Overview
byThreatReel Podcast
 
PPTX
Regular Expression (Regex) Fundamentals
byMesut Günes
 
PDF
An Introduction to Regular expressions
byYamagata Europe
 
PPTX
Regular Expression Crash Course
byImran Qasim
 
ODP
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
byThreatReel Podcast
 
101 3.7 search text files using regular expressions
byAcácio Oliveira
 
Introduction to Regular Expressions
byMatt Casto
 
Regular Expressions 101
byRaj Rajandran
 
OISF: Regular Expressions (Regex) Overview
byThreatReel Podcast
 
Regular Expression (Regex) Fundamentals
byMesut Günes
 
An Introduction to Regular expressions
byYamagata Europe
 
Regular Expression Crash Course
byImran Qasim
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
byThreatReel Podcast
 

Similar to Regex 101

PDF
Regex - Regular Expression Basics
byEterna Han Tsai
 
ODP
CiNPA Security SIG - Regex Presentation
byThreatReel Podcast
 
PDF
2013 - Andrei Zmievski: Clínica Regex
byPHP Conference Argentina
 
PDF
Regex startup
byPayPal
 
PDF
Basta mastering regex power
byMax Kleiner
 
PDF
Don't Fear the Regex WordCamp DC 2017
bySandy Smith
 
PDF
Don't Fear the Regex - Northeast PHP 2015
bySandy Smith
 
PPTX
Chapter 3: Introduction to Regular Expression
byazzamhadeel89
 
PPTX
Regular expressions
byIgnaz Wanders
 
PPTX
Regular Expressions Introduction Anthony Rudd CS
bygapati2964
 
PPTX
NUS_NLP__Foundations_-_Section_2_-_Words.pptx
byhengsoklayhs
 
PPT
Introduction to regular expressions
byBen Brumfield
 
PPTX
Regular Expressions Boot Camp
byChris Schiffhauer
 
ODP
Regular Expressions and You
byJames Armes
 
PPT
Regular Expressions
bySatya Narayana
 
PPTX
Regular Expressions
byAkhil Kaushik
 
PPT
regex.ppt
byansariparveen06
 
PDF
Regular expressions
bykeeyre
 
PDF
Don't Fear the Regex LSP15
bySandy Smith
 
PDF
Don't Fear the Regex - CapitalCamp/GovDays 2014
bySandy Smith
 
Regex - Regular Expression Basics
byEterna Han Tsai
 
CiNPA Security SIG - Regex Presentation
byThreatReel Podcast
 
2013 - Andrei Zmievski: Clínica Regex
byPHP Conference Argentina
 
Regex startup
byPayPal
 
Basta mastering regex power
byMax Kleiner
 
Don't Fear the Regex WordCamp DC 2017
bySandy Smith
 
Don't Fear the Regex - Northeast PHP 2015
bySandy Smith
 
Chapter 3: Introduction to Regular Expression
byazzamhadeel89
 
Regular expressions
byIgnaz Wanders
 
Regular Expressions Introduction Anthony Rudd CS
bygapati2964
 
NUS_NLP__Foundations_-_Section_2_-_Words.pptx
byhengsoklayhs
 
Introduction to regular expressions
byBen Brumfield
 
Regular Expressions Boot Camp
byChris Schiffhauer
 
Regular Expressions and You
byJames Armes
 
Regular Expressions
bySatya Narayana
 
Regular Expressions
byAkhil Kaushik
 
regex.ppt
byansariparveen06
 
Regular expressions
bykeeyre
 
Don't Fear the Regex LSP15
bySandy Smith
 
Don't Fear the Regex - CapitalCamp/GovDays 2014
bySandy Smith
 

More from Todd Benson (I.T. SPECIALIST and I.T. SECURITY)

PPTX
Owasp consumer top 10 safe habits
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
The Unlikely Couple, DevOps and Security. Can it work?
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
Sar writingv2
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
Defending web applications v.1.0
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
Application Context and Discovering XSS without
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
SQLmap
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
Overview of java web services
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
Becoming a better pen tester overview
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
SSL overview
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Owasp consumer top 10 safe habits
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
The Unlikely Couple, DevOps and Security. Can it work?
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Sar writingv2
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Defending web applications v.1.0
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Application Context and Discovering XSS without
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
SQLmap
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Overview of java web services
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Becoming a better pen tester overview
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
SSL overview
byTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 

Recently uploaded

PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PDF
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PPTX
WEEK 1-introduction of industrial arts grade 7.pptx
byrosierufinomaliongan
 
PDF
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
PDF
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
PDF
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
PPTX
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PDF
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
WEEK 1-introduction of industrial arts grade 7.pptx
byrosierufinomaliongan
 
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
Traditional-Security-Models-No-Longer-Work.pptx (1).pdf
byOhhproJunction
 
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 

Regex 101

  • 1.
  • 2.
    Overview • • • • What is RegEx RegExBasics Uses for RegEx Useful RegExpressions
  • 3.
    What is RegEx? “Incomputing, a regular expression (abbreviated regex or regexp) is a sequence of characters that forms a search pattern, mainly for use in pattern matching with strings, or string matching, i.e. "find and replace"-like operations. “ - Wikipedia
  • 4.
    • “Some people,when confronted with a problem, think ‘I know, I'll use regular expressions.’ Now they have two problems.” Jamie Zawinski
  • 5.
    Why RegEx? • Toolsuse it: Nessus, Burp, W3AF • All programming languages use it • Excellent tool to have in the toolbox
  • 6.
    RegEx Basics: LiteralMatches Literal Matches ‘bat’ matches ‘bat’ 12 special characters - ^ $ . | ? * + ( ) [ ] These must be escaped ‘’ ‘$’ . ‘.at’ Matches ‘bat’, ‘cat’, and ‘hat’
  • 7.
    RegEx Basics: CharactureClasses Character Classes • -- [ ] ‘[bc]at’ will match ‘bat’ or ‘cat’ • --[^ ] [^A-Z] will match any character that is not a capitol letter
  • 8.
    RegEx Basics: ShorthandCharacter Classes Shorthand Character Classes • d Same as [0-9] • D Same as [^0-9] • w Same as [0-9A-Za-z_] • W Same as [^0-9A-Za-z_] • s tab, line feed, form feed, carriage return, and space • S Anything other than tab, line feed, etc.
  • 9.
    RegEx Basics: Anchors Anchors •^ Beginning of line ‘rpm -qa|grep ^ao’ would list all packages that start with ‘ao’ • $ End of line ‘[0-9][0-9][0-9]$’ would find all instances when a line ended with 3 consecutive digits • b b Word boundary ‘bW.n*b’ looks for words that begin with ‘W’ followed by any character followed by ‘n’ followed by zero or more characters ‘Win’ ‘Windows’ ‘Won’ ‘Wonton’ ‘Winter’ ‘Wonderland’ ‘Wonder’ all match
  • 10.
    RegEx Basics: Non-Printable Non-printable •-- n New Line • -- r Carriage Return
  • 11.
    RegEx Basics: Groups Groups •--( ) Defines the scope and precedence of operators ‘Write(ln)?’ matches ‘Write’ and ‘Writeln’ • -- | OR ‘Gr(a|e)y’ matches ‘Gray’ and ‘Grey’ ‘(ITSO|OITS)’ matches ‘ITSO’ or ‘OITS’
  • 12.
    RegEx Basics: Quantification Quantification Showshow often a token or group is allowed to occur • ? Zero or one ‘a?’ will match ‘’ and ‘a’ • * Zero or more ‘a*’ will match ‘’ and ‘a’ and ‘aaaaaaaaa’
  • 13.
    RegEx Basics: Quantification(Cont.) Quantification Shows how often a token or group is allowed to occur • + One or more ‘a+’ will match ‘a’ and ‘aaaaaaaaaaaa’ • {,} Minimum and Maximum ‘a{3,7}’ will match between 3 and 7 ‘a’
  • 14.
  • 15.
    Uses: Searches (Cont.) •DOM XSS ((src|href|data|location|code|value|action)s*["']]* s*+?s*=)|((replace|assign|navigate|getResponseHea der|open(Dialog)?|showModalDialog|eval|evaluate|e xecCommand|execScript|setTimeout|setInterval)s*["' ]]*s*() • DOM XSS (locations*[[.])|([.[]s*["']?s*(arguments|dialogArg uments|innerHTML|write(ln)?|open(Dialog)?|showMo dalDialog|cookie|URL|documentURI|baseURI|referrer |name|opener|parent|top|content|self|frames)W)|( localStorage|sessionStorage|Database)
  • 16.
    Uses: Searching Logs •grep -v 156.132.142.[11-19] /var/log/apache2/other_vhosts_access.log|grep -v 156.132.103.* • cat /var/log/apache2/other_vhosts_access.log|grep -o 's[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[09]{1,3}s' | sort -t . -k 3,3n -k 4,4n|uniq
  • 17.
    Uses: VI Searchand Replace • SS# :%s/d{3}-d{2}-d{4}/123-45-6789/g • email :%s/[0-9A-Za-z._%+-]+@[0-9A-Za-z._%+-]+.[AZa-z]{2,4}/john.doe@ao.uscourts.gov/g
  • 18.
    Uses: Command Line opensslciphers|sed ‘s/:/n/g'|sort
  • 19.
    Uses: Output Mangaling whileread line; do host $line; done < ips.txt | sed 's/ has address / / /g‘ > foo.txt
  • 20.
    Uses: Programming • Sanitizinginput $name = preg_replace("/<s*?/?scripts*?>/i", "&lt;script&gt;", $name);
  • 21.
    Useful RegExes • SS# d{3}-d{2}-d{4} •Phone# ((?d{3})?[ -.])?d{3}[ -.]d{4} • IP Addresses b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3} (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)b • email [0-9A-Z._%+-]+@[0-9A-Z._%+-]+.[A-Z]{2,4} • Find Base64 (?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)? • Credit Card# - HTML Tags - Dates
  • 22.
  • 23.
    Go forth andRegEx…
  • 24.
    References • • • • • • Web Application Hacker'sHandbook http://regex.info/blog/2006-09-15/247#comment-3085 http://en.wikipedia.org/wiki/Regular_expression https://isc.sans.edu/regex.html http://www.regular-expressions.info/examples.html http://blog.spiderlabs.com/2013/02/easy-dom-basedxss-detection-via-regexes.html • https://en.wikipedia.org/wiki/Regular_expression • www.xkcd.com