Regular Expressions 101

Order By

Sponsors

Community Patterns

0

lnav - vpxa log format

PCRE (PHP <7.3)
For the vpxa vmware log
Submitted by anonymous - 7 years ago
1

Password minimum requirements

PCRE (PHP <7.3)
Password requirements (minimum length, character groups that must exist) can be easily validated AND extended using look-aheads.
Submitted by OnlineCop - 7 years ago
0

xsd version

PCRE (PHP <7.3)
no description available
Submitted by anonymous - 7 years ago
0

dependency version

PCRE (PHP <7.3)
no description available
Submitted by anonymous - 7 years ago
0

replace last slash in dir list with pipe

PCRE (PHP <7.3)
no description available
Submitted by anonymous - 7 years ago
0

Personal name (unicode)

PCRE (PHP <7.3)
Validates personal names. Conditions: Must contain only letters (any unicode letter), spaces, apostrophes and hyphens Must not start with a space, an apostrophe or a hyphen Must not contain consecutive uppercase letters...
Submitted by Mattias Larsson - 7 years ago
0

Is MAC48?

PCRE (PHP <7.3)
no description available
Submitted by anonymous - 7 years ago
0

2015 penalty kick expressions

PCRE (PHP <7.3)
no description available
Submitted by anonymous - 7 years ago
0

匹配1000-65535之间的数字

PCRE (PHP <7.3)
no description available
Submitted by anonymous - 7 years ago
0

everything between Commars

PCRE (PHP <7.3)
Matching everything between comars
Submitted by Shingai Munyuki - 7 years ago
0

find csproj in sln

PCRE (PHP <7.3)
no description available
Submitted by anonymous - 7 years ago
0

Base64 Regex

PCRE (PHP <7.3)
This regex will match on Base64 strings (not hard-wrapped). It was designed to match on a string that is MOD4 with appropriate padding. Keep in mind, this is very basic. You will likely need to add before and after anchors to meet your needs.
Submitted by Damian Torres - 7 years ago
0

Series [Episode] - Tit;e - Author

PCRE (PHP <7.3)
Series [Episode] - Tit;e - Author
Submitted by anonymous - 7 years ago
0

warscope

PCRE (PHP <7.3)
no description available
Submitted by anonymous - 7 years ago
0

data(yyyy-mm-dd)

Python
no description available
Submitted by anonymous - 7 years ago
0

ID15

Python
no description available
Submitted by anonymous - 7 years ago
0

password

Python
no description available
Submitted by anonymous - 7 years ago
0

email

Python
no description available
Submitted by anonymous - 7 years ago
0

send screenshot

PCRE (PHP <7.3)
no description available
Submitted by anonymous - 7 years ago
0

Log search

PCRE (PHP <7.3)
no description available
Submitted by anonymous - 7 years ago
1...454455456457458...694

HTTP Header - Hardcoded Routable IPv4 address with optional port

0

Regular Expression
PCRE (PHP <7.3)

/
Host: (?:(?:(?:22[0-3]|2[01]\d|1[79][013-9]|16[0-8]|12[0-68-9]|1[013-58]\d|[2-9]\d|1?[1-9])\.(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d))|(?:172\.(?:25[0-5]|2[0-4]\d|1\d{2}|[4-9]\d|3[2-9]|1[0-5]|\d))|(?:192\.(?:25[0-5]|2[0-4]\d|16[0-79]|1[0-57-9][0-9]|[1-9]\d|[0-9]))|(?:169\.(?:25[0-35]|2[0-4]\d|1\d{2}|[1-9]?\d)))(?:\.(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)){2}(?::(?:6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{4}|[1-9]\d{0,3}))?[\r\n]
/
gm
Open regex in editor

Description

Matches valid internet-routable IPv4 addresses (Not RFC1918, RFC5735, RFC3927) with optional port delimited by colon.

I wrote this specifically for Snort rules that look for hardcoded IPv4 addresses in the HTTP Host header field, but I imagine this may have its uses aside from that.

This would have been much simpler to write using negative lookahead (NLA), but for kicks I did it without it. I know that NLA is not always supported, so this should work. If non-capture groups aren't supported either, you can just change (?: ) to ( ) and it should still work fine (*cough*Yara*cough*).

Just to be clear: This expression purposefully will not match:

  • Addresses that start with 0 (0.X.X.X)
  • Loopback addresses (127.0.0.0/8)
  • Addresses that start with 224 through 255 (Class D and E addresses)
  • Private IPs (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
  • APIPA (169.254.0.0/16)

The port expression will match ports from 1-65535.

Submitted by Damian Torres - 7 years ago