import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Example {
public static void main(String[] args) {
final String regex = "([-]+[Uu](sername|ser|SERNAME|SER)?\\s+[^\\s]+\\s[-]+[Pp](ass|assword|ASS|ASSWORD)?\\s([\\\"\\'])?)([^\\s\\\"\\']+)";
final String string = "type=EXECVE msg=audit(02/15/2023 06:35:15.151:7925) : argc=3 a0=sh a1=-c a2=echo -n <password> | adcli join --login-user=SVC-QCPAWS-DJOIN --stdin-password --domain-ou=OU=01,OU=A833,OU=AMS04,OU=Prod,DC=qcpaws,DC=qantas,DC=com,DC=au --domain=qcpaws.qantas.com.au\n\n"
+ "type=EXECVE msg=audit(03/15/2023 01:53:22.518:13273) : argc=3 a0=sh a1=-c a2=echo <password> | realm --unattended join -U SVC-QCPAWS-DJOIN --computer-ou=OU=04,OU=A868,OU=AMS04,OU=Prod,DC=qcpaws,DC=qantas,DC=com,DC=au qcpaws.qantas.com.au\n\n"
+ "type=PROCTITLE msg=audit(03/15/2023 01:53:22.541:13274) : proctitle=sh -c echo <password> | realm --unattended join -U SVC-QCPAWS-DJOIN --computer-ou=OU=04,OU=A868,OU=AMS04,OU=Prod,DC=qcpaws\n\n"
+ "type=PROCTITLE msg=audit(03/15/2023 01:53:22.541:13274) : proctitle=sh -c echo <password> | realm --unattended join -U SVC-QCPAWS-DJOIN --computer-ou=OU=04,OU=A868,OU=AMS04,OU=Prod,DC=qcpaws\n\n\n\n"
+ "([-]+[Uu](sername)?\\s+[^\\s]+\\s[-]+[Pp](assword)?\\s([\\\"\\'])?)([^\\s\\\"\\']+)\n"
+ "--------------\n"
+ "type=EXECVE msg=audit(03/15/2023 01:53:24.855:10436) : argc=3 a0=sh a1=-c a2=centrify_add_to_linux_servers_group -u SVC-QCPAWS-DJOIN -PASSWORD '<password>'\n\n"
+ "type=EXECVE msg=audit(03/15/2023 01:52:28.060:7413) : argc=3 a0=sh a1=-c a2=adjoin qcpaws.qantas.com.au -z AWS -c ou=43,ou=a868,ou=ams04,ou=Prod -u SVC-QCPAWS-DJOIN@qcpaws.qantas.com.au -p '<password>'\n\n"
+ "type=EXECVE msg=audit(03/10/2023 04:35:22.652:7437) : argc=3 a0=sh a1=-c a2=adjoin qcpaws.qantas.com.au -z AWS -c ou=43,ou=a868,ou=ams04,ou=Prod -u @qcpaws.qantas.com.au -p '<password>'\n\n"
+ "type=PROCTITLE msg=audit(03/15/2023 01:53:24.921:10443) : proctitle=sh -c centrify_add_to_linux_servers_group -u SVC-QCPAWS-DJOIN -p '<password>'\n\n"
+ "type=PROCTITLE msg=audit(03/15/2023 01:52:29.415:8284) : proctitle=sh -c adjoin qcpaws.qantas.com.au -z AWS -c ou=43,ou=a868,ou=ams04,ou=Prod -u SVC-QCPAWS-DJOIN@qcpaws.qantas.com.au -p '<password>\n\n"
+ "type=PROCTITLE msg=audit(03/10/2023 04:35:22.772:7480) : proctitle=sh -c adjoin qcpaws.qantas.com.au -z AWS -c ou=43,ou=a868,ou=ams04,ou=Prod -u @qcpaws.qantas.com.au -p '<password>'\n\n\n"
+ "-------\n"
+ "a\\d+=[\\-]+[Pp](assword)? a\\d+=[\\\"\\']*([^\\\"\\'\\s]+)\n\n"
+ "type=EXECVE msg=audit(03/15/2023 00:21:55.888:10474) : argc=6 a0=/usr/share/centrifydc/libexec/adedit a1=/bin/centrify_add_to_linux_servers_group a2=-u a3=SVC-QCPAWS-DJOIN a4=-p a5=<password>\n\n"
+ "type=EXECVE msg=audit(03/15/2023 00:21:55.884:10471) : argc=7 a0=/bin/sh a1=/usr/bin/adedit a2=/bin/centrify_add_to_linux_servers_group a3=-u a4=SVC-QCPAWS-DJOIN a5=-p a6=<password>\n\n"
+ "type=EXECVE msg=audit(03/15/2023 00:31:32.764:6427) : argc=11 a0=/bin/sh a1=/usr/sbin/adjoin a2=qcpaws.qantas.com.au a3=-z a4=AWS a5=-c a6=ou=53,ou=a243,ou=ams02,ou=Prod a7=-u a8=SVC-QCPAWS-DJOIN@qcpaws.qantas.com.au a9=-p a10=<password>\n\n"
+ "type=EXECVE msg=audit(03/15/2023 01:52:28.070:7418) : argc=10 a0=/usr/share/centrifydc/libexec/adjoin a1=qcpaws.qantas.com.au a2=-z a3=AWS a4=-c a5=ou=43,ou=a868,ou=ams04,ou=Prod a6=-u a7=SVC-QCPAWS-DJOIN@qcpaws.qantas.com.au a8=--password a9=<password>\n\n"
+ "type=EXECVE msg=audit(03/15/2023 01:38:28.974:8889) : argc=6 a0=/usr/share/centrifydc/libexec/adedit a1=/usr/bin/centrify_add_to_linux_servers_group a2=-u a3=SVC-QCPAWS-DJOIN a4=-p a5=<password>\n\n"
+ "type=EXECVE msg=audit(03/15/2023 01:53:24.864:10441) : argc=6 a0=/usr/share/centrifydc/libexec/adedit a1=/bin/centrify_add_to_linux_servers_group a2=-u a3=SVC-QCPAWS-DJOIN a4=-p a5=<password>\n\n"
+ "type=EXECVE msg=audit(03/15/2023 01:52:28.065:7415) : argc=11 a0=/bin/sh a1=/usr/sbin/adjoin a2=qcpaws.qantas.com.au a3=-z a4=AWS a5=-c a6=ou=43,ou=a868,ou=ams04,ou=Prod a7=-u a8=SVC-QCPAWS-DJOIN@qcpaws.qantas.com.au a9=-p a10=<password>\n\n"
+ "type=EXECVE msg=audit(03/15/2023 01:38:28.970:8886) : argc=7 a0=/bin/sh a1=/usr/bin/adedit a2=/usr/bin/centrify_add_to_linux_servers_group a3=-u a4=SVC-QCPAWS-DJOIN a5=-p a6=<password>\n\n"
+ "type=EXECVE msg=audit(03/15/2023 01:53:24.860:10438) : argc=7 a0=/bin/sh a1=/usr/bin/adedit a2=/bin/centrify_add_to_linux_servers_group a3=-u a4=SVC-QCPAWS-DJOIN a5=-p a6=<password>\n\n";
final Pattern pattern = Pattern.compile(regex, Pattern.MULTILINE | Pattern.CASE_INSENSITIVE);
final Matcher matcher = pattern.matcher(string);
while (matcher.find()) {
System.out.println("Full match: " + matcher.group(0));
for (int i = 1; i <= matcher.groupCount(); i++) {
System.out.println("Group " + i + ": " + matcher.group(i));
}
}
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Java, please visit: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html