Regular Expressions 101

Save & Share

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/

Test String

Code Generator

Language

Generated Code

const regex = /^([[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\s)([a-zA-Z0-9_.\[\]\(\)\-:\s]{1,})\s(ModSecurity:\sWarning.\s)([a-zA-Z0-9\"\/\_\.\[\]\(\)\-:\s]{1,})(\s\[severity "CRITICAL"\]\s)([a-zA-Z0-9\"\/\_\.\[\]\(\)\-:\s]{1,})\s("OWASP_CRS\/)/; // Alternative syntax using RegExp constructor // const regex = new RegExp('^([[:digit:]]{1,3}\\.[[:digit:]]{1,3}\\.[[:digit:]]{1,3}\\.[[:digit:]]{1,3}\\s)([a-zA-Z0-9_.\\[\\]\\(\\)\\-:\\s]{1,})\\s(ModSecurity:\\sWarning.\\s)([a-zA-Z0-9\\"\\\/\\_\\.\\[\\]\\(\\)\\-:\\s]{1,})(\\s\\[severity "CRITICAL"\\]\\s)([a-zA-Z0-9\\"\\\/\\_\\.\\[\\]\\(\\)\\-:\\s]{1,})\\s("OWASP_CRS\\\/)', '') const str = `129.232.250.201 [Tue Apr 30 14:01:54 2019] [error] [pid 23850] apache2_util.c(271) [client 196.40.111.5:39554 ] - [client 196.40.111.5] ModSecurity: Warning. Matched phrase "bin/bash" at ARGS_NAMES:/bin/bash. [file "/opt/modsecurity/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "503"] [id "932160"] [msg "Remote Command Execution: Unix Shell Code Found"] [data "Matched Data: bin/bash found within ARGS_NAMES:/bin/bash: /bin/bash"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "dedi-staging15.jnb1.host-h.net"] [uri "/test/"] [unique_id "XMg5MoHo@skAAF0qGI4AAAAE"]`; // Reset `lastIndex` if this regex is defined globally // regex.lastIndex = 0; let m; if ((m = regex.exec(str)) !== null) { // The result can be accessed through the `m`-variable. m.forEach((match, groupIndex) => { console.log(`Found match, group ${groupIndex}: ${match}`); }); }

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for JavaScript, please visit: https://developer.mozilla.org/en/docs/Web/JavaScript/Guide/Regular_Expressions