SlideShare ist ein Scribd-Unternehmen logo
1 von 24
Downloaden Sie, um offline zu lesen
RegEx 101

Todd Benson
Overview

•
•
•
•

What is RegEx
RegEx Basics
Uses for RegEx
Useful RegExpressions
What is RegEx?

“In computing, a regular
expression (abbreviated regex or regexp) is a
sequence of characters that forms a search
pattern, mainly for use in pattern
matching with strings, or string matching, i.e.
"find and replace"-like operations. “ - Wikipedia
• “Some people, when confronted with a
problem, think ‘I know, I'll use regular
expressions.’ Now they have two problems.” Jamie Zawinski
Why RegEx?

• Tools use it: Nessus, Burp, W3AF
• All programming languages use it
• Excellent tool to have in the toolbox
RegEx Basics: Literal Matches

Literal Matches
‘bat’ matches ‘bat’

12 special characters -  ^ $ . | ? * + ( ) [ ]
These must be escaped ‘’ ‘$’

.
‘.at’ Matches ‘bat’, ‘cat’, and ‘hat’
RegEx Basics: Characture Classes

Character Classes
• -- [ ]
‘[bc]at’ will match ‘bat’ or ‘cat’

• --[^ ]
[^A-Z] will match any character that is not a capitol
letter
RegEx Basics: Shorthand Character Classes

Shorthand Character Classes
• d
Same as [0-9]

• D
Same as [^0-9]

• w
Same as [0-9A-Za-z_]

• W
Same as [^0-9A-Za-z_]

• s
tab, line feed, form feed, carriage return, and space

• S
Anything other than tab, line feed, etc.
RegEx Basics: Anchors

Anchors
• ^
Beginning of line
‘rpm -qa|grep ^ao’ would list all packages that start with
‘ao’

• $
End of line
‘[0-9][0-9][0-9]$’ would find all instances when a line
ended with 3 consecutive digits

• b b
Word boundary
‘bW.n*b’ looks for words that begin with ‘W’ followed by
any character followed by ‘n’ followed by zero or more
characters
‘Win’ ‘Windows’ ‘Won’ ‘Wonton’ ‘Winter’
‘Wonderland’ ‘Wonder’ all match
RegEx Basics: Non-Printable

Non-printable
• -- n
New Line

• -- r
Carriage Return
RegEx Basics: Groups

Groups
• --( )
Defines the scope and precedence of operators
‘Write(ln)?’ matches ‘Write’ and
‘Writeln’

• -- |
OR
‘Gr(a|e)y’ matches ‘Gray’ and ‘Grey’
‘(ITSO|OITS)’ matches ‘ITSO’ or ‘OITS’
RegEx Basics: Quantification

Quantification
Shows how often a token or group is allowed to
occur
• ?
Zero or one
‘a?’ will match ‘’ and ‘a’

• *
Zero or more
‘a*’ will match ‘’ and ‘a’ and ‘aaaaaaaaa’
RegEx Basics: Quantification (Cont.)

Quantification
Shows how often a token or group is allowed to
occur
• +
One or more
‘a+’ will match ‘a’ and ‘aaaaaaaaaaaa’

• {,}
Minimum and Maximum
‘a{3,7}’ will match between 3 and 7 ‘a’
Uses: Searches

• Errors
(error|exception|illegal|invalid|fail|stack|access|direc
tory|file|not
found|unknown|uid=|varchar|SQL|quotation
mark|syntax|password)
• Redirects
(document|window).
Uses: Searches (Cont.)

• DOM XSS
((src|href|data|location|code|value|action)s*["']]*
s*+?s*=)|((replace|assign|navigate|getResponseHea
der|open(Dialog)?|showModalDialog|eval|evaluate|e
xecCommand|execScript|setTimeout|setInterval)s*["'
]]*s*()
• DOM XSS
(locations*[[.])|([.[]s*["']?s*(arguments|dialogArg
uments|innerHTML|write(ln)?|open(Dialog)?|showMo
dalDialog|cookie|URL|documentURI|baseURI|referrer
|name|opener|parent|top|content|self|frames)W)|(
localStorage|sessionStorage|Database)
Uses: Searching Logs

• grep -v 156.132.142.[11-19]
/var/log/apache2/other_vhosts_access.log|grep
-v 156.132.103.*
• cat
/var/log/apache2/other_vhosts_access.log|grep
-o 's[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[09]{1,3}s' | sort -t . -k 3,3n -k 4,4n|uniq
Uses: VI Search and Replace

• SS#
:%s/d{3}-d{2}-d{4}/123-45-6789/g
• email
:%s/[0-9A-Za-z._%+-]+@[0-9A-Za-z._%+-]+.[AZa-z]{2,4}/john.doe@ao.uscourts.gov/g
Uses: Command Line

openssl ciphers|sed ‘s/:/n/g'|sort
Uses: Output Mangaling

while read line; do host $line; done < ips.txt | sed
's/ has address / / /g‘ > foo.txt
Uses: Programming

• Sanitizing input
$name = preg_replace("/<s*?/?scripts*?>/i",
"&lt;script&gt;", $name);
Useful RegExes
• SS#
d{3}-d{2}-d{4}
• Phone#
((?d{3})?[ -.])?d{3}[ -.]d{4}
• IP Addresses
b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}
(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)b

• email
[0-9A-Z._%+-]+@[0-9A-Z._%+-]+.[A-Z]{2,4}
• Find Base64
(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?
• Credit Card# - HTML Tags - Dates
Questions?
Go forth and RegEx…
References

•
•
•
•
•
•

Web Application Hacker's Handbook
http://regex.info/blog/2006-09-15/247#comment-3085
http://en.wikipedia.org/wiki/Regular_expression
https://isc.sans.edu/regex.html
http://www.regular-expressions.info/examples.html
http://blog.spiderlabs.com/2013/02/easy-dom-basedxss-detection-via-regexes.html
• https://en.wikipedia.org/wiki/Regular_expression
• www.xkcd.com

Weitere ähnliche Inhalte

Ähnlich wie Regex 101

FUNDAMENTALS OF REGULAR EXPRESSION (RegEX).pdf
FUNDAMENTALS OF REGULAR EXPRESSION (RegEX).pdfFUNDAMENTALS OF REGULAR EXPRESSION (RegEX).pdf
FUNDAMENTALS OF REGULAR EXPRESSION (RegEX).pdfBryan Alejos
 
Basics of Javascript
Basics of JavascriptBasics of Javascript
Basics of JavascriptUniverse41
 
CiNPA Security SIG - Regex Presentation
CiNPA Security SIG - Regex PresentationCiNPA Security SIG - Regex Presentation
CiNPA Security SIG - Regex PresentationCiNPA Security SIG
 
String interpolation
String interpolationString interpolation
String interpolationKnoldus Inc.
 
C# Cheat Sheet
C# Cheat SheetC# Cheat Sheet
C# Cheat SheetGlowTouch
 
Don't Fear the Regex LSP15
Don't Fear the Regex LSP15Don't Fear the Regex LSP15
Don't Fear the Regex LSP15Sandy Smith
 
Understanding Regular expressions: Programming Historian Study Group, Univers...
Understanding Regular expressions: Programming Historian Study Group, Univers...Understanding Regular expressions: Programming Historian Study Group, Univers...
Understanding Regular expressions: Programming Historian Study Group, Univers...Allison Jai O'Dell
 
Regular Expressions grep and egrep
Regular Expressions grep and egrepRegular Expressions grep and egrep
Regular Expressions grep and egrepTri Truong
 
Pontificating quantification
Pontificating quantificationPontificating quantification
Pontificating quantificationAaron Bedra
 

Ähnlich wie Regex 101 (20)

Regular expressions
Regular expressionsRegular expressions
Regular expressions
 
P3 2018 python_regexes
P3 2018 python_regexesP3 2018 python_regexes
P3 2018 python_regexes
 
FUNDAMENTALS OF REGULAR EXPRESSION (RegEX).pdf
FUNDAMENTALS OF REGULAR EXPRESSION (RegEX).pdfFUNDAMENTALS OF REGULAR EXPRESSION (RegEX).pdf
FUNDAMENTALS OF REGULAR EXPRESSION (RegEX).pdf
 
Regular Expressions
Regular ExpressionsRegular Expressions
Regular Expressions
 
php string part 4
php string part 4php string part 4
php string part 4
 
Regular expressions using Python
Regular expressions using PythonRegular expressions using Python
Regular expressions using Python
 
Regular expression for everyone
Regular expression for everyoneRegular expression for everyone
Regular expression for everyone
 
Json the-x-in-ajax1588
Json the-x-in-ajax1588Json the-x-in-ajax1588
Json the-x-in-ajax1588
 
Basics of Javascript
Basics of JavascriptBasics of Javascript
Basics of Javascript
 
Regular expressions
Regular expressionsRegular expressions
Regular expressions
 
P3 2017 python_regexes
P3 2017 python_regexesP3 2017 python_regexes
P3 2017 python_regexes
 
CiNPA Security SIG - Regex Presentation
CiNPA Security SIG - Regex PresentationCiNPA Security SIG - Regex Presentation
CiNPA Security SIG - Regex Presentation
 
String interpolation
String interpolationString interpolation
String interpolation
 
C# Cheat Sheet
C# Cheat SheetC# Cheat Sheet
C# Cheat Sheet
 
Regular expressions
Regular expressionsRegular expressions
Regular expressions
 
Don't Fear the Regex LSP15
Don't Fear the Regex LSP15Don't Fear the Regex LSP15
Don't Fear the Regex LSP15
 
Understanding Regular expressions: Programming Historian Study Group, Univers...
Understanding Regular expressions: Programming Historian Study Group, Univers...Understanding Regular expressions: Programming Historian Study Group, Univers...
Understanding Regular expressions: Programming Historian Study Group, Univers...
 
Regular Expressions grep and egrep
Regular Expressions grep and egrepRegular Expressions grep and egrep
Regular Expressions grep and egrep
 
Pontificating quantification
Pontificating quantificationPontificating quantification
Pontificating quantification
 
Regexes in .NET
Regexes in .NETRegexes in .NET
Regexes in .NET
 

Mehr von Todd Benson (I.T. SPECIALIST and I.T. SECURITY) (9)

Owasp consumer top 10 safe habits
Owasp consumer top 10 safe habitsOwasp consumer top 10 safe habits
Owasp consumer top 10 safe habits
 
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
 
Sar writingv2
Sar writingv2Sar writingv2
Sar writingv2
 
Defending web applications v.1.0
Defending web applications v.1.0Defending web applications v.1.0
Defending web applications v.1.0
 
Application Context and Discovering XSS without
Application Context and Discovering XSS without Application Context and Discovering XSS without
Application Context and Discovering XSS without
 
SQLmap
SQLmapSQLmap
SQLmap
 
Overview of java web services
Overview of java web servicesOverview of java web services
Overview of java web services
 
Becoming a better pen tester overview
Becoming a better pen tester overviewBecoming a better pen tester overview
Becoming a better pen tester overview
 
SSL overview
SSL overviewSSL overview
SSL overview
 

Kürzlich hochgeladen

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 

Kürzlich hochgeladen (20)

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 

Regex 101

  • 2. Overview • • • • What is RegEx RegEx Basics Uses for RegEx Useful RegExpressions
  • 3. What is RegEx? “In computing, a regular expression (abbreviated regex or regexp) is a sequence of characters that forms a search pattern, mainly for use in pattern matching with strings, or string matching, i.e. "find and replace"-like operations. “ - Wikipedia
  • 4. • “Some people, when confronted with a problem, think ‘I know, I'll use regular expressions.’ Now they have two problems.” Jamie Zawinski
  • 5. Why RegEx? • Tools use it: Nessus, Burp, W3AF • All programming languages use it • Excellent tool to have in the toolbox
  • 6. RegEx Basics: Literal Matches Literal Matches ‘bat’ matches ‘bat’ 12 special characters - ^ $ . | ? * + ( ) [ ] These must be escaped ‘’ ‘$’ . ‘.at’ Matches ‘bat’, ‘cat’, and ‘hat’
  • 7. RegEx Basics: Characture Classes Character Classes • -- [ ] ‘[bc]at’ will match ‘bat’ or ‘cat’ • --[^ ] [^A-Z] will match any character that is not a capitol letter
  • 8. RegEx Basics: Shorthand Character Classes Shorthand Character Classes • d Same as [0-9] • D Same as [^0-9] • w Same as [0-9A-Za-z_] • W Same as [^0-9A-Za-z_] • s tab, line feed, form feed, carriage return, and space • S Anything other than tab, line feed, etc.
  • 9. RegEx Basics: Anchors Anchors • ^ Beginning of line ‘rpm -qa|grep ^ao’ would list all packages that start with ‘ao’ • $ End of line ‘[0-9][0-9][0-9]$’ would find all instances when a line ended with 3 consecutive digits • b b Word boundary ‘bW.n*b’ looks for words that begin with ‘W’ followed by any character followed by ‘n’ followed by zero or more characters ‘Win’ ‘Windows’ ‘Won’ ‘Wonton’ ‘Winter’ ‘Wonderland’ ‘Wonder’ all match
  • 10. RegEx Basics: Non-Printable Non-printable • -- n New Line • -- r Carriage Return
  • 11. RegEx Basics: Groups Groups • --( ) Defines the scope and precedence of operators ‘Write(ln)?’ matches ‘Write’ and ‘Writeln’ • -- | OR ‘Gr(a|e)y’ matches ‘Gray’ and ‘Grey’ ‘(ITSO|OITS)’ matches ‘ITSO’ or ‘OITS’
  • 12. RegEx Basics: Quantification Quantification Shows how often a token or group is allowed to occur • ? Zero or one ‘a?’ will match ‘’ and ‘a’ • * Zero or more ‘a*’ will match ‘’ and ‘a’ and ‘aaaaaaaaa’
  • 13. RegEx Basics: Quantification (Cont.) Quantification Shows how often a token or group is allowed to occur • + One or more ‘a+’ will match ‘a’ and ‘aaaaaaaaaaaa’ • {,} Minimum and Maximum ‘a{3,7}’ will match between 3 and 7 ‘a’
  • 15. Uses: Searches (Cont.) • DOM XSS ((src|href|data|location|code|value|action)s*["']]* s*+?s*=)|((replace|assign|navigate|getResponseHea der|open(Dialog)?|showModalDialog|eval|evaluate|e xecCommand|execScript|setTimeout|setInterval)s*["' ]]*s*() • DOM XSS (locations*[[.])|([.[]s*["']?s*(arguments|dialogArg uments|innerHTML|write(ln)?|open(Dialog)?|showMo dalDialog|cookie|URL|documentURI|baseURI|referrer |name|opener|parent|top|content|self|frames)W)|( localStorage|sessionStorage|Database)
  • 16. Uses: Searching Logs • grep -v 156.132.142.[11-19] /var/log/apache2/other_vhosts_access.log|grep -v 156.132.103.* • cat /var/log/apache2/other_vhosts_access.log|grep -o 's[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[09]{1,3}s' | sort -t . -k 3,3n -k 4,4n|uniq
  • 17. Uses: VI Search and Replace • SS# :%s/d{3}-d{2}-d{4}/123-45-6789/g • email :%s/[0-9A-Za-z._%+-]+@[0-9A-Za-z._%+-]+.[AZa-z]{2,4}/john.doe@ao.uscourts.gov/g
  • 18. Uses: Command Line openssl ciphers|sed ‘s/:/n/g'|sort
  • 19. Uses: Output Mangaling while read line; do host $line; done < ips.txt | sed 's/ has address / / /g‘ > foo.txt
  • 20. Uses: Programming • Sanitizing input $name = preg_replace("/<s*?/?scripts*?>/i", "&lt;script&gt;", $name);
  • 21. Useful RegExes • SS# d{3}-d{2}-d{4} • Phone# ((?d{3})?[ -.])?d{3}[ -.]d{4} • IP Addresses b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3} (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)b • email [0-9A-Z._%+-]+@[0-9A-Z._%+-]+.[A-Z]{2,4} • Find Base64 (?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)? • Credit Card# - HTML Tags - Dates
  • 23. Go forth and RegEx…
  • 24. References • • • • • • Web Application Hacker's Handbook http://regex.info/blog/2006-09-15/247#comment-3085 http://en.wikipedia.org/wiki/Regular_expression https://isc.sans.edu/regex.html http://www.regular-expressions.info/examples.html http://blog.spiderlabs.com/2013/02/easy-dom-basedxss-detection-via-regexes.html • https://en.wikipedia.org/wiki/Regular_expression • www.xkcd.com