Regex (short for Regular Expressions) is a powerful tool used for searching, matching, and manipulating text based on specific patterns. Understanding and mastering this tool involves learning its syntax, operators, and advanced features.

Basics

  • Literals

Match exact characters.

E.g. ‘cat’ matches the string “cat”

  • Metacharacters

Special characters with unique meanings

MetacharacterMeaning
.Matches any character except newline
\dMatches any digit (0-9)
\DMatches any non-digit
\wMatches any word character (alphanumeric and underscore)
\WMatches any non-word character
\sMatches any whitespace character
\SMatches any non-whitespace character
  • Character Classes

Define a set of characters

Character ClassMeaning
[abc]Matches any one of the characters a,b, or c
[a-z]Matches any character from a to z
[^abc]Matches any character except a,b, or c
  • Anchors

Matches the position in the text

AnchorMeaning
^Matches the start of a string
$Matches the end of a string
  • Quantifiers

Define the number of times a character or group should be matched.

QuantifierMeaning
*Matches 0 or more times
+Matches 1 or more times
?Matches 0 or 1 time
{n}Matches exactly n times
{n,}Matches n or more times
{n,m}Matches between n and m times
  • Groups and Alternation
Group/AlternationMeaning
()Groups patterns together

Advanced

  • Lookahead and Lookbehind

These allow to match a group of characters only if they are (or are not) followed or preceded by another group of characters.

Lookahead/LookbehindMeaning
(?=regex)Positive lookahead – Asserts that what follows matches the pattern
(?!regex)Negative lookahead – Asserts that what follows does not match the pattern
(?<=regex)Positive lookbehind – Asserts that what precedes matches the pattern
(?<!regex)Negative lookbehind – Asserts that what precedes does not match the pattern
  • Named groups

Assign names to groups

Named GroupMeaning
(?=<group_name>regex)Allows referencing the group by group_name
  • Non-capturing group
Non-capturing groupMeaning
(?:regex)Group part of a regex pattern for applying operators without capturing the matched text

Practical Use Cases

We can use Regex in Forensics, Pentesting, and Incident response it will allow us to extract specific data from logs, and search for specific patterns in web responses, source code, or logs.

Resources

Previous articlePE Headers and Sections Explained
Next articleDNS Sinking Explained
Joao Silva
I’m Joao Silva, an Incident Response Analyst who loves everything about cybersecurity. I enjoy tackling practical challenges on platforms like TryHackMe and HackTheBox, and I’m always learning more through industry certifications. My main skills are spotting security risks, analyzing threats, and doing digital forensics. I keep up with the latest technologies and cyber threats to ensure strong security measures. In my spare time, I work on projects to improve server security and automate monitoring. I also like to share my knowledge by publishing content on my website to help others learn. I’m dedicated to protecting data and maintaining system integrity in our constantly changing digital world.

LEAVE A REPLY

Please enter your comment!
Please enter your name here