Regex (short for Regular Expressions) is a powerful tool used for searching, matching, and manipulating text based on specific patterns. Understanding and mastering this tool involves learning its syntax, operators, and advanced features.
Basics
- Literals
Match exact characters.
E.g. ‘cat’ matches the string “cat”
- Metacharacters
Special characters with unique meanings
| Metacharacter | Meaning |
|---|---|
| . | Matches any character except newline |
| \d | Matches any digit (0-9) |
| \D | Matches any non-digit |
| \w | Matches any word character (alphanumeric and underscore) |
| \W | Matches any non-word character |
| \s | Matches any whitespace character |
| \S | Matches any non-whitespace character |
- Character Classes
Define a set of characters
| Character Class | Meaning |
|---|---|
| [abc] | Matches any one of the characters a,b, or c |
| [a-z] | Matches any character from a to z |
| [^abc] | Matches any character except a,b, or c |
- Anchors
Matches the position in the text
| Anchor | Meaning |
|---|---|
| ^ | Matches the start of a string |
| $ | Matches the end of a string |
- Quantifiers
Define the number of times a character or group should be matched.
| Quantifier | Meaning |
|---|---|
| * | Matches 0 or more times |
| + | Matches 1 or more times |
| ? | Matches 0 or 1 time |
| {n} | Matches exactly n times |
| {n,} | Matches n or more times |
| {n,m} | Matches between n and m times |
- Groups and Alternation
| Group/Alternation | Meaning |
|---|---|
| () | Groups patterns together |
Advanced
- Lookahead and Lookbehind
These allow to match a group of characters only if they are (or are not) followed or preceded by another group of characters.
| Lookahead/Lookbehind | Meaning |
|---|---|
| (?=regex) | Positive lookahead – Asserts that what follows matches the pattern |
| (?!regex) | Negative lookahead – Asserts that what follows does not match the pattern |
| (?<=regex) | Positive lookbehind – Asserts that what precedes matches the pattern |
| (?<!regex) | Negative lookbehind – Asserts that what precedes does not match the pattern |
- Named groups
Assign names to groups
| Named Group | Meaning |
|---|---|
| (?<group_name>regex) | Allows referencing the group by group_name |
- Non-capturing group
| Non-capturing group | Meaning |
|---|---|
| (?:regex) | Group part of a regex pattern for applying operators without capturing the matched text |
Practical Use Cases
We can use Regex in Forensics, Pentesting, and Incident response it will allow us to extract specific data from logs, and search for specific patterns in web responses, source code, or logs.
Resources
 to search, match, and manipulate text with powerful patterns.){kind=link}